The Cloud Security Alliance (CSA) has today announced that it has signed a Memorandum of Understanding with the FIDO (Fast IDentity Online) Alliance to promote the need for a standards approach to authentication when tackling the needs of large-scale cloud services.
The Cloud Security Alliance had previously identified authentication and the broader issue of identity as one of the critical areas for cloud computing. With the increasing dominance of the mobile device as a primary point of access to cloud services, the Cloud Security Alliance established a Mobile Working Group. They have identified the need to provide scalable authentication from mobile devices to multiple, heterogeneous cloud providers as an important step toward the maturity of cloud solutions.
“The last 12 months has seen a shift in the cloud authentication landscape as more and more providers are looking to add additional layers of protection,” said Jim Reavis, CEO, Cloud Security Alliance, “The security and usability challenges this creates means that a standards-based approach is the only practical direction. We are pleased to work together with the FIDO Alliance to encourage greater understanding of the requirements of modern authentication systems and to help our respective members to reduce the burden on their customers.”
“FIDO shares many of the same aims as the Cloud Security Alliance,” said Michael Barrett, president of the FIDO Alliance. “As we have been working on a common, industry standard for strong authentication, we have found ourselves engaged with cloud service providers who have clear requirements to deliver simple, strong authentication to meet their customers’ needs. By working together, the CSA and the FIDO Alliance will be able to ensure that these emerging standards meet these needs.”
Many of the members of the FIDO Alliance – Google, Microsoft, Nok Nok Labs, Ping Identity, RSA, SafeNet and Salesforce.com – are also members of the Cloud Security Alliance. This membership crossover shows how the common themes of cloud enablement, mobility and authentication have converged. By working together, the FIDO Alliance and the CSA are able to promote standards-based solutions to cloud and mobile authentication challenges.
Industry-driven FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition. FIDO specifications will enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). FIDO specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow the interaction of technologies within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations.
Board members from the FIDO Alliance will be present at the CSA Summit 2014 on Monday, February 24 at the RSA Conference to discuss these issues. The FIDO Alliance also encourages all CSA members to attend the FIDO Ready Showcase on Wednesday, February 26 at Moscone North, Room 110, from 1-5 p.m., to see what technologies already exist in the marketplace to address the cloud authentication problems.
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at https://cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.
The FIDO Alliance Board of Directors includes leading global organizations: Blackberry®; CrucialTec (KRX: 114120); Discover Financial Services (NYSE: DFS); Google; Lenovo; MasterCard (NYSE: MA); Microsoft (Nasdaq "MSFT"); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ:NXPI); Oberthur Technologies OT; PayPal (NASDAQ:EBAY); RSA®; Synaptics (NASDAQ: SYNA); Yubico.