Biometrics: an evolution in access management

Paul Ferron, Director of Security Solutions at CA Technologies explores the ways biometrics on mobile devices help them become a frontier for access management.
Although the alphanumeric password has been an integral part of people’s lives for a long time and a key element in protecting access to sensitive information for many businesses, it remains a major security risk for organisations. Currently a spate of high-profile data breaches widely covered by national and international media, such as leaks from Target, a US retailer, and the DVLA, show that authentication mechanisms in many enterprises remain archaic, with simple passwords used across multiple accounts by employees who can easily fall prey to phishing attacks or access mechanism that don’t monitor data access. Complicated or ‘unbreakable’ passwords as well as other common defence techniques are only one method to help prevention – with technology that can trace keyboard strokes or clone a person’s entire laptop at hackers’ fingertips, companies need to find better solutions to protect their data.
A potential solution, recently gaining more and more popularity among companies, is biometrics. This term has been around for quite a while – laptops with biometric fingerprint readers emerged as early as 2003 but the technology didn’t appeal to the wider consumer audience until the introduction of Apple’s Touch ID last year. It’s simple and easy to use interface, as well as accuracy when reading fingerprints was the first step towards popularising the technology.
Biometrics’ ability to circumvent issues such as undocumented access, ID swapping and the loss of ID cards, coupled with the difficulty of forging biometric identifiers make it a formidable alternative to existing enterprise identity management solutions. It’s a technology that is, faster, more convenient and much more secure from customers point of view.
However, while most industry professionals agree that biometric technology can become a more secure method of authentication and an attractive alternative to passwords, it alone does not solve the main problem for enterprise security – that of access control and management. Since biometrics is a way of authenticating, it needs to be part of a wider mix to truly move the needle for better access management, at a time when it’s quickly moving towards the world of federated identity.
Access control is crucial to enterprise security – it not only allows organisations to identify an individual, but decide what one can and can’t do, access, or share; what files one can open and even which areas of the building one can enter. As such, it helps organisations exercise greater control over who has access to what data, when and where it can be viewed and what happens with that data once it has been accessed.
This is the reason why biometric technology can be such a breakthrough for access management. This innovation opens doors to seeing mobile phones become an access token in the near future. The popularisation of mobile devices in the workplace enables, organisations to start using them to access privileged company information and applications. In such scenario, once the authentication process on the device takes place, mobile phones will be able to communicate on behalf of employees and help organisations not only confirm an identity of an employee but also truly identify the person. Consequently, they will be able to grant or deny access to certain systems or information – whether the user is a developer building the latest mobile app, a customer accessing his or her mobile banking application or an employee accessing a corporate cloud service.
Additionally, through technology such as Touch ID, authentication will only have to happen once – as long as there is skin contact between the user and his or hers wearable, employees would be able to log in to systems and access information through the use of NFC or other, similar mechanisms.
Slowly but surely, mobile phones with biometric authentication systems could become crucial to the way organisations manage and control access to sensitive data. The uptake of biometrics within the workplace is already starting to come to light. CA Technologies, for example, partners with a company called BIO-key – which develops and delivers advanced identification solutions to commercial, government and healthcare organisations and is used by one million people to protect their data. At the same time, IDC predicts that in 2015 45.7m wearable devices will be sold, which represents a staggering 133% growth comparing to last year and could further impact the trend towards biometrics.
Mobile phone or wearable device access management could soon be used in hospitals, banks and public and government buildings, as consumer awareness of the benefits of this technology grows. And while data security will remain one of the key concerns for enterprises around the world, better access management can be the first step towards addressing this problem.
You can find more about CA Technologies’ security products here.