Cloud Security Alliance and FIDO Team Up On Cloud and Mobile Authentication Standards

PayPal, Nok Nok Labs, Agnitio, Validity Sensors, Lenovo and Infineon Technologies formed a coalition called the Fast Identity Online (FIDO) Alliance to develop a standards-based open approach that automatically detects when a FIDO-enabled device is present and offers users the option to replace passwords with more secure authentication techniques such as biometrics. Google, Microsoft,, RSA, SafeNet and others later joined the alliance.

For mobile and cloud, FIDO’s open approach provides a fantastic potential and has the ability to solve a lot of the security issues. The Cloud Security Alliance (CSA) identified authentication and the broader issue of identity as one of the critical areas for cloud computing.  With the increasing use of mobile services in the cloud, the authentication security issue is expected to increase in future. CSA identified the need to provide scalable authentication and for that reason it has signed a Memorandum of Understanding with the FIDO Alliance to promote the need for a standards approach to authentication when tackling the needs of large-scale cloud services.

CSA says the last 12 months has seen a shift in the cloud authentication landscape as more and more providers are looking to add additional layers of protection. The security and usability challenges this creates means that a standards-based approach is the only practical direction. The alliance with FIDO Alliance will encourage greater understanding of the requirements of modern authentication systems and to help companies to reduce the burden on their customers. By working together, the CSA and the FIDO Alliance will be able to ensure that these emerging standards meet these needs.

Data theft is one of the great plagues of the Web. Tons of stolen address or characteristics foment distrust of the online shopping. The existing protection methods are usually eventually cracked. A full, open-standards-based solution is an extremely effective way of building a security ecosystem. The authentication method used in FIDO approach is either done completely without password and or through a process in which a password is combined with a dongle that is attached to the unit (U2F, Universal Factor Second Protocol). The authentication process is service-and terminal-specific, but always uses the existing techniques in the mobile device.

Open FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as further enabling existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments.

Last year, CSA announced a new project called Software Defined Perimeter (SDP) Initiative to develop an architecture that can be created with safe and trust entities between with certain end-to-end networks IP addresses, allowing you to create systems that are extremely resistant to network attacks. In addition, the non-profit organization also updated its “Security Guidance for Critical Areas of Focus in Cloud Computing version 3.0” guidelines that addresses information security risks over the access of, transfer to, and securing of cloud data in the mobile security; supply chain management, transparency and accountability; interoperability and portability; encryption and key management domain.

Leave a Reply

Your email address will not be published. Required fields are marked *