Just over a year into The Cyber Secure Institute’s existence and we continue to gain a better perspective about cybersecurity.

When we began the Institute, one of our key requirements for recognizing technologies as “Cyber Secure” and promoting them was that they must be certified at a high level by the NSA-NIAP program or a similar body or program. We still feel strongly that this evaluation is one of the strongest indicators of a technology’s protection level or real security value.

However, one of the critical lessons we have learned is that there are many emerging technologies that are worth exploring that are not certified. In such a static industry, many of these technologies simply haven’t had a chance to go through the slow-moving certification process. Additionally, many of these up-and-coming technologies have been developed by privately funded start-ups, who simply do not have the money to go through the expensive certification process. The NSA-NIAP IT evaluation program is an effective one, but it puts innovation and entrepreneurs at a disadvantage. Moreover, in some cases the standards by which technologies are certified aren’t grounded in the real thread threats we face. And, the cumbersome process can slow important new developments and technological advances.

Those of you who have followed our analyses have seen that the Institute has advocated a range of changes to current certification programs to address theses challenges – such as grants for small companies and process changes to expedite testing and certification.

However, until such changes occur we are revisiting our parameters and expanding our mandate. We will also look to identify and advance truly best in breed solution and technologies. We will continue to immediately recognize fully certified technologies, but the lack of certification will no longer prevent us from recognizing other secure solutions.

We look forward to hearing from all the cutting-edge solution providers who believe that they have best in breed technologies.