Biometric technologies that use a person’s fingerprints, voice, heartbeat or even gait (the way we walk) as methods of authentication have attracted a lot of attention here in the UK for some time now. These techniques are gaining traction as the primary form of authentication to protect devices, apps and data. Biometric authentication is already seeing rapid adoption within the consumer arena. For example, MasterCard and HSBC have recently announced the introduction of facial and voice recognition technology to authorise transactions. While Amazon has introduced ‘selfie’ recognition as a form of payment. However, when it comes to the corporate environment, biometric authentication has a long way to go in order to catch up to the level of adoption seen within the consumer realm today.
Whilst convenient, very few people realise the potential flaws behind the use of such methods. Fingerprint readers can easily become compromised by the likes of dirt or due to the nature of fingerprints themselves, which can become altered through blisters, cuts or burns. All of which can be a hindrance for organisations looking to include the authentication method as a single form of authentication. Rather biometric methods should be used as an additional layer of authentication as part of a wider Identity and Access Management (IAM) strategy.
By having an IAM strategy, organisations of all sizes are able to meet the security challenges of an increasingly connected and cloud-based business environment. IAM strategies also provide organisations with the ability to provide employees with a single-sign on service and, depending on the user provisioning, control employees’ access to sensitive information depending on their location.
Whilst embarking on their journey of digital transformation, organisations have found themselves faced with many challenges, particularly when reviewing IAM strategies. For biometric authentication to become mainstream in a business context, it assumes that all employees — not just some — have access to biometric readers. However, this is not a reality. Whilst we are now seeing devices enter the market with biometric recognition capabilities, there is still a considerable capital expenditure associated. This is exacerbated by the fact that a modern business has an increasingly remote workforce, who are either based at home or constantly on the move. Mobile workers present a wealth of additional challenges, as they often use a number of different devices, from desktops, to tablets, mobiles, wearable technologies and more, meaning authentication techniques must be universal and readily available on a whole host of different devices. With these challenges in mind, businesses looking to embrace biometrics as part of their digital transformation would need to ensure there are a number of different authentication methods available to employees. Not only would this increase the risk to the organisation, but would likely confuse staff.
Employees by nature avoid security methods that they find difficult and try to circumnavigate them. This puts the entire organisation at risk. To avoid this, organisations must embrace methods of Biometric authentication which are easy to use, non-invasive and non-threatening, no matter where employees are accessing the corporate network from.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.