'Nasty questions' to ask your security vendors
The Jericho Forum's Self-Assessment Scheme is for security vendors that want to check whether their products are cloud-ready, and for prospective buyers who want to vet those products. The tool is based on the forum's 11 commandments for security, which are basically a checklist that can be used in RFPs. It asks direct questions intended to expose security flaws or potential loopholes in products, and includes a scoring process.
Vendors will be able to add a Jericho Forum "Self-Assessed" logo on their Websites, according to the Forum.
Bob West, founder and CEO of EchelonOne and a Jericho Forum board member, says he envisions the tool as an overall scorecard. "I see this as being part of a requirements document or checklist," West says. "It's looking at a particular technology and incorporating it into a broader context."
Given the self-policing nature of the tool, it relies on the honor system: "We can't make an assumption that it's 100 percent accurate," he says. "There's still an additional amount of due diligence that needs to be done [by the buyer]. But at least you know the vendor has been thinking about this."
West says the tool is "actionable" information that buyers can use and basically puts the Jericho Forum's commandments to work. While it's an ideal fit for prospective cloud computing buyers, it can also be used for the corporate enterprise environment, he says.