July 13, 2017 •Ray Potter
Search
Technology
July 13, 2017 •Ray Potter
Originally posted in its entirety at AFCEA's Signal Magazine.
For years, NIST’s Federal Information Processing Standards (FIPS) 140-2 validation list read like a Who’s Who of Fortune 100 technology vendors. Only those products that leverage cryptographic modules shown on the list were eligible for federal agency deployment. Until recent changes, only the deepest pockets could absorb the costs of development, testing and expensive consultants to facilitate introducing solutions into the federal marketplace.
Soft costs for FIPS 140-2 validation efforts added up as well, with significant hours required from engineering teams. The result? A huge barrier to entry, effectively blocking any technology company outside of the elite (or rich) from participating in the lucrative federal cybersecurity market. It built a phenomenal feedback loop for those big enough to enjoy it. It was fantastic for the vendors on the inside, but terrible for agencies severely limited in their available options for deployment.
Ray Potter is the Founder of SafeLogic, which was spun off from his previous venture, the Apex Assurance Group consulting firm. He brings over 20 years of security and compliance experience, including leading teams at Cisco and Ernst & Young, to the operations team at SafeLogic. Ray loves playing guitar and flying airplanes.