Group wants to integrate physical, IT security
- By William Jackson
- Feb 25, 2004
SAN FRANCISCO'Physical and IT security traditionally have been stovepipe processes, with little communication between the products used on each side.
The Open Security Exchange, a year-old industry group, is developing interoperability standards with an eye toward tearing down those pipes.
'We are all about developing standards to bridge the gap between IT and traditional physical security technology,' said OSE director Eric Maurice. 'We've had a very interesting first year.'
Formation of OSE was announced at last year's RSA Security Conference by Computer Associates International Inc.; GemPlus Card International Corp. of Gaithersburg, Md.; HID Corp. of Irvine, Calif.; and Tyco International Ltd.'s Fire & Security Software house.
The group has since completed specifications for its Physical Security Bridge to IT Security, and submitted them to the Security Industry Association for adoption as part of its Open Systems Integration and Performance Standards initiative. OSIPS is a cooperative effort between SIA and the Counter-Terrorism Technical Support Office of the departments of Defense and State.
At this year's conference, OSE is announcing a partnership with the Liberty Alliance to develop new standards for wireless authentication. The Liberty Alliance Project is a coalition of 160 government and commercial organizations, including the General Services Administration and DOD, focused on identity management.
Identity management, particularly for remote users accessing commercial and government services, is a growing issue, said Maurice, who also is director of CA's eTrust brand unit.
'It's a problem we are facing,' he said. 'How do you ensure who the people you are dealing with are?'
Cell phones use Subscriber Identity Module cards, small smart cards that ID a phone's user to a network. 'We are collaborating on defining standards for portable SIM card authentication' that would let wireless devices be used for physical security access and to authorize payments, Maurice said.
OSE also expects to release within a few weeks a white paper on credentials management and smart cards. Adoption of smart cards has been slowed by a lack of interoperability, Maurice said.
'There has been a lot of confusion about smart card technology and the different standards,' he said. 'There were expectations that the cards would work together,' but they do not.
The paper will lay out guidelines for choosing the proper technology, depending on the user's needs, with information on applicable standards for physical and IT security.
William Jackson is a Maryland-based freelance writer.