FRAMINGHAM (11/11/2003) - IBM Corp. and GE Interlogix announced in mid-September that they'll integrate the latter's Facility Commander building access security technology with the former's Tivoli enterprise management software. The idea is to be able to correlate and manage both network and physical security from one console. Think access cards, badge readers, network intrusion detection systems and network directory tools all working in harmony.
The IBM-GE partnership provides yet another example of the converging worlds of physical and cybersecurity; in fact, a direct competitor has beaten them to the punch in integrated access control specifically. In July, Computer Associates International Inc. (CA) announced its eTrust product suite combining physical access control with network access control. Like IBM, CA indicates that it intends to accomplish its aim through partnerships. CA is the founding member of the Open Security Exchange (OSE), a multivendor partnership working on an IT-physical security integration standard with the pithy title "Physbits." Other founding members in the OSE include Tyco Fire & Security's Software House and HID Corp. The group added more members in October, along with new advisory board members from research company Forrester Research and consultancy Sandra Jones and Co., whose charge is to help ensure neutrality for the OSE (which has a relationship with IEEE-ISTO, a standard-setting body affiliated with IEEE).
But as Chris Christiansen points out, combined access control of this sort predates the CA announcement as well. Christiansen is program vice president of e-business infrastructure and security software at IDC (a sister company of CSO's publisher). He says integrated cyber- and physical access control has been practiced by governments here and abroad for many years. "Pretty much all of the major U.S. defense contractors have a custom or semicustom solution for taking this integrated approach," he says. Overseas, antiterrorism concerns have been a big driver, as nations such as Germany and Spain have dealt for decades with national terrorist factions. "What's new here is IBM's and CA's productization and their commendable effort to drive acceptance by a broader sector," Christiansen says. "I think it's a fundamentally good idea." For example, the ability to correlate who's in the building with who's on the network makes it much more difficult for rogue employees to run amok on the network using a coworker's pilfered password. That's not to say it's impossible--but more difficult.
IBM and GE Interlogix's intention to go their own road, rather than join forces with the OSE, may prove helpful or harmful to the spread of this type of integration. Regardless, Christiansen says that vendor competition is less of an obstacle than the oft-noted cultural rift between the IT and corporate security groups. "I've been sounding people out on this concept in the field, and while I hear a begrudging acceptance of the logic behind the idea, you can also see an emotional rejection. If, for example, you tell the 'physical security people' that you're moving them onto the IT network and making them beholden to the 'geeks' in any way, they don't care for that," Christiansen says.
Find It Online
Computer Associates www.ca.com
Forrester Research www.forrester.com
GE Interlogix www.ge-interlogix.com
HID Corp. www.hidcorp.com
Open Security Exchange www.opensecurityexchange.com
Sandra Jones and Co. www.sjandco.com
Tyco Fire & Security Software House www.swhouse.com