OPSEC Alliance Gains Momentum

Security has many specialized components, from point encryption and authentication tools, to far-ranging intrusion detection and virtual private network (VPN) systems, often running side by side on the same networks. These tools are often necessary in the contemporary computing environment, but it is very difficult to deploy a comprehensive, integrated security solution. It is the OPSEC Alliance's (www.opsec.com) mission to help.

OPSEC, which stands for open platform for security, was founded by Check Point Software Technologies Ltd. (www.checkpoint.com), which creates firewall and VPN software. The OPSEC Alliance consists of more than 200 partners, including industry giants Microsoft Corp., Novell Inc., and Apple Computer Inc.

IT managers sifting through the vast collection of security vendors and products often feel frustrated when trying to figure out which security options are needed for a project and what products will work with each other. "It’s like a swarm of gnats," says Amanda McCarthy, an analyst at Forrester Research Inc. (www.forrester.com).

The OPSEC Alliance allows vendors to submit products to the program to ensure that their solutions comply with the group's interoperability requirements and provide adequate levels of security. CheckPoint provides the certification free of charge to interested vendors.

"Products are tested in house, and we approve the branding," explains Upesh Patel, manager of the OPSEC Alliance. He says the products submitted to the group run on a variety of platforms, including NT, NetWare, and Unix.

OPSEC certification ensures that IT managers know that one security product is interoperable with another, which can be a difficult issue when deploying a project with many point solutions, such as a VPN.

The array of independent security vendors need a catalyst for interoperability and communication, McCarthy says. "If there wasn’t the big tent, they wouldn’t be in contact with each other," she explains.

The security market is fragmented and immature. The alliance helps companies define the market space and appropriate product lines. "Unless they [security vendors] cooperate, they won’t get a slice of the pie," McCarthy says.

Without OPSEC, it would be much more difficult for a systems of disparate parts to work. An end user could always purchase all of its products from a single vendor, but McCarthy believes no single vendor could provide the variety of solutions that the OPSEC aggregate provides.

The OPSEC Alliance relies on Public Key Infrastructure (PKI) as the basis for its product specifications. A tried and true method for encryption and authentication, Patel says PKI is the most open standard for the panoply of products reviewed by the alliance. This is particularly useful for cross-platform issues. "With PKI, you can extend the users with digital certificates.

Security startups SecureWorks (www.secureworks.net) and RapidStream Inc. (www.rapidstream.com) recently signed on with OPSEC.

SecureWorks is a security service provider for enterprises unable or unwilling to hire and train security staff in house. Since the firm uses OPSEC-approved products in its packages and its services comply with CheckPoint’s criteria, SecureWorks is able to leverage its membership in the alliance to gain market position. SecureWorks is focusing on marketing its services in conjunction with OEMs and Resellers.

RapidStream sells hardware that accelerates the encryption used in OPSEC products, allowing transparent connections to VPNs.