CA, Gemplus, HID and TYCO Lead Initiative To Define Best Practices

SAN FRANCISCO, CA, RSA Conference, April 14, 2003–Four leading security solutions providers today announced the formation of the Open Security Exchange, a collaborative group that is defining best practices and promoting vendor-neutral specifications for integrating the management of security devices and policies across the enterprise. By promoting more effective exchange of enterprise-wide security data, the Open Security Exchange will enable organizations to significantly reduce both their exposure to a diverse range of threats and their total operation costs.

Initially, the Open Security Exchange will focus on the integration of physical and IT security technologies. Lack of assimilation between these two primary aspects of enterprise security is perhaps the most glaring example of how security management remains fragmented at most organizations today.

Founding members of the Open Security Exchange are leaders in IT and physical security: Computer Associates (CA), the leading provider of IT security management solutions; Gemplus, the leading provider of solutions empowered by Smart Cards; HID Corporation, the largest manufacturer of contactless access control readers and cards for the security industry; and TYCO Software House, which designs, markets and supports integrated physical security management systems.

“Most corporate security managers wouldn’t dream of having separate security systems for their Windows and Unix servers. Yet they often have no linkage between their building security systems and their IT security systems,” said Russell M. Artzt, CA’s executive vice president of eTrust solutions. “The Open Security Exchange is committed to remedying this situation by delivering an interoperability specification to support the effective integration of these diverse areas of security management.”

According to a recent research report by Pinkerton Consulting and Investigations, only 36% percent of all companies surveyed have formal procedures in place for the collaboration between the physical and IT security departments. The lack of security management results in increased exposure, limited situational awareness, poor accountability and higher operating costs. The Open Security Exchange believes that the interoperability resulting from the use of its specifications will allow organizations to develop formal collaboration between different security functions and will enhance organizational security and operational efficiency.

The Open Security Exchange’s initial specifications for physical and IT security management convergence, which are available at http://opensecurityexchange.com, provide technical integration on three levels:

• Common administration of users, privileges and credentials.
• Common strong authentication for access to physical facilities and cyber systems through the use of dual-purpose credentials.
• Common point of security management and event auditability.

This convergence will eliminate many of the risks created by separate physical and cyber security management. For example, without physical/IT security integration, security teams cannot readily determine if someone is trying to use a computer system while its owner is not physically present in the building. This leaves organizations vulnerable to insider abuse including password stealing.

BAE Systems North America, one of the top 10 suppliers to the U.S. Department of Defense, has joined the Open Security Exchange as a contributing member.

“BAE Systems works closely with international customers in the defense industry–as well as in civil aircraft and other commercial markets–to design solid security management infrastructures that effectively protect their physical and IT assets,” said Richard R. Schieffelin, vice president and general manager, BAE Systems. “The Open Security Exchange delivers the industry’s first pragmatic guidelines for the complex systems integration required to achieve truly holistic organizational security management.”

About the OSE

The Open Security Exchange was founded by Computer Associates (http://www.ca.com), Gemplus (http://www.gemplus.com), HID Corporation (http://www.hidcorp.com) and Tyco Software House (http://www.swhouse.com) to address today’s most significant security management challenges. The OSE does this by developing vendor-neutral interoperability specifications and defining best practices guidelines. The first technical specifications issued by the OSE address interoperability between physical and IT security technologies. Membership in the OSE is open to all qualified organizations. For more information, please visit http://opensecurityexchange.com.

© 2003 Open Security Alliance. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.