Novell and Honeywell are planning to announce the fruits of a project to link physical and logical access products from the two companies, offering government agencies and large enterprises a way to tie building and network access privileges together seamlessly, according executives from the two companies.
The two companies plan to announce software updates and new products that are part of the solution in February, said Beth Thomas product manager for Honeywell’s Smart Plus platform. The integration is Federal Information Processing Standards Publication 201 (FIPS 201) compliant and the first such effort by Novell to work with a physical access security vendor.
The news comes as companies look for ways to tap into a fast-growing market for integrated physical and logical control systems mandated by Homeland Security Presidential Directive 12 (HSPD-12).
In February, Honeywell will release a new version of its ProWatch access control system and Smart Plus, a server that provides a Web services interface to Honeywell’s physical access products. Novell released an update to its Identity Assurance identity management product in December, adding connectors to facilitate integration with physical access systems. The company will add more workflows and XML signing capabilities to the product in April to assist convergence, said Baber Amin, Novell’s senior product manager for security and identity.
The technology partnership, which was announced in October, will allow customers using products from both companies to link user credentials from data stores and user provisioning systems such as PeopleSoft through Novell’s Identity Assurance product to Honeywell’s ProWatch, so that physical access to buildings and rooms is linked closely with logical access to computers and network resources. Similarly, actions to revoke an employee’s physical access in ProWatch can be used to trigger automated network deprovisioning on the logical side, Amin said.
The integrated solution provides a partial answer to a vexing problem within enterprises, where physical security and logical security are often managed by different groups with little overall coordination. Many times that means that employees or contractors who are denied building access on their last day of work continue to enjoy remote access to network resources days or even weeks later, Amin said.
The link to Access Manager will also allow companies to create more sophisticated access policies and workflow that bind physical and logical attributes. For example, Honeywell door access readers could contribute to NAC (Network Access Control) solutions by signaling to a switch to activate a network port in an office only after an employee has badged into the building or office, Amin said.
The companies will initially sell the solutions into large enterprises in regulated industries such as pharmaceuticals, health care, and financial services. Federal government agencies, which are under pressure to comply with HSPD-12, are also a target. One federal agency is already testing a beta version of the integrated products, Thomas said.
While integrations between logical and physical access vendors have been possible before, FIPS and HSPD-12 have provided the market for vendors to get behind converged physical and logical access, she said.
“It really took the federal government with FIPS to put the emphasis on this,” she said. Among other things, companies are uniting physical and IT security teams under one C-level executive — either a CIO or CSO. That makes converged security sales easier to carry off, Thomas said.
But Geoff Turner, a senior analyst at Forrester, said that true convergence is still a long way away.
“Convergence is happening, but not as quickly as some people predicted,” he said.
Among the obstacles to widespread integrations between logical and physical security vendors is confusion about which companies will play a lead role in the converged solution set, he said.
“Vendors are kind of casting about and trying to divine their place in a converged world,” he said. “They want to know ‘How do I do this and not lose my advantage?'”
Both Thomas and Amin said that the technology that makes the Novell-Honeywell convergence work could also work with other vendors. However, the two companies are focused on working with each other.