BT addresses security, compliance

BT Americas is working on two new services that the company says offer customers an enhanced level of security and tools that make regulatory compliance around the world a little easier.

BT is developing a federated ID management service with the goal of securely supporting single sign-on at the application level, says Robert Booker, vice president of security solutions. BT also is developing a service that helps customers keep track of regulatory and privacy laws.

“We’re not just looking at application security. More and more we’re looking at governance and compliance,” Booker says.

Identity federation, the sharing of user authentication information across corporate boundaries, lets a user authenticated on one network use that credential to gain access to resources on another network. Federation is based on a number of XML-based standards, including the Security Assertion Markup Language and a protocol developed by Microsoft and IBM called WS-Federation.

More businesses are expected to adopt federated identity solutions over the next three years, according to a report issued by IDC. Fueling the jump are maturing standards and products, IDC says. Financial services, manufacturing and government are vertical markets that are expected to be early adopters of the technology.

One user that falls in the government category has been testing BT’s federated ID management platform. Guide, a European Union-funded research project, is working with BT to develop a federated ID management architecture that can be used throughout the 10 European Union countries, says Lia Borthwick, project manager for Guide.

“Europe is moving much more toward a federal Europe,” she says. “We need to support the free movement of people who work, live and play in other EU states and the free movement of goods and services.” That’s where federated ID management comes in, she says.

If a citizen of the United Kingdom is transferred to Germany for less than 12 months, that employee’s Social Security pension rights remain in the United Kingdom and won’t be paid by the German government, Borthwick says. Guide is working with BT to develop a system that would allow citizens to access an online system to support these types of transactions.

BT also is developing a service designed to make it easier for customers to track and comply with state and federal regulations. “Different countries have different regulations and privacy laws that businesses must follow. Some countries are more mature and others less regarding things like what level of security you can apply,” Booker says.

BT has developed an application that lets companies easily see which policies it must comply with in individual countries. It then advises them on how to meet those rules.

The carrier has essentially developed a dashboard application that notifies a user of the regulatory and risk environment in terms of regulations that apply to technology, Booker says. “Some customers that are U.S.-based tune in on Sarbanes-Oxley and [the Health Insurance Portability and Accountability Act], and others focus on encryption rules for some countries overseas,” he says.

BT is testing the dashboard service with two customers and plans to launch the unnamed service in the second quarter.

Senior Editor John Fontana contributed to this story.