Common Criteria EAL +3 Security Certification – What’s all the fuss about?
Companies have for some time understood they need to safeguard their IT systems from infiltration and viruses. But in today’s sophisticated cyber environment, the protection of data and data integrity needs not only to match the skill and cunning of the cybercriminal; it also has to be in accordance with strict security rules and regulations. Organisations need look no further than the few months leading up to the end of 2011 to see that cyber threats are becoming more frequent and more complex. The Duqu worm discovered in September 2011 is just one high profile danger facing organisations.
In this sense it is true to say that Governments and enterprise businesses face unprecedented challenges in ensuring the confidentiality of data as it is processed and exchanged across data centres. The use of cryptography in the form of encryption offers the most convenient way to protect sensitive data in transit over high-speed backhaul and backbone connections and that is why we went to the trouble of attaining Common Criteria certification EAL +3 for our automated policy management solution, Control Compliance Suite.
Provision of this worldwide standard verifies that the software has completed a rigorous independent testing process of specification, implementation and evaluation, and conforms to standards sanctioned by the International Standards Organisation.
But why should this matter?
Perhaps a good person to weigh in on this is Jane Doorly, Vice President European Research, IDC who commented on the importance of compliance today: “In recent years, there has been a higher level of adoption and spending in technologies and services that enable companies to meet their compliance objectives. As a result of this trend, we have seen the importance and relevance of independent testing and Common Criteria certification increase, making it a vital element of an organisation’s purchasing process.”
To our mind, being awarded a security accolade of this kind is not just a testament to the hard work and commitment that goes into making products good, it’s about meeting today’s security needs for the customer and industry. In an uncertain world where assets are being stolen for profit, intellectual property infiltrated just to prove it can be done and data integrity tampered with, it is crucial that customers have a high level of confidence and trust in their security solutions. What stronger confirmation is there that a product is up to the job than having an international standard stamp of approval?
comments
One Response to “Common Criteria EAL +3 Security Certification – What’s all the fuss about?”
Leave a Reply
-
Connect with us
-
Get Email Updates
-
Recently Posts
- Size doesn’t matter, it’s how you manage what you’ve got that counts
- Value your business. Value your data.
- The dog days are over – time to change those pet-based passwords
- Information? …It’s Gonna Cost Ya
- Do not miss the warning signs – be prepared
- Sporting Events, Your Employees and Web Policies
- Preparing for the unexpected
- Spam is decreasing. Is it the beginning of the end for e-mail?
- Taming the tablet
- Free Wifi: Why do we trust it?
-
Pages
- announcements
- Application
- Availability
- backup
- botnet
- Cloud computing
- Complexity
- Compliance
- Consumerization
- cyber-crime
- data centre
- data-loss
- Denial of service
- disaster recovery
- Education
- Green IT
- impersonation
- Information Policy
- Insider
- IT equipment
- Miscellaneous
- misleading applications
- Patching
- Phishing
- Regulation
- Reputation
- SaaS
- security
- small business
- Social Media
- Spam
- Speaking
- Storage
- trojan
- Uncategorized
- Virtualization
- Virus
-
Blogroll
- Ask Marian Consumer Security Blog
- Bruce Schneier’s Blog
- Con Mallon’s Symantec Consumer Blog
- Gareth’s BE Blog
- Get Safe Online (The Blog)
- Gizmodo Gadget Blog
- Jonathan Schwartz’s Blog
- Phil Windley’s Technometria
- Security Bloggers Network
- Symantec French contributor - A blog from the French pen of Laurent Heslault
- Symantec Guide to Scary Internet Stuff – Botnets
- Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
- Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
- Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
- Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
- Symantec Guide to Scary Internet Stuff – No8 Losing your Data
- Symantec Guide to Scary Internet Stuff – Phishing
- Symantec Guide to Scary Internet Stuff – Underground Economy
- Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
- Toby Stevens’ Data Trust Blog
Congratulations on receiving recognition for the security functional capability of your product suite, and the level of assurance that a consumer can have in it’s ability to perform as specified.
I echo the sentiments expressed above, that there is ever more so a need to actively seek the appropriate level of security functionality countermeasures and the requisite internationally mutually recognized assurance in their correctness and effectiveness.
Regards, Murray Donaldson
CEO, I3M LLC
Original Common Criteria Author
First International Common Criteria Project Coordinator