‘Nasty questions’ to ask your security vendors
International cloud security group Jericho Forum has created a free self-assessment tool for security vendors and buyers to determine the security of their products — namely in cloud-based environments.
The Jericho Forum’s Self-Assessment Scheme is for security vendors that want to check whether their products are cloud-ready, and for prospective buyers who want to vet those products. The tool is based on the forum’s 11 commandments for security, which are basically a checklist that can be used in RFPs. It asks direct questions intended to expose security flaws or potential loopholes in products, and includes a scoring process.
Vendors will be able to add a Jericho Forum "Self-Assessed" logo on their Websites, according to the Forum.
Bob West, founder and CEO of EchelonOne and a Jericho Forum board member, says he envisions the tool as an overall scorecard. "I see this as being part of a requirements document or checklist," West says. "It’s looking at a particular technology and incorporating it into a broader context." […]
The tool can be downloaded here (PDF).