IT kite mark scheme hits turbulence
A kite mark scheme launched by the government for off-the-shelf IT security products could bring dangers with it
A kite mark scheme launched by the government for off-the-shelf IT security products could bring dangers with it, corporate VAR Morse has warned.
Launched by the Central Sponsor for Information Assurance (CSIA), a unit of the cabinet office, the CSIA Claims Tested (CCT) mark is aimed at IT managers in the public sector, and will also assist SMEs wanting to know that their purchasing meets government preferred standards.
“The new kite mark is a good idea, but people must not think that their data is immediately made secure. They also need to think about how the product fits into their overall strategy for security,” said Donal Casey, security consultant at Morse.
“Standards such as ISO17799 that combine technology and process should also be considered. Security products are just one part of the puzzle. Unless they are properly integrated into the IT infrastructure and configured appropriately, organisations risk being exposed.”
Jim Murphy, cabinet office minister for e-government, said: “As public sector services and information systems become more joined up, the government is taking steps to ensure that these systems are adequately protected. The CCT mark will help vendors and buyers alike, and it guarantees that information assurance in public sector organisations remains robust.”
After a year in pilot phase, the scheme is now going live. The first vendor to receive the mark is BeCrypt, for its Connect Protect product, which secures desktops and laptops against data leakage via external devices.
Ian Kilpatrick, chief executive of the Wick Hill distribution group, said: “Providing the cost and timescale of this new kite mark is a lot better than the previous system, this is good news. Our public sector resellers say that the public sector departments are always looking for a stamp of approval on products.”
The CCT scheme delivers test results in about 20 days, and is designed to provide certification of less complex products faster than the mandatory year needed for certification by the common criteria EAL1 evaluation.