Welcome!

@CloudExpo Authors: Liz McMillan, Elizabeth White, William Schmarzo, Rene Buest, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Blog Post

Security Key and Chrome: The Next Generation of Security? [#Cloud]

The goal of the FIDO Alliance is to make online security verification safer, more secure, and more convenient than ever before

As 2015 kicks off and people try to learn from the lessons of 2014, one issue remains at the top of most of their minds: security. Whether it was the account infiltration that lead to photo leaks from Apple's iCloud, the Sony hacks that revealed emails and other sensitive information from the studio, or major breaches at companies that compromised customer data, it was nearly impossible to escape the serious consequences of security failures. With such a critical issue affecting companies and individuals alike, it's no surprise that new methods and technologies were developed to help improve security. One of these new technologies gaining more mainstream attention is a special USB device from the FIDO (Fast Identity Online) Alliance used with the Google Chrome browser. The new Security Key represents a notable upgrade compared to other security efforts and could in fact be the first of a new generation of security devices.

The goal of the FIDO Alliance is to make online security verification safer, more secure, and more convenient than ever before, and the new Security Key is definitely a step in that direction. In fact, it's the ease with which people can use it which will likely lead to growing popularity. Here's basically how it works: when accessing a Google Account website, instead of putting in a password, the user would instead insert the USB Security Key into the computer. Then when prompted, the user would only need to press a button on the drive, and just like that, the user now has access to the site. It's quite easy and effective, and the increased security is a major benefit for both businesses and individuals alike.

Many web providers, cloud vendors, online businesses, and others have tried to use better security techniques to improve the network security of their sites while also making things safer for the consumer. One such technique that's been in use for several years is two-factor authentication. This method works by having users input a memorized password, then receiving a verification code on a separate device (usually a smartphone or tablet) that they then input. For obvious reasons, this approach is more secure and ensures users need more than just a password before accessing a sensitive account. Security Key takes this approach one step further by utilizing a USB drive in place of a verification code. Each device has a component that can hold and process encryption keys. This element has many uses, one of the most important being the ability to verify and validate whether the website the user is currently on is a genuine website and not one crafted by cyber criminals. Security Key can receive and reply to encrypted challenges from Google Chrome, allowing users to know the websites they are visiting are legitimate. In this way, Security Key can prove instrumental in preventing phishing attacks.

Beyond phishing, FIDO's Security Key can also prevent other leaks and failures most often occurring when passwords are lost and stolen. The device helps users by making it so they no longer have to memorize a large number of passwords, something that's been increasingly difficult the more online accounts are used. Security Key's easy-to-use nature and more secure technology is also just one part of a much larger effort to set better standards for online authentication by making it more difficult for attackers to steal valuable data. The technology used in Security Key is of the same type as chip-and-PIN tech used more and more by banks and retailers, which goes a long way toward an overall more secure environment.

While Security Key has lots of potential and is more convenient than the normal two-factor authentication process, there are some drawbacks all potential users should consider. Since a full-size USB port is required as of now, Security Key cannot be used for smartphones and tablets, which usually only have mini-USB ports. This could make it a less attractive security option for businesses, especially with the growth of BYOD policies. Security Key is also only available for Google Chrome for now, though the number of compatible browsers will likely increase in the future. And though each Security Key USB drive is relatively cheap (usually less than $20), it still costs money, whereas two-factor authentication is free. It all comes down to whether the user or business believes the added security is worth the extra investment.

With so much concern revolving around security, the release and spread of FIDO's Security Key is a welcome development. It by no means solves all security problems, but it's a cheap, convenient, and effective way to enhance security and keep cyber attackers at bay. Security Key can be seen as taking easy security solutions to the next level, one that will likely become a common sight as more organizations focus on improving cyber security.

More Stories By Rick Delgado

“I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of writing. I’ve started doing freelance writing and I love to write about new technologies and how it can help us and our planet.” – Rick DelGado (@ricknotdelgado)

@CloudExpo Stories
"We want to show that our solution is far less expensive with a much better total cost of ownership so we announced several key features. One is called geo-distributed erasure coding, another is support for KVM and we introduced a new capability called Multi-Part," explained Tim Desai, Senior Product Marketing Manager at Hitachi Data Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.