Last week at the RSA Conference in San Francisco, California, a new cross-industry group called the Open Security Exchange (OSE) was announced. The group’s stated mission is the promotion of “vendor-neutral specifications for integrating the management of security devices and policies across the enterprise.” Top on their list is the integration of physical and IT security technologies.
The group was founded by leading companies from the physical and information security industries:
- Computer Associates (CA), IT security management solutions;
- Gemplus, Smart card and smart card solutions provider;
- HID Corporation, manufacturer of contactless readers and cards for the security industry;
- TYCO Software House, supplier of integrated physical security management systems.
A study by Pinkerton Consulting and Investigations found that only 36% percent of companies surveyed had formal procedures in place for collaboration between the physical and IT security departments. The Open Security Exchange hopes that its work will allow organizations to develop formal collaboration between the different security functions enhancing security and efficiency.
“Without physical/IT security integration, security teams cannot readily determine if someone is trying to use a computer system while its owner is not physically present in the building. This leaves organizations vulnerable to insider abuse including password stealing,” reports the OSE’s founding release.
According to Debra Spitler, VP Marketing HID, “initially we will work to identify and bring in additional partners to the OSE. Second we will identify key target customers to begin the rollout via joint presentations, sales calls, and then implementations.”
The initial specification from the OSE was released at the conference and is available for download at the
www.opensecurityexchange.com. “We wrote the specification document so that everyone could see what is possible,” says Ms. Spitler. “If you meet these open standards you are likely doing a good job for your company.”
The OSE spec defines a single card with both a contact chip interface for IT security and a contactless chip interface for physical security.
Says Ms. Spitler, “we expect that these specifications will evolve as we meet with customers and bring in new members. The OSE goal is to be inclusive in terms of both companies and standards-based technologies.”
The founding companies are each extremely strong providers of security solutions into both corporate and government installations. As a consortium, they could certainly have a real impact on the market.
For more information, visit the OSE on the web at www.opensecurity-exchange.com.