@CloudExpo Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Zakia Bouachraoui, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Post

Security Key and Chrome: The Next Generation of Security? [#Cloud]

The goal of the FIDO Alliance is to make online security verification safer, more secure, and more convenient than ever before

As 2015 kicks off and people try to learn from the lessons of 2014, one issue remains at the top of most of their minds: security. Whether it was the account infiltration that lead to photo leaks from Apple's iCloud, the Sony hacks that revealed emails and other sensitive information from the studio, or major breaches at companies that compromised customer data, it was nearly impossible to escape the serious consequences of security failures. With such a critical issue affecting companies and individuals alike, it's no surprise that new methods and technologies were developed to help improve security. One of these new technologies gaining more mainstream attention is a special USB device from the FIDO (Fast Identity Online) Alliance used with the Google Chrome browser. The new Security Key represents a notable upgrade compared to other security efforts and could in fact be the first of a new generation of security devices.

The goal of the FIDO Alliance is to make online security verification safer, more secure, and more convenient than ever before, and the new Security Key is definitely a step in that direction. In fact, it's the ease with which people can use it which will likely lead to growing popularity. Here's basically how it works: when accessing a Google Account website, instead of putting in a password, the user would instead insert the USB Security Key into the computer. Then when prompted, the user would only need to press a button on the drive, and just like that, the user now has access to the site. It's quite easy and effective, and the increased security is a major benefit for both businesses and individuals alike.

Many web providers, cloud vendors, online businesses, and others have tried to use better security techniques to improve the network security of their sites while also making things safer for the consumer. One such technique that's been in use for several years is two-factor authentication. This method works by having users input a memorized password, then receiving a verification code on a separate device (usually a smartphone or tablet) that they then input. For obvious reasons, this approach is more secure and ensures users need more than just a password before accessing a sensitive account. Security Key takes this approach one step further by utilizing a USB drive in place of a verification code. Each device has a component that can hold and process encryption keys. This element has many uses, one of the most important being the ability to verify and validate whether the website the user is currently on is a genuine website and not one crafted by cyber criminals. Security Key can receive and reply to encrypted challenges from Google Chrome, allowing users to know the websites they are visiting are legitimate. In this way, Security Key can prove instrumental in preventing phishing attacks.

Beyond phishing, FIDO's Security Key can also prevent other leaks and failures most often occurring when passwords are lost and stolen. The device helps users by making it so they no longer have to memorize a large number of passwords, something that's been increasingly difficult the more online accounts are used. Security Key's easy-to-use nature and more secure technology is also just one part of a much larger effort to set better standards for online authentication by making it more difficult for attackers to steal valuable data. The technology used in Security Key is of the same type as chip-and-PIN tech used more and more by banks and retailers, which goes a long way toward an overall more secure environment.

While Security Key has lots of potential and is more convenient than the normal two-factor authentication process, there are some drawbacks all potential users should consider. Since a full-size USB port is required as of now, Security Key cannot be used for smartphones and tablets, which usually only have mini-USB ports. This could make it a less attractive security option for businesses, especially with the growth of BYOD policies. Security Key is also only available for Google Chrome for now, though the number of compatible browsers will likely increase in the future. And though each Security Key USB drive is relatively cheap (usually less than $20), it still costs money, whereas two-factor authentication is free. It all comes down to whether the user or business believes the added security is worth the extra investment.

With so much concern revolving around security, the release and spread of FIDO's Security Key is a welcome development. It by no means solves all security problems, but it's a cheap, convenient, and effective way to enhance security and keep cyber attackers at bay. Security Key can be seen as taking easy security solutions to the next level, one that will likely become a common sight as more organizations focus on improving cyber security.

More Stories By Rick Delgado

“I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of writing. I’ve started doing freelance writing and I love to write about new technologies and how it can help us and our planet.” – Rick DelGado (@ricknotdelgado)

CloudEXPO Stories
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In this presentation, I'll talk about what automation is, and how to approach implementing it in the context of IT Operations. Ned will discuss keys to success in the long term and include practical real-world examples. Get started on automating your way to a brighter future!
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next-gen applications and how to address the challenges of building applications that harness all data types and sources.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.