The algorithms that confirm the identity of users are improving all the time – but IT departments need to ensure that the template taken when people are enrolled onto the system is of the highest quality, so it can be easily matched, time and time again. When it comes to security, we have all heard concerns about fingerprints being ‘spoofed’ – that is, a plastic or gelatine fake being accepted as the real finger. Ways of countering these threats are in development, as part of the continual raising of the bar on levels of security.
On the standards side, ISO (the International Standards Organisation) is about to issue a number of key standards to ensure interoperability of systems that use these innovative technologies. These standards will relate to face, fingerprint and iris images, and the way that image is stored and transmitted, so that it can be recognised and used by different systems as appropriate. They also address BioAPI, which is an Application Programming Interface that controls how biometric data is requested and delivered.
Biometrics will also impact on the way that people work, and businesses must put processes in place for managing the new technology. For example, although the number is small, there will always be instances when it doesn’t work – for example the person accessing the system might have cut their finger. For these times, processes to recover the situation in a clean and secure way need to be developed as an integral part of the overall solution.
In addition, cost must be considered. Implementing a biometric solution is getting cheaper as the cost of the technology and readers comes down; but in fact the most expensive element of any biometric roll-out still remains the enrolment of the users. It is vital that when users are first registered with the system, the template is as accurate as possible to ensure minimal problems or delays in its daily use. Businesses must allow the necessary time to ensure this process isn’t rushed, while minimising the impact on cost and the availability of scarce resources.
Clever solutions implemented in cost-effective ways are the future of biometrics. Already they are being incorporated into a wide range of devices to protect information, and they have great potential as a solution for corporate IT security.
But as with all security solutions biometrics must be adopted in the light of thorough risk assessment – rather than a simple ROI model. Companies must identify the core areas of the business they need to protect, select the right technology for the environment, ensure that it is user friendly and educate the user community. Only then can they achieve the benefits that biometric technology promises to deliver.