IBM Corp. and a key General Electric subsidiary said Friday they would merge their security offerings in an effort to solve a problem faced by large companies -- the communication gap between security tools used for protecting offices and physical property, such as badge readers, and the tools used for protecting computer data, such as passwords.
Electronic security provider GE Interlogix, Austin, Texas, will integrate its facilities security software with IBM's enterprise management and application server software, allowing the facility side of security management and the IT side to share information.
This collaboration is part of a growing movement -- albeit a slow one -- to converge the worlds of physical security and IT security, particularly in industries that are heavily regulated, such as finance.
Physical and IT security have merged on some levels already, says Allan Carey, program manager for information security services at International Data Corp., Framingham, Mass. For example, many businesses use the same smart card or common access card to enter the building they work in as well as access their desktops, networks and secure rooms within the building.
But for the most part, physical and IT security systems don't communicate with each other, preventing corporations from having a complete picture of their overall security environment -- often with negative results, like identity theft, experts say.
It's like having one hand that doesn't know what the other hand is doing.
According to Raymond Blair, vice president of business development at IBM Global Services, physical security assets such as badge readers and surveillance systems will be interlinked with logical security capabilities, such as smart cards and network passwords.
If a person leaves the building, swiping his identity badge on the way out, for example, and then five minutes later someone signs on to the network using that person's password, the badge system and the network system would sound an alert that a possible breach had occurred.
"We'll be able to see the information that they're getting [physical security], and they'll be able to see the information we're getting and then take action," Blair said. "We're not going to suddenly start seeing the physical security guy and the IT security guy walking hand in hand down the street singing 'Kumbaya,' but they'll be communicating and talking."
But the increasing need to converge physical security and IT security stems as much from the need to communicate as it does to consolidate. Blair cites an example of one major credit card company that has 73 different security registration systems in its organization. There are probably that many people trained to manage them, infrastructures to run them, and polices shaped around them.
"We're going to be able to tie all those together," he said. "There's a huge potential for savings there."
As part of the arrangement, IBM will be responsible for IT security services, application integration and solution deployment, and will work with an existing network of IBM and GE Interlogix partners to help customers integrate their IT infrastructure and back-office systems.
GE Interlogix will integrate Facility Commander, its security system integration software, with IBM's Tivoli enterprise management software, including Tivoli Risk Manager and Tivoli Enterprise Console, and WebSphere server software. GE Interlogix will also support IBM Directory Integrator and IBM's DB2 database.
IBM also plans to integrate IBM Tivoli Access Manager and IBM Tivoli Identity Manager with GE solutions to integrate and automate core identity management business processes with physical security practices.