Access control: How cidaas by Widas protects user profiles and businesses

In this article you will read about,

•  how the Widas Group created cidaas – the leading European cloud identity and access management solution – offering out-of-the-box functions like single sign-on and multi-factor authentication,
• why the company relies on the public cloud for its software-as-a-service offering,
• and how the Widas Group and its customers benefit from the secure IT infrastructure from the Open Telekom Cloud 

The number of security incidents on the internet is increasing. The DsiN (Deutschland sicher im Netz) security index increased by 8.3 points in 2022, reaching a new peak of 43.4. Consequently, feelings of insecurity among users increased by 1.2 compared to the previous year’s value (2022: 28.4; 2021: 27.2).  The index measures the digital security situation of consumers in Germany on a scale of 0 to 100. At 59.8 points, it fell to a new low in 2022 overall (2021: 62.7). In addition, the study determined that the level of protection is not sufficiently developed, nor are security expertise and behavior.

Strong identification and authentication processes that use a combination of different factors – such as passwords and biometric features – help to increase the security of services and websites on the net significantly. Like cidaas (Cloud Identity as a Service), a cloud-based solution from the southwestern German company Widas Group, a specialist in applications for effective identity and access management. The software experts offer high-security, multi-factor authentication processes for customer portals, among other solutions. Companies like the Europa-Park amusement park and broadcaster ProSiebenSat.1 use cidaas, the core product of the Widas Group, to verify their digital identities. Security features for access to buildings and enterprise applications are also part of the cidaas portfolio. As such, the company is Europe’s leading provider in its segment.  

The Widas Group launched cidaas in 2016. The broad functional scope of the cidaas platform makes it possible to implement a wide range of requirements quickly and easily. cidaas is provided under a software-as-a-service model. In the early days, the company relied on its own IT infrastructure, but quickly hit their limits with regard to flexibility and scalability. “We wanted a strong, long-term partner for the cloud infrastructure to help us gain ground with cidaas and scale up flexibly at any time,” says Sadrick Widmann, CEO of Widas. “Since we offer software as a service (SaaS), it was essential to have reliable, high-availability operation of the platform.”

Also required: a GDPR-compliant foundation and hosting in Germany. The solution also had to cover the regulatory requirements for cloud use as extensively as possible, and also satisfy the needs of professional and social welfare secrecy holders.

The Widas Group has relied on resources from the Open Telekom Cloud since 2021. “It’s the perfect platform for us in many ways,” says Widmann. “The functional scope won us over in particular.” Widas uses dedicated nodes with C-type flavors for the virtual environment in the Open Telekom Cloud. It also uses the Cloud Container Engine (CCE), a Kubernetes-based container service, to update and run its mission-critical software-as-a-service solution. All services for the company and its customers are provided from a T-Systems data center in Germany. Technical experts at T-Systems advised and supported Widas from the start in building its environment in the Open Telekom Cloud and are also available for technical advice during the daily operation of cidass. “The collaboration with our contacts works very well, which is very important to us for a critical factor like infrastructure and reassures us,” says Widmann.

Thanks to the Financial Addendum, solutions from the Open Telekom Cloud can also be used by companies that are subject to regulations issued by the Federal Financial Supervisory Authority. With their commitment to the secrecy of social welfare data and secrecy protection for professional secrecy holders pursuant to § 203 of the German Criminal Code (StGB), the solutions are also suitable for users in these areas.  

IT security and data protection are of particular importance to the Widas CEO. “We offer our own IT security product with our login and multi-factor authentication solutions. That makes the security of the underlying infrastructure a decisive factor, of course.” Hosting in Germany is also an attractive sales argument for the German company.

Thanks to OpenStack, the open-source software upon which the Open Telekom Cloud is built, Widas benefits from forward-looking standards in operations and enhancements to its solutions. “We are convinced that standards are the best way to drive modern solutions forward, which is why we use standards like OAuth2 and OpenID Connect ourselves even in cidaas, and count on partners who do the same.” Widas has already planned the next steps for its solution in the Open Telekom Cloud: the company wants to increase its use of artificial intelligence and machine learning. “Our cidaas ID validator is an innovative service for digital identity verification. The Open Telekom Cloud has a wide range of AI offerings, which we plan to build on in the future.”