Jericho Forum(R) Launches New Self-Assessment Tool for Evaluating Effectiveness of IT Security Products

SAN FRANCISCO and LONDON, March 15 /PRNewswire/ -- Jericho Forum, the leading international IT security thought-leadership association, today announced the Jericho Forum Self-Assessment Scheme (SAS), a new tool that will allow vendors and their customers to check the effectiveness of an IT security product in meeting their needs, particularly as more organizations adopt cloud computing. The scheme provides security vendors with a high-value, free-of-charge tool to assess how well a solution satisfies the requirements mandated in the Jericho Forum Commandments - the eleven principles of good security design established by the forum in 2006. The Jericho Forum Self-Assessment Scheme is available immediately and can be downloaded free of charge here: http://www.jerichoforum.org/SAS_Guide.pdf.

The Jericho Forum SAS is designed to raise the bar for the entire security industry by asking the probing questions that reveal if a security product or solution meets an organization's requirements.  It will be valuable to:

1. Security vendors wishing to self-assess their products and architectures and demonstrate their effectiveness as a market differentiator
2. User organizations looking to compare IT security products and also incorporate their key SAS requirements into their requests for procurement (RFPs)
3. User organizations wishing to self-assess the security of their system implementations and architectures as well as their readiness for cloud computing
4. IT systems architects and designers looking to validate the security of their architecture designs

The ultimate goal of the Self-Assessment Scheme is to influence IT product innovation and market forces to be security-driven instead of purely feature-driven.

"I've previously referenced the Jericho Commandments as a framework for envisioning how information security defenses must shift in the modern era," said Dan Blum, senior vice president and principal analyst at Burton Group/Gartner. "Cloud computing is the latest manifestation of IT externalization and de-perimeterization trends that motivate the Jericho Commandments. The Jericho Self-Assessment Scheme being announced will help vendors and customers give themselves an architecture checkup, and it is therefore a useful way to measure cloud-readiness."

"The eleven Jericho Forum Commandments are adopted by many IT architects and designers throughout the industry as valuable benchmarks for measuring design concepts and solutions, while a number of end-user organizations are known to include them as part of their RFPs," said Paul Simmonds, Jericho Forum board member. "This new Self Assessment program extends to all security vendors and customer organizations the benefits of clear measurement criteria with the goal of establishing a more secure marketplace where products are inherently secure right out of the box.  This is an open invitation to the IT industry to improve security design standards."

The scheme applies the Jericho Forum Commandments by asking a series of pointed questions that are geared to exposing a product's security flaws or loopholes. It enables vendors to differentiate their products, based on a three-tiered scoring process that assesses how well their product or solution satisfies the requirements implicit in each commandment. Vendors may choose to promote that they have "Self-Assessed" their product by displaying the Jericho Forum's "Self-Assessed" logo on their Web site and marketing materials to indicate their openness to talk about their results with current and prospective clients. The self-policing aspect of the scheme relies on the honesty of the submitters and the knowledge that their reputation will be damaged if their scorecard is exposed as including false claims.  

"As more and more applications move into the cloud, assessing the level of security cloud computing vendors really provide is a major effort. The self-assessment questionnaire devised by the Jericho Forum provides a comprehensive and straightforward mechanism to start such a process as it could for example be easily made part of the RFP process," said Philippe Courtot, CEO of Qualys and Jericho Forum board member. "Such an initiative will definitively help improve the necessary transparency cloud computing vendors must provide."

The Jericho Forum expects that IT security vendors will welcome being able to use this tool as it enables product differentiation and drives further innovation through an objective, independent, low-cost assessment that is unlike many other more formal and costly accreditation processes. While many vendors may keep their initial self-assessment summary scores private, they can revisit the SAS to validate and distinguish their accomplishments as their product security improves over time.

"The need for collaboration has never been greater and yet the myriad of business models and vendor offerings available to address the continuously changing threat landscape makes finding and maintaining the most appropriate risk management solution to support this need highly challenging," said Matthew Moynahan, CEO of Veracode, Inc.  "The Jericho Forum Self-Assessment tool will prove to be equally valuable to both vendors and users not only during the purchasing process but also for on-going measurement.  Veracode applauds the Jericho Forum for providing a compelling framework for evaluating and selecting security products and helping end users and vendors get beyond marketing messages to the core capabilities required to solve a very significant enterprise problem."

About Jericho Forum

The Jericho Forum is an international group of organizations working together to define and promote the solutions surrounding the issue of de-perimeterisation and secure collaboration within cloud computing enterprise environments. The Jericho Forum recognizes that over the next few years, as technology and business continue to align closer to an open, Internet-driven world, the current border-centric security mechanisms that currently protect business information will not match the increasing demands for protection of business transactions, collaborative working and shared data.

For more information please visit: http://www.jerichoforum.org or http://www.wikipedia.org/wiki/Jericho_Forum

SOURCE Jericho Forum