CyberArk IAM authentication FIDO2 certified

Identity cybersecurity company CyberArk has received FIDO2 certification for its access management product, confirming that it complies with the FIDO Alliance standards for secure authentication.

The certification was awarded to CyberArk Workforce Identity, an enterprise identity and access management product that is part of the CyberArk Identity Security Platform.

The Israel and U.S.-headquartered information security firm has made a string of acquisitions since its Nasdaq IPO in 2013, including identity management platform Idaptive in 2020. The acquisition allowed CyberArk to boost its identity management capabilities.

The company’s latest acquisition is machine identity management and identity and access (IAM) firm Venafi which was announced in October this year.

“From day one, CyberArk has been a security-first company,” says Peretz Regev, chief product officer at CyberArk. “As cyber threats continue to evolve, increasingly targeting identities and identity infrastructure, it is crucial that we continue to provide our customers with industry-leading tools to secure every identity with privilege controls, on the endpoint and in every application.”

In October, the company also integrated technology from enterprise identity authentication company Badge to eliminate the storing of user credentials.

FIDO certification represents a significant market opportunity for CyberArk, given the widespread adoption of the passwordless approach in the U.S. and elsewhere, not just amongst businesses but also public sector organizations.

A tale of FIDO and the USDA

The U.S. Department of Agriculture is a case in point. The USDA had trouble issuing personal identity verification (PIV) cards to all its workers, because the agency employs large numbers of seasonal workers who are ineligible for PIV cards. Yet the cards were essential to access government systems, and so the USDA allowed these workers to bypass the card, obtaining a user ID and password instead.

However, issues quickly arose when it came to light that sophisticated phishing campaigns could make such credentials vulnerable. USDA needed phishing-resistant multi-factor authentication (MFA). Furthermore, some USDA employees work in lab environments that require decontamination procedures that the standard identification card cannot survive. USDA sought a technical solution that provides the same protections as a PIV but withstands decontamination.

USDA adopted FIDO capabilities as its centralized technology architecture already supported it. Using cryptographic keys on user devices, FIDO’s authentication tools are phishing-resistant and allow the authentication of user identities without using passwords. To date, some 40,000 registered users, some of whom have previously required PIV exemptions,  have accessed USDA’s network using FIDO without the risks involved using usernames and passwords.

FIDO depends on non-password authentication factors like biometrics. FIDO passkeys have a growing profile among organizations and awareness amongst the general public.

The USA’s Cybersecurity and Infrastructure Security Agency has a full report on USDA’s successful FIDO implementation here.

Article Topics

biometric authentication  |  biometrics  |  certification  |  CyberArk  |  cybersecurity  |  FIDO Alliance  |  FIDO2  |  identity access management (IAM)  |  passwordless authentication