RSA: Suppliers to collaborate on physical security

Computer Associates International and three other companies have formed Open Security Exchange, a collaborative group that will...

Computer Associates International and three other companies have formed Open Security Exchange, a collaborative group that will work to define supplier-neutral specifications for integrating the management of physical and IT security policies.

The announcements were made at the RSA Conference 2003 being held in San Francisco this week.

The Open Security Exchange will, initially, focus on the common management of IT and physical security devices, such as access control cards and readers, said Russell Artzt, a vice president with CA's eTrust security group.

Early specifications and best practices are available at the Open Security Exchange website and address three specific areas: common administration of users, privileges and credentials; common authentication to physical facilities and computer systems; and centralised management and auditing of physical and IT security.

The group will make the interoperability specifications available to standards bodies for consideration as open standards, and wants to involve other IT security companies and suppliers of physical security systems in defining common interoperability standards.

The other founding members are HID, a US manufacturer of access control readers, Gemplus International, a supplier of smart cards in Luxemborg, and Tyco Fire & Security's Software House, an integrator of physical security management systems in Florida.

CA's efforts come at a time when there's a growing recognition of the need to combine physical security with IT security.

In a related move, CA announced a strategic alliance with Pinkerton Consulting & Investigations.

Pinkerton will offer CA's full line of eTrust security management software to its customers, and Pinkerton will standardise on CA's eTrust audit and policy compliance software for its forensics and policy definition services.

CA will work with Pinkerton in engagements involving the integration of both IT and physical security.

Read more on IT risk management