Novell, Honeywell Get Physical

Novell and Honeywell this month will announce the first fruits of their exclusive logical/physical security partnership -- a turnkey product that integrates Novell's identity management and Honeywell's physical access control system.

No, this doesn't signal the end of facilities management, or even a merger the physical and logical security departments in the organization. But it may be a hint of things to come, as regulatory and insider-threat pressures gradually start bringing together these traditionally separate, and very different, worlds. (See The 10 Most Overlooked Aspects of Security.)

Novell and Honeywell were initially drawn together by the federal government's HSPD-12 initiative for smart cards. But the two companies say they have integrated Novell's Identity Assurance identity management software with Honeywell's SmartPlus badge management system, which issues, enrolls, and revokes physical access cards.

The partners say they also are working to deploy physical and logical security solutions in the pharmaceutical and financial industries, as well as others that fall under Sarbanes-Oxley regulatory rules.

"It started out as a government initiative," says Ivan Hurt, a product marketing manager for Novell. "But we immediately noted some verticals had an outside interest in a simplified solution for the IT shop" and the physical security side.

Beth Thomas, a product manager at Honeywell, says some of her company's key accounts are at least merging the reporting structures for IT and physical security.

Security experts long have predicted convergence of the two security departments at some level. The lack of coordination between them today leaves a gap in security: You can't fully protect your servers, for instance, if the data center isn't properly secured and monitored and someone can steal them.

But although integrated products are now arriving, most experts agree that the market is still in its infancy.

"There have been a number of companies who were going to roll out something but have been delayed," says Geoff Turner, a senior analyst at Forrester Research. "My perception is that this convergence has a sense of inevitability... The delay has been in companies rolling out converged architectures, and the absence of an organized solution on the physical side" that integrates with the logical side, he says.

Part of the delay is that many physical security solutions are still analog-based, and those that are digital aren't all IP-ready, Turner says.

Not all of Honeywell's products are IP-based. "We sell everything from sensors to readers to doors to panels and cameras in IP. It depends on the nature of a specific product," Thomas says.

While smart cards are the first frontier for uniting logical and physical security, they aren't necessarily the only thing driving the trend, Thomas says. "They are a piece of the solution," she says. "The infrastructure goes way beyond that... more along the lines of driving processes and security across the organization. You can implement secure identity management without smart cards."

Both Novell and Honeywell say the key is helping the two organizations do their jobs more easily and in a more coordinated fashion, but without adding any extra overhead. "The organizations, whether you bring the two together or keep them separate, need information the other has. And it has to be shared in a way that doesn't increase the burden on either one," Novell's Hurt says. "We're helping them both make decisions without being in a vacuum."

The companies declined to provide the name of the new turnkey product, or discuss pricing.

The new product will help IT track what's happening in the data center, Hurt says. That includes tracking if a machine is moved or touched, recording who had access to it, and monitoring who is entering and leaving the room.

— Kelly Jackson Higgins, Senior Editor, Dark Reading