Breaking Biometrics Barriers in the Enterprise
Why biometrics haven't been adopted faster
By Brian Wilchusky
With the increased interest in tighter security post-9/11, the conventional thought was that biometrics-based authentication would become the norm for the enterprise. Fast forward to 2008, though, and most industry analysts privately admit to being a bit surprised that the adoption of biometrics is not more widespread. Three impediments are the likely culprits: user receptiveness, cost, and reliability.
There are indications, however, that these barriers to pervasive biometrics-based security solutions are quickly disappearing. Several trends support this observation:
- users now consider some forms of biometric security (particularly fingerprint) convenient and reliable
- industry-wide standards and requirements have been developed and adopted, leading to new and improved hardware/software bundling
- the overall cost for a biometrics-based authentication system has fallen significantly
C. Maxine Most, principal and founder of Acuity Market Intelligence, argues in the January 18, 2008 issue of findBIOMETRICS that "Post 9/11 security concerns that were supposed to push biometrics over the edge just created an even greater expectation of rapid market acceleration that never materialized." However, user confidence in biometrics-based security is strong and growing -- albeit slowly.
In 2006, Unisys Corporation conducted a study that found nearly 70 percent of respondents supported using biometrics technologies by a trusted organization as a way to verify identity. This is a slight increase over the results obtained in a survey conducted by EDS and the International Association of Privacy Professionals in 2004, which showed that just over two-thirds of U.S. consumers were open to the idea of using biometrics to verify identity.
The obvious extrapolation: the majority of enterprise users will be receptive to using a biometric indicator as an authentication device. It's the biggest explanation for why hardware manufacturers -- who are masters at spotting future purchasing trends -- are increasingly integrating biometric fingerprint technology into next-generation devices such as laptops and mobile phones. In fact, industry data shows that over 17 million laptops with built-in fingerprint readers have been sold worldwide. Manufacturers have pinpointed the enterprise security manager's pain points, and are quickly responding. For example, from an IT perspective, it's far easier (and cheaper) to purchase new PCs and laptops with fingerprint sensors that eliminate the need for passwords than it is to constantly respond to user requests for help -- at $13 per person per password reset request, according to Forrester Research.
From Fujitsu is fingerprint-enabled cell phone that can replace physical access credentials to Dell's laptop computers with integrated fingerprint authentication technology, OEMs are jumping on the biometrics bandwagon and making a CIO's job easier.
Further down the line, the proliferation of smart card technology as a vehicle to do match-on-card verification through biometrics could be another catalyst to drive usage. MOS (Match on Smart Card) is the process of matching and storing fingerprints on a smart card and is poised to become a more accepted method of verification at the enterprise and federal level. Although that method is conceptually ideal because it combines the best of two technologies (smart cards and physical identification through biometrics), it has yet to become a widespread verification method.
These advancements are being made possible by another top biometrics industry trend: the emergence of industry standards.
Spurred by the demands and requirements of U.S. government entities such as the Departments of Defense and Homeland Security, biometrics-based security product developers are working within organizations such as the International Biometric Industry Association, the InterNational Committee for Information Technology Standards (INCITS), and International Standards Organization (ISO) to advance common standards. Recognizing the importance of this, the leading BioAPI specification has progressed over the last decade into an ISO/IEC standard.
Earlier this year, ISO published a new version of biometric security standard -- ISO 19092 -- to address the implementation of biometric technology in the financial industry. Additionally, there is a federal standard, Homeland Security Presidential Directive 12 (HSPD-12), that requires federal employees' biometric data be captured for controlling access to buildings and systems through personal identity verification.
These standards will lead to new opportunities for IT managers to integrate physical and logical access using a single centralized interface based on a biometrics template, as well as to utilize biometrics in support of other high-demand technology solutions such as virtualized applications and desktops.
The third emerging trend is the falling cost of biometrics-based security deployments. Hardware, particularly fingerprint sensors, has dramatically decreased in cost. Along with lower costs comes choice. With improvements in size, technology, performance, and capability, the IT manager now has greater options for deploying a biometric security model within the organization. These advances, combined with standardization, have meant that a biometrics-based authentication system can now be integrated within an existing network without the headaches that once were the norm.
Customer acceptance of the technology, standards-driven interoperability, and cost considerations will continue to be three important biometrics trends to watch within the enterprise into 2009. Beyond those, IT managers will also see the availability of new biometric technologies and an increased use in mobile devices. More pervasive industry adoption will come quickly in industries and applications requiring stronger identity verification for access. Regulated markets such as health care and financial services are prime candidates to benefit from the technology. Beyond those, the overall drive for virtualized applications, desktops, and servers will also influence implementation, as organizations look to protect the virtual data and access.
Although it's taken longer than anticipated, the trend lines are finally pointing to broad enterprise biometric adoption in the coming 18 months.
- - -
Brian Wilchusky is the vice president of marketing at Austin, TX-based IdentiPHI, Inc. (www.identiphi.net), a technology company offering a comprehensive suite of enterprise security solutions and consulting services.