Adding Biometrics to Enterprise Security Arsenal

in the retina;

of bones and joints, and

”When looking at strong authentication, you want two out of three

factors — something you have, something you are and something you

know,” says Eric Oullet, vice president in Gartner, Inc’s security

research group.

While, eyes, hands and skin are commonly used as biometric identifiers,

more dynamic methodologies also are being introduced, such as:

when the user ID and password are entered;

as analyzing the speed and pressure used while writing, and

To keep performance high and storage requirements manageable, today’s

biometric technologies do not have to store or analyze a complete picture

of the body part or the physical feature being used. Imagine the

processing power that would be needed to store a high resolution picture

of someone’s face and then compare it with a live image pixel by pixel.

Instead, each method reduces the body part or activity to a few

essential parameters and then codes the data, typically as a series of

hash marks.
For example, a facial recognition system may record only the shape of the

nose and the distance between the eyes. That’s all the data that needs to

be recorded for an individual’s passport, for example.

When that person comes through customs, the passport doesn’t have to

include all the data required to reproduce a full-color picture of the

person. Yet, armed with a tiny dose of key biometric information, video

equipment at the airport can tell whether the person’s eyes are closer

together or if his nose is slightly wider than the passport says they

should be.

None of these biometric systems are infallible, of course, though the

rates of false negatives and false positives have markedly improved. One

of the problems with fingerprint readers, for instance, is that they

couldn’t distinguish between an actual fingerprint and the image of one.

In the recent movie National Treasure, Nicholas Cage’s character

lifted someone’s fingerprint off a champagne glass and used it to gain

access to a vault. That is not pure fiction.

Japanese cryptographer Tsutomu Matsumoto lifted a fingerprint off a sheet

of glass and, following a series of steps, created gelatin copies. He

then tested these on 11 fingerprint readers and each accepted the gelatin

prints.

Outside the lab, Malaysian thieves chopped the fingertip off a

businessman and used it with the fingerprint reader on his Mercedes. But

none of those methods would work with higher-end fingerprint readers.

”The latest fingerprint readers are incorporating more advanced

features, such as making sure the finger is a certain temperature,” says

Ouellet. ”Everyone’s hand is different, as some are consistently warm or

cold. In addition, they can also check if there is a pulse and tell how

much pressure is being applied.”

Such sophistication, however, has its drawbacks.

Authorized users may find themselves locked out even when the devices are

working properly. Why? Tiny changes, due to accidents or injuries, can

change a biometrics profile, rendering it effectively obsolete.

”The thing to keep in mind with any biometrics is that your ID does

change over time,” Ouellet says. ”If you cut your finger, your

biometric may not be the same any more. Or your early morning voice is

different than after talking for eight hours.”

Biometrics in the Enterprise

While biometric authentication certainly adds an extra layer of security,

it would be a mistake to implement a high-end system and then feel that

break ins instantly would be consigned to the history books. It takes

back-end integration, constant vigilance and consistent user involvement

to keep an enterprise secure.

”We feel security is a user issue and must go all the way to the

desktop,” says Stan Gatewood, chief information security officer at the

University of Georgia, Athens. ”Our philosophy is to do defense in

depth. We have a very layered architecture and assume that any layer will

fail some day.”

The most popular biometric tool at the moment is the fingerprint reader.

Some even use USB drives. And some keyboards and laptops come with them

built in. These devices have come way down in price. As a standalone

device, the unit price has dropped below $100. But, in an enterprise

setting, that is just the start of the costs.

”Often, companies look at biometrics as being ultrasexy, cool

technology, but they forget that there are integration issues,” says

Oullet.

IT departments have to ensure, for example, that back-end security

systems can accommodate biometric authentication, and scale to the

required number of users. Plus, if fingerprint readers are not

incorporated into the laptop or desktop, it adds to the number of devices

that need to be supported by IT.

There is little point, then, in adopting a stand-alone biometrics system

that cannot easily be assimilated into the organization’s existing

security fabric.

”Security is no longer something you can address as an afterthought,”

says Brett Rushton, vice president of strategic services for network

consulting firm Calence, Inc. in Tempe, Ariz. ”It needs to be built into

the infrastructure to deal with pervasive threats.”

The good news is that the biometric authorization techniques are no

longer so leading edge that they are difficult to marry with traditional

security safeguards. Today’s systems are well enough developed that they

can be incorporated into enterprise systems without too much effort.

”A strong authentication system is what you want to focus on and

biometrics can be part of it,” says Oullet. ”But the user should still

have to memorize something or have a token, and you need to make sure

that polices and the management structure relating to it are firmly in

place.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020