Andrew Shikiar, Senior Director of Marketing, FIDO Alliance
We are back from an educational and productive week at RSA Conference 2017 that saw over 40 FIDO members exhibiting an array of security solutions, including dozens of FIDO® Certified offerings. Despite the fact that RSAC is a large show with more than 40,000 attendees, we still heard many common themes in our travels around the sessions and the show floor. These are our top three takeaways from the event:
Authentication is a C-Suite Issue. There was a theme at the conference that CISOs need to “get back to basics” to defend against the growing list of cyberthreats. As Fahimda Rashid says in her kick-off for RSAC last week for InfoWorld, “Attacks succeed when enterprises fail to get the basics right.” Those “basics” include best practices for identity and access management, including FIDO Authentication to combat phishing and man-in-the-middle attacks. Judging from the attendance at the FIDO implementer session, the traffic on the show floor at the FIDO Alliance booth and the strong FIDO presence at our members’ booths, attendees agreed with this need and were clamoring for information on how to implement FIDO Authentication today.
Securing the Internet of Things (IoT) is a Top Concern. Amongst the steady stream of traffic at the FIDO Alliance booth were security executives with questions about how FIDO Authentication can secure the Internet of Things. Indeed, the growing number connected devices and the corresponding growth of IoT-related breaches (e.g., Forrester has predicted that more than 500,000 IoT devices will be compromised in 2017) has highlighted the importance of strong, standards-based authentication over passwords to secure IoT. FIDO Authentication is ideally suited to provide simpler, stronger authentication for users to control their IoT-connected devices. In fact, we are already seeing organizations earn FIDO certification for IoT-specific devices and connected cars — most recently, Fujitsu announced it’s FIDO-based platform for IoT authentication.
Leading Security Practitioners Believe in FIDO Authentication. The panel of FIDO present and future implementers — Google’s Christiaan Brand, USAA’s Wil Bennett and Aetna’s Abbie Barbir and moderated by RSA’s Kayvan Alikhani — made the virtues of FIDO Authentication clear. Aetna’s Barbir said that “FIDO is a building block for simplicity, scale and security,” while USAA’s Bennett said that “FIDO gives USAA a way to implement standards-based authentication across heterogeneous architecture while navigating regulatory requirements.” In regards to user protection, Google’s Brand stated that “FIDO affords the highest level of protection against phishing and forms the basis for all authentication at Google”. FIDO Alliance Executive Director and fellow panelist Brett McDowell agreed, saying that “if the problem you are trying to address is phishing, then now is the time to deploy FIDO Authentication.” That’s just the tip of the iceberg of what the panelists shared; be sure to check out the recording to hear the full session.