Reality Check

Does your Innovation stand up to these basic questions?

Our structured group of questions about your IT security related innovation is designed to provide a reality check for the questions you, as an innovator, will be asked anyway. Our questions will also help position your innovation more clearly for potential customers and investors.

We have compiled these initial questions with input from corporate customers and end-users, as well successful innovators.

We have four sets of core questions relating to:

  • Description of your innovation in business terms
  • Summary of how your innovation addresses business “pain points”
  • Review of extent of inbuilt future-proofing
  • Scalability of your innovation

To access our full questions, and to submit them to us for review click here.

Can You describe your Innovation in Business Terms?

Initial innovation often comprises a new horizontal capability. We are looking for you to define where you fit in clear terms geared towards the average business audience. We are also looking to see how your horizontal capability can be applied vertically in specific sectors, and also its availability.

  • Describe your IT security innovation in 100 words using business terms.
  • Describe your IT security innovation in 500 words. (You may use technical terms)
  • Outline the core concept (not the detail) that makes your innovation work.
  • What technical issue (i.e. not process issue) does your solution solve that others do not?
  • What becomes obsolete if companies begin using your product?
  • What business problem are you solving through the use of your technology?
  • What business sector(s) does your innovation address?
  • How are you delivering more for less?
  • When people misunderstand your innovation how do they classify you? (note: it can take time to get people to appreciate what your innovation is about and for you to be aware of how your innovation may be misinterpreted)
  • How are you different  from other vendors in your space?


Submit your innovation to our advisory panel, here.

How far do you address current corporate “pain points”?

This step incorporates typical pain-point areas that trouble large enterprises. They relate to IT security, and reducing risk to reputation and business. This section is designed to help you home in to the pain areas where your innovation is most likely to make an impact. We are grateful to Dr David King for his input into this section.

  • In what why will your solution help a business to better manage its risk?

a)    By addressing a threat (such as impersonation, accidental loss of data)?
b)    By helping to close vulnerabilities in existing technology or processes?
c)    By improving the risk assessment / management process (e.g., by improving data collection / reporting)?

  • How will your solution ensure that only the right people have the right access to the right information?

a)    By the use of physical controls to separate information?
b)    By the use of logical access controls and reliance on correctness of software?
c)    By the use of cryptographic technology?
d)    A combination of the above (defence in depth)?
e)    Not applicable

  • How will your solution ensure that information is not accidentally or maliciously changed:

a)    By reliance on logical access controls?
b)    By the use of cryptographic technology?
c)    By providing detection technology (e.g., logging / monitoring)?
d)    A combination of the above (defence in depth)?
e)    Other
f)    Not applicable

  • Which of the following areas will your solution assist in addressing?

a)    impersonation (identity theft)
b)    phishing
c)    viruses / Trojans and malware
d)    PC security
e)    mobile devices
f)    storage
g)    email security
h)    web security
i)    infrastructure
j)    interoperability
k)    integration of technology
l)    other

  • How will your solution assist in ensuring that people know how to protect the information and IT assets of their business?

a)    By providing security awareness and education tools/techniques?
b)    By embedding security messages in the solution?
c)    By providing documentation to assist the user making the best use of the solution?
d)    By providing links to authoritative sites (such as Get Safe Online) in online documentation?
e)    By supporting existing security awareness initiatives (e.g., through the provision of an online training package)?
f)    A combination of the above?
g)    Other
h)    Not applicable

  • How will your solution ensure that the business is able to continue effectively when information is lost or destroyed:

a)    By providing support for business impact assessments?
b)    By providing support for disaster / data recovery (e.g., through back-up and restore)?
c)    By supporting other business continuity planning activities / training?

Why not cure the corporate pain points by submitting your innovation here.

How Future Proof is your innovation?

The Jericho Forum, (www.jerichoforum.org) a consortium of Chief Information Security Officers in major global corporations, has listed essential requirements they expect from large suppliers of IT security related products in a de-perimeterised Internet-based business environment. The Jericho Forum, set up in 2006, encourages large security suppliers to interoperate through relevant standards and protocols; to enable their products to work outside the firewall; and to stem the proliferation of “me-too” products that do not.

With much help from David Lacey, the Jericho Forum's founder chairman, we have summarised for SME innovators the Jericho Forum's core requirements (“The 11 Commandments”) of suppliers in this area. These are the requirements of the future. We do not expect you to conform with many, but please indicate which you may conform with currently.

  1. Does your innovation enable a scope and level of protection that is specific and appropriate to the asset at risk?
  2. Is the security mechanism of your innovation simple, scalable, easy to manage and interoperable?  Outline how?
  3. Is your security product transferable across environments? Can it be used globally? Outline any geographic, legal or technical limitations.
  4. Does your innovative security solution communicate using open secure protocols? Which major ones do you NOT support?
  5. Can your products survive on the raw Internet?
  6. Can you support transparent levels of trust for people, processes and technology to enable variable trust levels (e.g. by location, user role)? If “yes”, then How?
  7. How do you ensure that your innovation and its users are capable of appropriate levels of mutual authentication and access authorisation?
  8. Does your authentication, authorisation and accountability interoperate outside your area of control? If “yes”, then How?
  9. How does your innovation allow access to data to be controlled by security attributes of the data itself? Can it accommodate temporary access rights?
  10. Does your innovation enable segregation of controls (permissions, keys, privileges, including administrator access) to enable data privacy? If “yes”, then How?
  11. By default, is data appropriately secured in storage, transit and in use? If “yes”, then How?

Take the reality check and submit your innovation, click here.

Scalability

CIOs of large organisations need to be assured that a pilot demonstration will scale globally, not only technically through interoperability, but also that its operational requirements will conform to wider legal and regulatory requirements in different sectors and countries.
We are looking to help you to assess the degree to which your innovation currently scales. 

  • Do you Scale? If so, to what extent?
  • Where do you consider your idea in terms of technical maturity?

Now that you have seen what lies ahead in the reality check, please submit your innovation to our Advisory Panel for review, by clicking here.