OSE sets the stage for security convergence

SAN FRANCISCO - The concept of convergence, where the physical security world talks openly with that of the IT realm, has moved closer to reality now that a group of security companies have teamed up to form what is being billed as the Open Security Exchange. The founding members of the group, made up of Computer Associates, Gemplus, Tyco’s Software House, and HID Corp., plan to define best practices and promote vendor neutral specifications for integrating the management of security devices and policies across the enterprise. Initially the group will focus on integrating physical and cyber security technologies. For systems integrators like Tracy Brusca, chief operating officer for White Plains, N.Y., Antar-Com, it’s an exciting time in the security market. Brusca expects the OSE will act as a driver to enable physical security systems to truly integrate with IT security functions. For years security systems integrators have been able to install a physical security system so that it resides on a single computer network. But the missing piece has been to link those functions with IT, so that when someone logs onto a computer but is shown as having left the building it sends a red flag to the security officer. “It may be happening in the secret hallways of the government, but for corporate America to make that happen it’s very exciting,” said Brusca. While founding member Computer Associates provides the software expertise, including eTrust, a product designed to integrate physical security with IT, Software House, Gemplus and HID Corp. provide the expertise in the physical security realm. The result, expects Paul Piccolomini, vice president and general manager at Tyco’s Software House, will eventually be the roll out of products that support the convergence of IT and physical security. “We think it’s the next paradigm shift for access control,” he said. At several recent security events, officials at Computer Associates have called for an end to fragmented approaches to access, authentication and auditing operations. “Why this integration is so important is that to really do security properly organizations have to look at the total spectrum,” said Toby Weiss, senior vice president of eTrust Security Solutions for Computer Associates. The benefit of a truly integrated IT, physical and human resources system will provide a new employee at a company, with the stroke of a key, access to the correct computer systems, offices in a building and generate a weekly paycheck. “Companies are not really accomplishing this,” said Laurie Aaron, director of business development for Software House and American Dynamics. “It’s disparate systems right now.” One thing the OSE is expects to accomplish is to raise awareness about the convergence of physical security and logical security. So far it has piqued the interest of more than 400 people, many of who participated in a web cast about the group, said Deb Spitler, vice president of marketing for HID Corp. In the coming months the OSE will hire a person to help manage the group. Already the four founding members have assembled the first set of interoperability specifications, but additional projects will be accepted from other companies who want to become a member of the group. Each member, however, must be able to meet the requirements of the OSE specifications.