The Cloud Security Alliance (CSA) has today announced that it has signed a Memorandum of Understanding with the FIDO (Fast IDentity Online) Alliance to promote the need for a standards approach to authentication when tackling the needs of large-scale cloud services.
The Cloud Security Alliance had previously identified authentication and the broader issue of identity as one of the critical areas for cloud computing. With the increasing dominance of the mobile device as a primary point of access to cloud services, the Cloud Security Alliance established a Mobile Working Group. They have identified the need to provide scalable authentication from mobile devices to multiple, heterogeneous cloud providers as an important step toward the maturity of cloud solutions.
"The last 12 months has seen a shift in the cloud authentication landscape as more and more providers are looking to add additional layers of protection," said Jim Reavis, CEO, Cloud Security Alliance, "The security and usability challenges this creates means that a standards-based approach is the only practical direction. We are pleased to work together with the FIDO Alliance to encourage greater understanding of the requirements of modern authentication systems and to help our respective members to reduce the burden on their customers."
"FIDO shares many of the same aims as the Cloud Security Alliance," said Michael Barrett, president of the FIDO Alliance. "As we have been working on a common, industry standard for strong authentication, we have found ourselves engaged with cloud service providers who have clear requirements to deliver simple, strong authentication to meet their customers' needs. By working together, the CSA and the FIDO Alliance will be able to ensure that these emerging standards meet these needs."
Many of the members of the FIDO Alliance -- Google, Microsoft, Nok Nok Labs, Ping Identity, RSA, SafeNet and Salesforce.com -- are also members of the Cloud Security Alliance. This membership crossover shows how the common themes of cloud enablement, mobility and authentication have converged. By working together, the FIDO Alliance and the CSA are able to promote standards-based solutions to cloud and mobile authentication challenges.
Industry-driven FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition. FIDO specifications will enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). FIDO specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow the interaction of technologies within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations.