FIDO Alliance launches new IoT certification program
The FIDO Alliance has announced the launch of its FIDO Device Onboard (FDO) Certification Program, enabling edge node and IoT device vendors to prove that their solutions adhere to the security and interoperability requirements of the FDO specifications.
Achieving certification allows vendors to demonstrate their products are high quality and at low risk of cyber threats, while deploying companies can ensure devices will interoperate more seamlessly and securely within IoT and distributed computing infrastructures, according to the company.
Vendors around the world, including Dell Technologies, IBM, Intel, Red Hat and VinCSS have already begun to include the FDO specification in products and services, which are being utilised by customers in a variety of settings and applications.
According to Markets and Markets in their June 2023 report, the “Edge Computing Market size is expected to grow from $53.6 billion in 2023 to $111.3 billion by 2028.” They go on to say that “despite the benefits, the edge computing architecture is susceptible to cyberattacks with the addition of vulnerable edge nodes and IoT devices.”
The FIDO Alliance’s FDO technology has been specifically defined by leaders including Intel, Google, Microsoft, Qualcomm and ARM to address these concerns so that users in areas such as enterprise and industrial can fully take advantage of edge computing opportunities.
The FDO protocol is a freely available standard that champions a ‘zero trust’ approach to remove these barriers, enabling devices to quickly and securely onboard to cloud and edge management platforms.
As a Dell Technologies white paper explained, “The installation of these systems must prioritize simplicity and must be zero-touch once plugged in and powered on. Secure operations require the ability to bring edge devices into your environment with zero touch in mind.”
FDO Certification, testing for which will take place in early October provides conformance and interop testing, a security risk analysis, and assurance that a company's device meets FDO Specification and Security and Privacy Requirements. Certification testing builds trust among device owners, as devices are validated as meeting a high level of security by a third-party.
Andrew Shikiar, executive director and CMO of the FIDO Alliance, says, “Edge nodes and IoT devices are bringing transformative benefits to a whole range of industries but overcoming the security risks that exist today is critical to enable more organizations to take the leap."
“The appetite we’ve seen for the FIDO Device Onboard (FDO) standard since we launched last year is a testament to how urgent the business need is to secure the edge in a way that’s quick and cost-effective. Launching the certification program marks another step towards fostering trust in the edge and IoT space and taking mass deployments to the next level.”
FIDO Alliance brings together 250+ of influential and innovative companies and government agencies from across the globe to deliver security specifications that offer strong security, are free to use and easy to deploy, the company states.
The FDO Specification is an important pillar in the expansion of the Alliance’s core vision: to boost global cyber security levels, help eliminate data breaches and enable secure online experiences.
The business benefits of the FIDO Device Onboard (FDO) standard include:
- Simplicity: Businesses no longer have to pay more for the installation and onboarding process than they do for the actual hardware devices themselves. The highly automated FDO process effectively brings ‘plug and play’ to the world of onboarding edge nodes and IoT devices.
- Flexibility: Businesses can choose which cloud or edge platforms they want to onboard devices to at the point of installation (as opposed to when devices are manufactured). A single device SKU can be onboarded to any platform (edge or cloud), thereby greatly simplifying the device supply chain.
- Security: FDO leverages an “zero trust” approach, which means the installer no longer needs – nor has access to – any sensitive infrastructure/access control information.