Experience with the Alliance for Cyber Security
We joined the Alliance for Cyber Security as a member in mid-July and then completed our onboarding as a partner at the end of August. We would like to use this short blog to describe our first experiences with the Alliance for Cyber Security and our partner contributions.
As a short digression, what does the Alliance for Cyber Security do (extract from the ACS website):
“With the Alliance for Cyber Security, founded in 2012, the Federal Office for Information Security (BSI) is pursuing the goal of strengthening Germany’s resistance to cyber-attacks.
Currently, 4548 companies and institutions are members of the initiative – and more participants are joining every day.
IT service and consulting companies, as well as IT manufacturers, are equally represented within the network as user companies of all sizes and industries. This diversity is an important guarantee for a rich exchange of IT expertise and application experience, from which all participants benefit.
148 partners and 99 facilitators are involved in the initiative and thus make a valuable contribution to more cybersecurity in Germany as a business location”.
As Cloud Identity & Access Management (cidaas) we are predestined for the partner program, we offer an IT security solution & in this context, we have to deal with the most diverse requirements in this environment daily. Furthermore, we see cidaas as Identity & Access Management as a central component in the digitalization of companies. Combining security with digitization, innovation and ultimately user comfort is one of our goals. To mark this occasion, we have designed our first partner contributions for the Alliance for Cyber Security and launched a webinar series that shows how modern authentication can and should be secure and convenient.
Which topics did we cover in the webinars?
- Bruteforce attacks and what can one do against them?
- FIDO2 and passwordless authentication explained simply
Brute force attacks and what can be done about them
Attacks – where the attacker tries to gain access by trying/ guessing passwords – is one of the most common attack patterns in the digital world and has become a major threat in recent years. This type of attack is not new, but it is now more of a headache than ever. Because almost all common approaches to defence bring other problems with them, which can sometimes be more serious for companies than the brute force attack itself. The classic brute force defence mechanisms often not only protect against attacks but also exclude real users or massively restrict user comfort. In this webinar, we have shown different forms of brute force attack and common defence mechanisms. Among them are classical defence mechanisms, the Brute force Protection via Device Cookies of OWASP, and the multi-factor authentication. As a transition to the next webinar, we gave a short outlook on the world after the password.
FIDO2 and password-free authentication explained simply
A World without passwords will be the future! In this webinar, we will discuss the FIDO2 standard with its protocols WebAuthn (W3C) and Client to Authenticator Protocol (FIDO). We first looked at the current situation regarding passwords and the associated disadvantages and then focused on the technical specification of the FIDO2 standard. Finally, we reported on first experiences and use cases with the FIDO2 standard and other passwords-less authentication methods. We also showed the transition path with which users can be introduced to password-less authentication or cross-device scenarios and how these can be handled.
Let us now look back at our experience:
We regularly host webinars, both self-organized and in cooperation with other networks, e.g. now in October during the European Cyber Security Month. As a small side note, we were very sceptical at the beginning, whether webinars of our own would be useful and could even achieve the necessary coverage. But we are very satisfied with our previous webinars and the number of participants and feedback. Since our webinars were closed to the Alliance for Cyber Security and only accessible to a limited number of participants, we also expected lower numbers of participants. After we had planned the webinars and announced them via the Alliance for Cyber Security, we were surprised how quickly the number of registrations increased. So that these two webinars are among our most visited events.
More importantly, the number of participants is one of the most active we have seen in our webinars so far. We were particularly pleased about this because it is precisely this exchange that makes the Alliance for Cyber Security so valuable!
The cooperation with the colleague at the Alliance for Cyber Security:
The cooperation was very great. Our enquiry was processed very quickly and together we designed our first partner contributions.
We are already looking forward to our next partner contributions and are pleased that there is such a network organized by the BSI in Germany. Good job!