When it comes to security, many electronics OEMs, whether they are building anything from routers and network appliances to mobile devices, consider certification of its products by an independent organization an option, rather than a requirement. However, third party testing is an important element when a potential customer is choosing technology solutions to be part of its security management program.
Security management programs can be very complex and require a sound foundation of products and services. Much like the foundation of a house, security certification shores up your business' foundation, enabling the products built on top of it to function as they should. Despite the clear advantages, there are few key certification challenges that seem difficult to overcome. However, with proper guidance and planning, these challenges don't have to get in the way of sound security procedures.
Challenge: The inability to develop a business case and demonstrate a tangible return on investment
Solution: In the case of the enterprise, certification provides a critical component to the due diligence process. Whether you are spending tens of thousands or millions of dollars for a given technology, you are looking to solve a problem, not invite new ones or get a false sense of security. Today, data breaches are impacting virtually every type of organization and they help highlight the importance of making the right technology decisions. Implementing and maintaining a robust security program across an enterprise is a critical task and the foundation of that complex system is the underlying technology that supports it
Challenge: Maintaining ongoing updates to each device for which certification is claimed
Solution: When certification begins, the vendor is then given a list of certification requirements including the commitment the vendor should expect to make. Certification not only involves the testing that is required to attain a successful outcome, but an agreement and commitment to ongoing certification maintenance. Though it may seem like quite a significant commitment, certification carries an equally significant meaning. For the vendor or developer, it is an independent mark that signifies that the vendor has attained a milestone and satisfied a rigorous set of standards for its product. Certification is proof of its due diligence and can be a competitive differentiator that provides assurance to its customers. Ongoing updates and maintenance are the only ways to ensure that the certification claim remains meaningful.
Challenge: Device problems are so deeply-rooted that the product must be re-engineered
Solution: Though the burden of re-engineering a product may seem too big to bear, it is a vital step to shore up the device's security foundation. What good is it to continue building on a flawed foundation? The initial cost and possible inconvenience should be balanced with the value of not worrying about issues that could infect the whole system.
Certification by an accredited organization immediately signifies that the product was held to the high standard of an independent third-party organization. Ultimately, it comes down to motivation and stimulus. Motivation comes from the vendor and stakeholders looking to do the right thing — not just flashy marketing material or a demo — and stimulus comes from an enterprise that demands certain requirements.