Hewlett-Packard Co. has integrated two security software packages to help financial institutions provide controlled access to their systems via the Internet.
The move involves Hewlett-Packard's Authorization Server, which identifies qualified individuals and governs their access to and sharing of data. Authorization Server is now more tightly integrated with Virtual Vault, a firewall-like product protecting Internet-based business activities.
The integrated products extend security beyond internal applications to anything done through the World Wide Web. Business partners and customers outside an organization can gain access to applications that were previously restricted to internal use.
For example, an institution could authorize certain business partners or customers to view Web pages or retrieve information. Rules programmed into Authorization Server would define the rights specific users have to perform certain transactions.
"The security is not in your face," said Daniel Dorr, Authorization Server product manager. "It is transparent to the user unless he is trying to violate it."
Authorization Server is available now at an entry-level price of $4,900 for a 100-user license.
"We think access control is one of the hottest emerging segments for all applications over the Internet," said Ted Julian, lead security analyst at Forrester Research, Cambridge, Mass.
He said that if extranets-which permit users from outside a company to share access to some internal data-"are to fulfill their promise, they need access control that is application-agnostic. This is the hurdle that hasn't been cleared."
It is rare, he added, to see Hewlett-Packard being first to market. But the company still is not considered a market leader in security, said James Hurley, managing director of the information security practice at Aberdeen Group, Boston. "It remains to be seen how HP converts the information systems managers," he said.
"The most interesting thing about HP is that the Authorization Server meets users' needs," said Mr. Hurley. Virtual Vault is in essence "a souped-up firewall," he said.
Argus Systems Group Inc. of Savoy, Ill., views itself as an access control alternative. It provides "a third-generation product that offers the flexibility of a system in a commercial environment and has more of an advantage in advanced security," said Paul McNabb, Argus' chief technology officer.
Argus' Gibraltar and Hewlett-Packard's Virtual Vault both evolved from government security standards developed in the late 1980s and early 1990s and, therefore, solve similar problems, said Mr. McNabb.
"They both use trusted operating system technology to provide critically needed platform security for servers connected to a public network or to an internal corporate network," Mr. McNabb said.
Virtual Vault runs on Hewlett-Packard's HP-UX operating system, and Gibraltar runs on Sun Microsystems' Solaris.
Mr. Hurley said, "Argus is a niche player with very little brand or name recognition. That makes it difficult to sell."
Argus has major Swiss banks as customers, along with others in Germany and the Middle East. "We have a lot of deals in the pipeline in the United States," Mr. McNabb said.
Since Virtual Vault's launching two years ago, it has been installed at 100 sites, including Huntington Bank, Bank of Nova Scotia, and S-E Banken of Sweden.
"It is the leading security product in the retail banking market," said Mark Zucherman, product manager of Virtual Vault. He estimated 70% of the world's banks that use the Internet for financial transactions rely on Virtual Vault.