Open Security Exchange formed

A new industry partnership is trying to formalise the links between physical and IT security in an effort to provide companies with more rounded protection.

The Open Security Exchange is a partnership of IT security companies and more traditional vendors such as smartcard and fire alarm manufacturers, including Computer Associates, Gemplus, HID, and Tyco Fire and Securities Software House.

The partnership is looking for more members to become involved. BAE and Pinkerton have already signed up, and a meeting of a further 35 potential partners has taken place.

"We want partners who bring resources to the table," said Simon Perry, vice president of security strategy for Computer Associates.

"We're after active partners and are screening out anyone who's just in this to make marketing noise. Partners will be developing the interoperability specifications and best practice documents. They must also commit to producing specifications-compliant solutions."

In the US, and increasingly in Europe, companies are appointing chief security officers with responsibility for the whole enterprise, Perry explained. However, the majority of these come from an IT background and have little or no experience with physical security issues.

In a simultaneous announcement Computer Associates and Pinkerton have formed a strategic alliance to develop joint physical and IT security services. According to Pinkerton research barely a third of companies have formal procedures for such systems.

The proposed Open Security Exchange standard will focus on three areas of interaction. The ability to correlate the reporting of IT and physical security systems for audit purposes will be built in. This will be tied to increasing the effectiveness of physical security ID, like smartcards and security tokens.

Finally the organisation is looking to build improved access control to both types of systems to manage the extent of employee access.

But Neil Barrett, technical director at security specialist IRM, sounded a note of scepticism. "I'm undecided as to the need for this," he said.

"There are lots of security organisations, and operations like www.humanfirewall.org have a pretty good record in this area. That being said, the solutions-based approach can be useful - but we'll have to see how this group develops."

The Open Security Exchange has set up a website for publishing news and technical specifications.