Investing in security assurance

It is always a great and rewarding pleasure to hear that atsec has been mentioned as a trusted partner by our customers. When you think about it atsec provides a somewhat esoteric service to them, namely supporting them in helping their own customers gain assurance in the IT products and services purveyed.

How much security assurance these end users want and need is determined as security requirements and objectives by the developers of these IT products and services. For some market sectors the bar is set high including the financial sector, banks, insurance companies, transaction processors and in the retail sector.

Determining the need for security assurance and balancing this with the cost of providing that assurance is no easy matter. Sometimes it's a simple matter that a regulation must be followed, for some vendors other considerations come into play.

As you can see from their lists of successful evaluations and conformance testing, our customers are committed to providing their markets with the assurance needed. They draw their requirements considering their customer needs, professional judgment of the risks identified, pertinent legislation and regulation and yes, sometimes even because it is a market differentiator that their customers find value in. It’s not so easy!

So the news this week as IBM announced the zEnterprise® EC12 mainframe server that emphasizes the extensive security features of the system and highlights that these features have been independently evaluated through Common Criteria at higher assurance levels brings a smile to atsec’s face since atsec is one of the labs that IBM turned to in order to help them provide that assurance for systems that are trusted to secure massive amounts of customer information and financial data.

“Based on Common Criteria Evaluation Assurance Level 5+ security classification. IBM z/OS® including RACF® and System z® PR/SM™ have been evaluated under Common Criteria (an ISO/IEC 15048 standard). z/OS V1.12 was awarded Common Criteria at EAL4+. PR/SM was awarded Common Criteria at EAL5+ and z/OS V1.12 RACF also achieved an EAL5+ Common Criteria evaluation, meeting some of the industry's toughest security standards. For more details about protection profile testing see www.atsec.com. Security targets are also published on the www.bsi.bund.de (DE) Web site.”

What this statement means is that IBM is executing a strategy designed to give confidence in  the complex array of security features designed into the z/Enterprise. In fact they offer  their customers some of the highest security assurance seen in the industry.

As you can see from IBM’s portfolio of evaluations and independent testing the company is one that takes security very seriously. The rewards in terms of protecting the critical information of mainframe users that rely upon their products are both demanded and welcomed by their customers. Providing solid, well researched and structured security features and properties and the confidence from independent evaluation that they are implemented correctly with higher levels of security assurance is not something that they compromise on, even when this is not a requirement for a few customers.

atsec, like many other independent IT security laboratories, is proud to be a key instrument in helping both national and international IT companies meet the needs of their customers.

by Fiona Pattinson