FIDO Device Onboard (FDO)

FIDO Device Onboard (FDO), sometimes called 'device provisioning,' is a Specification for Automated, Secure IoT Provisioning Technology leveraging asymmetric public key cryptography to provide the industrial IoT industry with a fast and secure way to onboard any device to any device management system.

What is "Device Onboarding"?
Device onboarding is the process of installing secrets and configuration data into a device, so it can connect and interact securely with an IoT platform. An IoT platform could range from an application on a user’s computer, phone or tablet, to an enterprise server, to a cloud service spanning multiple geographic regions. The device owner uses the IoT platform to manage the device by patching security vulnerabilities, installing or updating software, retrieving sensor data, interacting with actuators, and more.

FDO is invoked autonomously and performs only limited, specific, interactions with its environment to complete. A unique feature of FDO is the ability for the device owner to select the IoT platform at a late stage in the device life cycle. The secrets or configuration data may also be created or chosen at this late stage, with a feature called “late binding”.

ref:

1. https://fidoalliance.org/intro-to-fido-device-onboard

2. FIDO Device Onboard Specification - https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-RD-v1.0-20201202.html

3. https://www.embedded.com/fido-device-onboarding-integrated-into-iot-identity-access-management/

4. https://www.redalertlabs.com/blog/top-10-things-you-should-know-about-fido-device-onboarding-fdo

Secure Access Service Edge(SASE)

Secure Access Service Edge, also known as SASE -- pronounced "sassy" is a cloud architecture model that bundles network and security-as-a-service functions together and delivers them as a single cloud service. A SASE approach offers better control over and visibility into the users, traffic, and data accessing a corporate network - vital capabilities for modern, globally distributed organizations. Networks built with SASE are flexible and scalable, able to connect globally distributed employees and offices across any location and via any device.

A SASE architecture combines a software-defined wide area network (SD-WAN) or other WAN with multiple security capabilities (e.g., cloud access security brokers, anti-malware), securing your network traffic as the sum of those functions. SASE provides a simple security and networking tool that is independent of where employees and resources are located. SASE requires little to no hardware, using the widespread connectivity of cloud technology to combine SD-WAN with network security functions, including:

  • firewall as a service (FWaaS)
  • software as a service (SaaS)
  • secure web gateways (SWG)
  • cloud access security broker (CASB)
  • zero-trust network access (ZTNA)

How does SASE compare to traditional networking?
In a traditional network model, data and applications live in a core data center. In order to access those resources, users, branch offices, and applications connect to the data center from within a localized private network or a secondary network that typically connects to the primary one through a secure leased line or VPN. Due to the rise of distributed workforces, It is no longer practical to reroute all traffic through a centralized data center if applications and data are hosted in the cloud.

By contrast, SASE places network controls on the cloud edge — not the corporate data center. Instead of layering cloud services that require separate configuration and management, SASE streamlines network and security services to create a secure network edge. Implementing identity-based, Zero Trust access policies on the edge network allows enterprises to expand their network perimeter to any remote user, branch office, device, or application.

ref:

1. https://www.cloudflare.com/learning/access-management/what-is-sase/

2. https://www.techtarget.com/searchnetworking/definition/Secure-Access-Service-Edge-SASE

3. https://www.zscaler.com/resources/security-terms-glossary/what-is-sase