Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/7/2007
06:25 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Novell, Honeywell Get Physical

Vendors plan to unveil logical-physical security solutions this month

Novell and Honeywell this month will announce the first fruits of their exclusive logical/physical security partnership -- a turnkey product that integrates Novell's identity management and Honeywell's physical access control system.

No, this doesn't signal the end of facilities management, or even a merger the physical and logical security departments in the organization. But it may be a hint of things to come, as regulatory and insider-threat pressures gradually start bringing together these traditionally separate, and very different, worlds. (See The 10 Most Overlooked Aspects of Security.)

Novell and Honeywell were initially drawn together by the federal government's HSPD-12 initiative for smart cards. But the two companies say they have integrated Novell's Identity Assurance identity management software with Honeywell's SmartPlus badge management system, which issues, enrolls, and revokes physical access cards.

The partners say they also are working to deploy physical and logical security solutions in the pharmaceutical and financial industries, as well as others that fall under Sarbanes-Oxley regulatory rules.

"It started out as a government initiative," says Ivan Hurt, a product marketing manager for Novell. "But we immediately noted some verticals had an outside interest in a simplified solution for the IT shop" and the physical security side.

Beth Thomas, a product manager at Honeywell, says some of her company's key accounts are at least merging the reporting structures for IT and physical security.

Security experts long have predicted convergence of the two security departments at some level. The lack of coordination between them today leaves a gap in security: You can't fully protect your servers, for instance, if the data center isn't properly secured and monitored and someone can steal them.

But although integrated products are now arriving, most experts agree that the market is still in its infancy.

"There have been a number of companies who were going to roll out something but have been delayed," says Geoff Turner, a senior analyst at Forrester Research. "My perception is that this convergence has a sense of inevitability... The delay has been in companies rolling out converged architectures, and the absence of an organized solution on the physical side" that integrates with the logical side, he says.

Part of the delay is that many physical security solutions are still analog-based, and those that are digital aren't all IP-ready, Turner says.

Not all of Honeywell's products are IP-based. "We sell everything from sensors to readers to doors to panels and cameras in IP. It depends on the nature of a specific product," Thomas says.

While smart cards are the first frontier for uniting logical and physical security, they aren't necessarily the only thing driving the trend, Thomas says. "They are a piece of the solution," she says. "The infrastructure goes way beyond that... more along the lines of driving processes and security across the organization. You can implement secure identity management without smart cards."

Both Novell and Honeywell say the key is helping the two organizations do their jobs more easily and in a more coordinated fashion, but without adding any extra overhead. "The organizations, whether you bring the two together or keep them separate, need information the other has. And it has to be shared in a way that doesn't increase the burden on either one," Novell's Hurt says. "We're helping them both make decisions without being in a vacuum."

The companies declined to provide the name of the new turnkey product, or discuss pricing.

The new product will help IT track what's happening in the data center, Hurt says. That includes tracking if a machine is moved or touched, recording who had access to it, and monitoring who is entering and leaving the room.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Novell Inc. (Nasdaq: NOVL) Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 5/28/2020
    Stay-at-Home Orders Coincide With Massive DNS Surge
    Robert Lemos, Contributing Writer,  5/27/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Can you smell me now?
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11844
    PUBLISHED: 2020-05-29
    There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
    CVE-2020-6937
    PUBLISHED: 2020-05-29
    A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
    CVE-2020-7648
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
    CVE-2020-7650
    PUBLISHED: 2020-05-29
    All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
    CVE-2020-7654
    PUBLISHED: 2020-05-29
    All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.