Cyber security gets physical

The traditional line between physical and cyber security is disappearing, according to Computer Associates International Inc.

That’s the reason behind the Islandia, N.Y.-based software firm’s recent partnership with Pinkerton Consulting and Investigations Inc., a global provider of corporate security services.

Under the terms of the agreement, the companies will offer expertise, technologies and service capabilities to meet a range of security concerns, including insider attacks, unlawful use of corporate assets, theft of intellectual property, executive protection and workplace violence prevention.

Eric Maurice, business manager for CA’s eTrust brand, said IT security and physical protection of assets go hand in hand. “Very often when looking at computer crime, we see that it can result from unlawful physical access,” he said. When defining security procedures, companies need to take into account both the physical security department and the IT department – “and they need collaboration between physical and IT security groups within the organization.”

Erik Laykin, senior investigator with Pinkerton, agreed. “One of the holy grails for the security industry is how does the left hand talk to the right hand and how do you merge these two, or get the two departments to have a comprehensive approach.”

Pinkerton is tackling that problem by offering CA’s line of eTrust security management solutions to customers as part of an integrated risk-mitigation program. The solutions provider will also standardize on CA’s eTrust Audit, Policy Compliance and Intrusion Detection software for its forensics, assessments and policy definition services.

In turn, CA will bring Pinkerton into its customer security engagements to provide complementary professional services, including cyber forensics, security architecture and planning.

“One of the exciting aspects of the partnership is learning about each other – acting as development buddies, and work together,” Maurice said, adding that Pinkerton has already provided a lot of feedback about the eTrust tool and how to implement it. “Pinkerton provides expertise around the policies that will allow customers to fully leverage [eTrust] 20/20.”

As for Laykin, he said the alliance will “help round out our total suite of services that we’re currently offering to our global clientele.”

In addition, the companies will conduct joint marketing activities to promote best practices for integrated physical and cyber security challenges facing organizations worldwide.

CA is one of four security solutions providers which also announced last month the formation of the Open Security Exchange (OSE), a collaborative group that is working toward defining best practices and promoting vendor-neutral specifications for integrating the management of security devices and policies across the enterprise.

The other members of the OSE are Gemplus, a provider of smart card solutions; HID Corp., a manufacturer of contactless access control readers and cards for the security industry; and integrated physical security management systems provider Tyco Fire & Security’s Software House.

The new group will “help us find and adopt best practices and standards for our practice,” said Maurice.