SAN FRANCISCO, CA, RSA Conference, April
14, 2003 - Four leading security solutions providers today announced
the formation of the Open Security Exchange, a collaborative group that
is defining best practices and promoting vendor-neutral specifications
for integrating the management of security devices and policies across
the enterprise. By promoting more effective exchange of enterprise-wide
security data, the Open Security Exchange will enable organizations to
significantly reduce both their exposure to a diverse range of threats
and their total operation costs.
Initially, the Open Security Exchange will focus on the integration of
physical and cyber security technologies. Lack of assimilation between
these two primary aspects of enterprise security is perhaps the most glaring
example of how security management remains fragmented at most organizations
today.
Founding members of the Open Security Exchange are leaders in cyber and
physical security: Computer Associates International, Inc. (CA), the leading
provider of security management software; Gemplus, the world's leading
provider of smart card solutions; HID Corporation, the largest manufacturer
of contactless access control readers and cards for the security industry;
and Tyco Fire & Security's Software House, a leading provider of integrated
physical security management systems.
"Most corporate security managers wouldn't dream of having separate
security systems for their Windows and UNIX servers. Yet they often have
no linkage between their building security systems and their cyber security
systems," said Russell M. Artzt, executive vice president of CA's
eTrust security brand. "The Open Security Exchange is committed to
remedying this situation by delivering an interoperability specification
to support the effective integration of these diverse areas of security
management."
According to a recent research report by Pinkerton Consulting and Investigations,
only 36% percent of all companies surveyed have formal procedures in place
for the collaboration between the physical and cyber security departments.
The lack of security management results in increased exposure, limited
situational awareness, poor accountability and higher operating costs.
The Open Security Exchange believes that the interoperability resulting
from the use of its specifications will allow organizations to develop
formal collaboration between different security functions and will enhance
organizational security and operational efficiency.
The Open Security Exchange's initial specifications for physical and
cyber security management convergence, which are available at http://opensecurityexchange.com,
provide technical integration on three levels:
- Common administration of users, privileges and credentials.
- Common strong authentication for access to physical facilities and
cyber systems through the use of dual-purpose credentials.
- Common point of security management and event auditability.
This convergence will eliminate many of the risks created by separate
physical and cyber security management. For example, without physical/cyber
security integration, security teams cannot readily determine if someone
is trying to use a computer system while its owner is not physically present
in the building. This leaves organizations vulnerable to insider abuse
including password stealing.
BAE SYSTEMS North America, one of the top 10 suppliers to the U.S. Department
of Defense, has joined the Open Security Exchange as a contributing member.
"BAE SYSTEMS works closely with international customers in the defense
industry - as well as in civil aircraft and other commercial markets -
to design solid security management infrastructures that effectively protect
their physical and IT assets," said Richard R. Schieffelin, BAE SYSTEMS
vice president, National Systems Group. "The Open Security Exchange
delivers the industry's first practical guidelines for the complex systems-integration
required for truly holistic organizational security management."
About the Open Security Exchange
The Open Security Exchange was founded by Computer Associates International,
Inc. (http://ca.com), Gemplus (www.gemplus.com), HID Corporation (www.hidcorp.com)
and Tyco Fire & Security's Software House (www.swhouse.com) to address
today's most significant security management challenges. The OSE does
this by developing vendor-neutral interoperability specifications and
defining best practices guidelines. The first technical specifications
issued by the OSE address interoperability between physical and cyber
security technologies. Membership in the OSE is open to all qualified
organizations.
For more information, please
© 2003 Open Security Alliance. All trademarks, trade names, service marks,
and logos referenced herein belong to their respective companies.
About Gemplus
Gemplus (Euronext Paris SA: GEPL.PA; Sicovam: 005768; NASDAQ: GEMP) is
the world's number one provider of smart card solutions.
Gemplus helps its clients offer an exceptional range of portable, personalised
solutions that bring security and convenience to people's lives. These
include mobile data services, inter-operable banking, identity, WLAN,
m-commerce and a wealth of other applications. Gemplus is the only completely
dedicated, truly global player in the Smart Card industry, with the largest
R&D team, unrivalled experience, and an outstanding track record of
technological innovation.
In 2001, Gemplus was the worldwide smart card leader in both revenue and
total smart card shipments (source: Gartner-Dataquest, Frost & Sullivan).
Gemplus was also awarded Frost & Sullivan's 2002 Market Value Leadership
Award for its exceptional performance.
Gemplus' revenue in 2002 was 787 million Euros. It employs 5700 people
in 37 countries throughout the world.
www.gemplus.com
PR Contacts:
Tim Whitman
Computer Associates International, Inc.
+1 (631) 342-5707
timothy.whitman@ca.com
Debra Aberle
HID Corporation
+1 (949) 598-1673
daberle@hidcorp.com
Kerry Butler
Gemplus
+1 (215) 390-2840
kerry.butler@gemplus.com
Kim Carito
Tyco Fire & Security's Software House
+1 (781) 768-0176
kcarito@tycoint.com
Jan Johnson
Pinkerton Consulting & Investigations
+1 (888) 774-9600
jan.johnson@ci-pinkerton.com
©2003 Gemplus All rights reserved. Gemplus, the
Gemplus logo and GemSense are trademarks and service marks of Gemplus
S.A. and are registered in certain countries. All other trademarks and
service marks, whether registered or not in specific countries, are the
property of their respective owners.
25KB
1.8MB