However, as the emphasis on access control and IT security continues to grow, many organizations are recognizing the potential of biometric identification to secure themselves and their information.
Over the last five years the industry has enjoyed rapid growth, so much so that the International Biometrics Industry Association (IBIA) predicts that the market could be worth at least $3.5 billion by 2005. Advances in biometric technology, making it more robust and reliable, have lead to this increased level of interest, but why is it such an appealing form of security for organizations?
Biometric technology authenticates a person based on his or her unique physical or behavioral make-up. By matching voice pattern, fingerprint, retina scans or DNA for example, the identity of the user can be determined. To the organization this offers peace of mind that the person accessing their vital system, is actually who they think they are. The convenience and ease of use of the technology provides organizations with a powerful security solution, flexible enough to be used in many different ways within the corporate infrastructure.
Biometrics can be implemented wherever an organization needs strong authentication, such as R&D or customer records. It can also be used for logging in individuals to hardware, company laptops for example, so that only authorized employees are able to access private company data and information. Biometrics can also be implemented to control access to buildings, departments or restricted areas, providing complete security across the company.
Mind your own business
The security provided by biometrics can be reinforced and strengthened by combining it with other security methods - such as smartcards or PINs. Matching something you know (i.e. a password) with something you have (i.e. a smartcard) provides two-factor authentication, but biometric technology can bring a new dimension to this by providing in effect a three-tiered approach.
Almost every single organization has at least a theoretical need for biometrics, if only to comply with national legislation to keep customer and employees' information absolutely private. However, due to the higher costs involved, the greatest take-up is from larger organizations and government agencies. Organizations in the financial and governmental sectors are leading the way in the adoption of biometrics.
Despite its obvious advantages and benefits, biometric technology has met with a certain amount of resistance, not least because of higher costs than other security solutions. However, biometrics can offer ROI, in addition to the obvious security bonuses, when looking at the broader picture. These include the obvious cost savings of the IT helpdesk, as password resets are greatly minimized. In addition, all organizations should investigate how biometrics can be incorporated into improved ways of doing business such as e-invoicing, e-forms or e-procurement. Major costs savings can be achieved in implementations of this type.
If cost is a determining factor for organizations considering biometrics then savings can be made by only deploying it to those individuals who really need it, instead of rolling it out company-wide. Employees who are involved with R&D, customer information, business plans and contacts, for example, may require the highest level of protection, but call-center staff may only require the security of username and password. Only by assessing their individual risks will organizations discover the key personnel that need stronger security.
Another factor hindering the take up of biometrics is uncertainty amongst users about safety and fears about user privacy. Contrary to belief, there is no danger of identity 'theft' or physical harm to the biometric user. Users have concerns about hygiene and privacy issues, particularly a fear of picking up germs and infections from systems that require bodily contact and fears that methods such as retina scanning for example, might cause damage to eyesight, but these concerns are based on myth. Systems today are proven to be absolutely safe to use.
Accept no imitations
Biometrics do also have a reputation for being unreliable. In the past unsophisticated biometric devices have been known to give false positive and false negative results. Nevertheless, as the technology advances, the reliability of biometrics is getting closer and closer to the elusive 100 percent - and it is still proven to be more reliable than any other form of authentication.
The problem of 'spoofing' or mimicking biometric identities is not so much of a problem as the media would have us believe. In the past it may have been possible to 'fool' biometric devices with a wax mould of a fingerprint for example, but as the technology has advanced spoofing has become more difficult to achieve. Even if you chopped off the hand of an authorized user, you still wouldn't be able to get in!
No security system, however good, is ever 100 percent secure, but biometrics ensure as much as is possible in this day and age that the user is who they are supposed to be. For the best results biometric technology should be used along with other security systems, such as smartcards, so even if the biometric information can be 'spoofed' the risk of any unwelcome visitor accessing your system would still be minimal.
Often fears and concerns regarding biometrics are as a result of misinformation or preconceived perceptions. In order to overcome these users need to be educated in the technology and its advantages.
In the long term, as the trust in biometrics grows, it will become more affordable and more widely available to organizations. Just as the technology has come a long way over the past decade or so, biometric capability continues to grow. The future will see the technology lending itself to even more applications and scenarios. Airports are already starting to implement biometrics for security and soon this will be commonplace. We are fast approaching a time where digital identities will be used to protect everything, from ATM machines to medical records.
There have never been so many options available to organizations needing to secure business critical information, to ensure private information stays private. Traditional security solutions alone are simply not up to the job. However, when combined with the advanced biometric technology that is now available, organizations can benefit from the most comprehensive security system yet. Yes, biometric technology doesn't come cheap, but companies need to be asking themselves, 'How much am I prepared to lose by not doing it right?'
Jackie Groves is managing director of Utimaco Safeware AG (www.utimaco.com).