HP Combines Two Security Packages for System Access Control

Article excerpt

By POWER, CAROL

Hewlett-Packard Co. has integrated two security software packages to help financial institutions provide controlled access to their systems via the Internet.

The move involves Hewlett-Packard's Authorization Server, which identifies qualified individuals and governs their access to and sharing of data. Authorization Server is now more tightly integrated with Virtual Vault, a firewall-like product protecting Internet-based business activities.

The integrated products extend security beyond internal applications to anything done through the World Wide Web. Business partners and customers outside an organization can gain access to applications that were previously restricted to internal use.

For example, an institution could authorize certain business partners or customers to view Web pages or retrieve information. Rules programmed into Authorization Server would define the rights specific users have to perform certain transactions.

"The security is not in your face," said Daniel Dorr, Authorization Server product manager. "It is transparent to the user unless he is trying to violate it."

Authorization Server is available now at an entry-level price of $4,900 for a 100-user license.

"We think access control is one of the hottest emerging segments for all applications over the Internet," said Ted Julian, lead security analyst at Forrester Research, Cambridge, Mass.

He said that if extranets-which permit users from outside a company to share access to some internal data-"are to fulfill their promise, they need access control that is application-agnostic. This is the hurdle that hasn't been cleared."

It is rare, he added, to see Hewlett-Packard being first to market. But the company still is not considered a market leader in security, said James Hurley, managing director of the information security practice at Aberdeen Group, Boston. …