The Jericho Forum, a security think-tank founded by IT security professionals, has launched a free online tool...
for checking the effectiveness of IT security products.
The Jericho Forum Self-Assessment Scheme is available for download to help security professionals assess whether products are meeting the requirements of their business.
They will also be able to compare shortlisted products and assess the security of their system implementations and architectures.
Suppliers can use the tool to evaluate how well their products satisfy the Jericho Forum's 11 principles of good security design.
The goal of the tool is to influence IT product innovation and market forces to be security-driven instead of purely feature-driven, said Paul Simmonds, Jericho Forum board member.
"This is an open invitation to the IT industry to improve security design standards," he said.
The Jericho Forum hopes IT security suppliers will use the tool to drive further innovation and enable product differentiation by using the forum's "Self-Assessed" logo.
Cloud computing is the latest manifestation of IT externalisation trends that motivate the Jericho commandments, said Dan Blum, analyst at Burton Group/Gartner.
"The Jericho Self-Assessment Scheme will help suppliers and customers give themselves an architecture check-up and it is, therefore, a useful way to measure cloud-readiness," he said.
As more applications move into the cloud, assessing the level of security computing suppliers really provide is a major effort, said Philippe Courtot, Jericho Forum board member.
The tool provides a comprehensive and straightforward mechanism to start such a process as it could, for example, be easily made part of the procurement process, he said.
"Such an initiative will definitively help improve the necessary transparency cloud computing suppliers must deliver," said Courtot.