Products: Standards start to catch up with new maturity | SC Media

Products: Standards start to catch up with new maturity

May 10, 2007

This month we concentrated on two areas: wireless and USB security. What we found in both cases was that technologies we thought had matured are still breaking some new ground.

The overriding impression that I had as I looked through our reviews is- and I've alluded to this before - that of an industry on the move.Many of the USB security products we tested have begun to encompasssecurity for all types of endpoint security. Even the USB memory stickshave addressed the biggest problem for data at rest: sensitive data inclear text on an extremely portable device. These small, inexpensiveproducts force encryption when data is saved to them. This is a cheapsolution to a potentially very expensive problem.

The wireless security products are beginning to show maturity. Thesolutions featured here bring together management of wireless accesspoints in a largely holistic manner. While addressing security, theyalso address the management of the access point devices. This is a majorstep in the maturity of the product group since we looked at itlast.

Where we still have confusion is in the area of standards.Interestingly, we are seeing better standardisation in the endpointsecurity products than we do in wireless products. In the former we arebeginning to see a shift from multiple encryption algorithms to AES,often AES-256.

Perhaps this move towards maturity is aided by the change in theencryption market itself. Encryption has been around for a long time,and when the industry began to move away from DES, a significant shiftstarted. Now we are down to fewer than half a dozen encryptionalgorithms in common use and encryption in products is slick,transparent and effective.

The standards used in the wireless world can be confusing, but eventhose are starting to shake out. The 802.11 standards are beginning tocome together and 802.1x security products are maturing rapidly. Iexpect that when we look at this product group next year, still morecoalescence will have occurred, and we will have even more matureproducts, but fewer of them, to look at.

One of the issues we ran into with wireless products was that vendorshave very broad product lines. Whether that means that the tools areoverlapping or that these broad offerings are necessary remains to beseen. My prediction is that as wireless security evolves we will seeconsumers simplifying once complex wireless networks, resulting in theneed for simpler management tools.

[BH] How we test and score the products

[BX] Our testing team includes SC Magazine Labs staff, as well asexternal experts. In our group tests, we look at several products arounda common theme.

Generally, we do not compare products to each other. We test and reviewthem within the group based on a predetermined set of standards, whichhave been compiled from several sources.

The general test process is a set of criteria built around the sixreview areas (performance, ease of use, features, documentation, supportand value for money) and comprises roughly 50 individual criteria in theoverall process.

We develop the second set of standards specifically for the group undertest and use the Common Criteria (ISO 1548) as a basis for the testplan. Given that we need to give a good picture in 350 words, reviewsfocus on operational characteristics.

Once the testing is completed, we rate each product according to theresults, assign star ratings and, if appropriate "Best Buy" and"Recommended" awards.

Our final conclusions and ratings are subject to the judgement andinterpretation of the tester and are validated by the reviewer.

All reviews and tests are reviewed for consistency, correctness andcompleteness by the technology editor prior to being submitted forpublication. Even so, errors, though rare, are possible. If you believethat an error of fact has affected a review of your product, pleasecontact the technology editor directly.

WHAT THE STARS MEAN

Our star ratings indicate how well the product has performed againsteach of our test criteria.

These are marked as follows:
* Seriously deficient
** Fails to complete certain basic functions
*** Carries out all basic functions to a satisfactory level
**** Carries out all basic functions very well
***** Outstanding

prestitial ad