Protecting access to data has become increasing challenging for every business.  Data breaches and identify theft stories scour the headlines; yet what is the solution?  According to Javelin Strategy & Research identity theft affected 12 million individuals in 2012.  Data breaches are costly to organizations; but no more costly than in healthcare where they come along with significant fines.

The June IBM Newsletter, included a story submitted by BIO-key titled, The Revolution is at the Gate.  The article discusses the challenges faced by companies as they attempt to secure a perimeter-less world.  IBM is also hosting the article in the Developer Works section of their website.  Developer Works is an online communication portal for IBM partners, resellers and customers.

Enjoy the article….


Bring Your Own Device

The Revolution is at the Gate
Who’s trying to access your company, your documents, your files and applications?

There’s a revolution at the gate and every company is facing this same dilemma.  There are customers, prospects, employees, executives, cyber thieves all clamoring at the door trying to gain entry.  Complicating issues there is more than one gate to protect.  Some gates protect non-vital information and data; therefore require minimal security.  Yet there are other gates protecting privileged information and highly sensitive documents.  These are the gates that absolutely can’t be vulnerable to the revolution at the gate.  What’s the solution?  Can there possibly be a sole solution that could deliver multiple levels of security?

Risk Based Authentication

Entry level employees only need access to entry level applications and alike.  A traditional password might suffice in the case of delivering level one security.  We’re all familiar with the downside of using passwords, which can be lost, stolen or shared; but serve a purpose at level one.

Sophisticated passwords like those that are used in the EHR department of most hospitals present a second set of security and workflow challenges.  Users are required to enter 16 digit passwords including capital letters, numbers, symbols, etc.  They are nearly impossible to remember which means t they will be written down somewhere; presenting security breakdown number one.  Sophisticated passwords slow down the log-in process as it’s impossible to create a natural flow.  Entering a password might take 6-10 seconds each and every time and this is a time killer for those that authenticate dozens of time daily.  Additionally the administrative department is constantly providing new passwords for those that were lost or compromised and the monthly or quarterly across the board resets waste valuable time and money.

Cards, tokens and PINS are all an extension of passwords.  Some more secure and some more convenient, yet to date none have proven to perform without compromise.  Although the solutions are in place globally there does not seem to be one universal solution that’s leading the pack.


BYOD Diagram

The Subtle Momentum of Biometric Technology

In 2000 the market for biometric technology was just $261M; by 2017 it’s forecasted to be a $17 Billion dollar industry.  Why?  Your first response might be a natural one “security”.  Biometric technology, including fingerprinting has been around for ages and has been relied upon by law enforcement and the federal government as the “absolute identifier.”  We all can remember the look on the defendants face as the prosecutor bellows “We found your fingerprints at the crime scene” as it means this case is closed.  Yet, convenience is a primary driver for biometric technology.  Airports and stadiums are constantly investigating methods to benefits from using facial or iris recognition and we’ve all used voice biometrics on our phone at one time or another.  In healthcare and the enterprise companies are calling upon BIO-key to improve workflow by eliminating the need for passwords.  BIO-key reduces 6-10 second log-in times to less than a second; optimizing efficiency and delivering additional interface time back to the end user.  This means more time with patients in healthcare and more time with prospects and customers in the enterprise.  The efficiency ends up generating new revenue; revenue generated without doing anything more than just modifying the log-in process and delivering end user convenience that improves “the quality of work environment.”

A Family of Solutions

Without an absolute universal authentication solution in place it seems that a multi-factor option will take president.  The common password may continue to exist as a layer of very soft security protecting the least vulnerable gate.  Other solutions such as cards and tokens will still exist, but will encounter challenges trying to grow market share as the cost and administrative time to manage cards or tokens does not compete well versus their biometric counterparts.  A fingerprint is more secure and does not require issuing cards (cost) for all users.

Ultimately one must be prepared to consider several options. Ideally, as you design the architecture for a risk based authentication solution scheme, your team will understand the value of integrating layers of security appropriate with the sensitivity of accessing each level of information.

But who’s the leader and what is the future?

When Apple invested $356M to purchase AuthenTec a leading fingerprint sensor developer, the company made a bold statement about the future of fingerprints as an ID solution.  More important to those that play in the fingerprint space, Apple was bridging the gap of consumer adoption.  A gap that was broad and existed for a longtime was narrowed the moment Apple pulled the trigger.  As we fast forward to today, we learn that Samsung is following in Apple’s footsteps.  Why is this so important?  Because once the consumer recognizes the swipe of their fingerprint as the normal way to authenticate or ID; because that’s what they are doing on their iPhone to access applications, they will be more open to using their fingerprint as their UNIVERAL FORM OF ID.

Proof is in the Pudding…
One of the myths about biometric technology is “What if someone gets a hold of my fingerprint….what then?”  The truth is your biometrics are all “public.”  Your voice can be heard by others, your face and iris are exposed and didn’t you leave a fingerprint on that last cup of coffee or bottle of water?  Nothing harmful can be done with your biometric.

The best way to understand biometric technology is to test biometric technology.  Develop a proof of concept or pilot program to see if biometric technology is suited for your environment.  Segment your audience and conduct a 30 day test.  Be sure to include someone from IT, admin, executives and those with some doubt as part of your test.  In essence, make sure you have a balanced cross section of users.
Companies such as BIO-key will offer free Proof of Concepts, including supplying the hardware, software, integration support, training and customer support for qualified prospects.

In summary, today’s perimeter-less world offers security specialists many challenges, with the primary challenge being the revolution at the gate.  We can’t rely on a single gatekeeper under these circumstances.  It requires a risk based authentication solution….one that should include biometric technology.

Scott Mahnken
VP Marketing