RSA: CA takes charge on security management

Computer Associates International Inc. this week announced it is spearheading an effort to establish common industry specifications for building security information management products, which are used to gather and make sense of data from information-security equipment such as firewalls and physical security systems such as electronic badge-readers.

With the RSA Conference as a backdrop, CA Executive Vice-President Russ Artzt introduced the Open Security Exchange, flanked by executives from initial backers Tyco Safety Products, Pinkerton, Gemplus SA and HID. Although these physical security vendors say they are in CA’s camp, the rest of the industry has yet to endorse the group.

“This will change by July at the CA World conference,” Artzt pledged. CA is wooing Check Point Software Technologies Ltd., Cisco Systems Inc., IBM Corp. and Symantec Corp., among others, he said.

The group’s initial goal is to develop core specifications for a “common credential,” whether in smart card or other form, which could be used for physical access through doors and cybersecurity access to networks. The specification would describe a common management framework so critical information from distributed devices could be shared at a single console that also could be used to control and audit those devices.

CA is developing two SIM products, Command Center for cybersecurity and eTrust 20/20 for physical security, set to be unveiled later this year.

While CA’s products will use the new group’s specifications, the forum is destined not to have broad effect until it gains other members. “Without expanding to other players, success will be difficult,” said Alex Mandl, CEO of smart-card manufacturer Gemplus.

CA’s bid to close the gap between physical and information security reflects some real-world concerns inside large organizations such as the U.S. Department of Defense.

In what remains an uphill battle despite years of planning, the Defense Department has issued 2 million of its public-key infrastructure (PKI)-based “Common Access” smart cards to military personnel, with 2 million more expected by year-end. About 400,000 people enter or leave military ranks each year, which is giving the Defense Department a workout on issuing and revoking these cards.

The cards are supposed to be used for both workstation access – e-business signing and encryption of documents – and physical building access.

But the full network and application prerequisites are not in place around the world to take total advantage of the cards’ capabilities, said Mary Dixon, director of the Defense Department’s access-card office, during a presentation at the RSA Conference.

“We now have about 150,000 workstations with logical access and logon for the cards,” Dixon said. “We’re shifting our focus to usage.”

The U.S. military has only begun to address the use of the Common Access card for physical security. But a lot of these issues might not be worked out until the next version of the card is completed. That version will likely contain support for biometrics, perhaps including fingerprint or iris scans and the person’s PKI certificate.

The U.S. Department of Homeland Security is working closely with the Defense Department on the design of the Common Access 2.0 card, says Joseph Broghamer, senior security architect in the office of the CIO at the newly formed agency.

He now uses a dozen different cards or badge readers to get into his computer, the Pentagon, different federal agencies and parts of the White House. One card would be better, particularly because sometimes the identification cards and readers aren’t properly revoked in a timely way, he says.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now