The future is here - and it's biometric
Security breaches have become a very real prospect for any organisation. Biometrics promises to remove at least some of that risk.
Sci-fi scripts are awash with storylines in which a person's identity is stolen through the not-so-subtle removal of a finger, or being impersonated using all manner of clever biometric trickery.
Fortunately, the possibility of these horror scenarios actually playing out has diminished as the technology has matured. Given the rate at which organisations, including giants like Sony, Adobe and US retailer Target, have succumbed to breaches of their data, the time for science fiction-inspired security is surely nigh.
"Adoption of biometrics in identity and access management worldwide is growing at around 20% per year," says Ian Simons, infrastructure transformation consultant at Avanade South Africa. "The problem with biometrics is that it can be cumbersome because of the time it takes to authenticate the subject. But that's improving all the time."
The extent to which biometric scanning is becoming a reality for the average South African can be seen in the scanning of fingerprints when applying for an identity document or passport.
It's also evident in a project Avanade is implementing for a national government department that draws on the company's expertise in the field of facial recognition. For obvious reasons, the client and the project cannot be named.
"It's common knowledge that governments around the world are starting to use biometrics more widely," says Simons, "particularly at airports."
The scale and breadth of the technology available to reliably and quickly authenticate a person extends well beyond fingerprints, with facial and voice recognition, iris-scanning and even vein-scanning gaining in prominence.
The attraction of biometrics is that it provides a secondary means to verify the authenticity and physical presence of the person entering a port, a building, or logging onto a corporate network.
A human failing
Mark Shermetaro, CEO of US-based Lumidigm, says the problem in the enterprise is that people tend to use the same password, which has given rise to the need for multi-factor authentication.
"The problem is that this increases the number of steps an individual has to go through before they can do what they have to do. Frustrating a client is not my idea of good customer satisfaction," he says. "Biometrics is ideal because it's so convenient."
The scale of the simple password phenomenon was highlighted in January this year in a report from password application provider, SpashData, which showed that 'password' had finally been toppled as the most popular sign-in phrase. Unfortunately, it has been replaced by the equally non-secure '123456'.
Even a few years ago, if you had said we would have a million people's biometrics, it would have been unthinkable.Mark Shermetaro, CEO, Lumidigm
Shermetaro says the adoption of biometrics over the past two years has grown tremendously, largely due to it becoming more commercially feasible and reliable.
Lumidigm in particular has made inroads into the market, as its devices read more than the physical prints, using a special technique and algorithm to read sub-surface capillaries. These blood vessels are also unique to each individual and provide a double-authentication method of a far higher accuracy when combined with the conventional fingerprints.
This method also prevents 'spoofing', the movie script-inspired practice of cutting off someone's finger to fool a scanning device.
Enter the future
Turning to the sticky problem of user confidence, and confidentiality of very personal data based on one's physiology, Avanade's Simons says this remains a concern, although far less so in the corporate environment.
"Adoption of biometrics in the enterprise is going to go ahead regardless. The company already knows who you are (so the invasion of privacy is less of an issue). There has been huge adoption worldwide, especially in time and attendance systems, which have saved companies a lot of money, by combating double-clocking where a worker clocks in for an absent colleague."
The most visible and widely used application for biometrics is in access control to buildings. He sees the use of biometrics to enable logging onto a corporate network more as a second authentication measure. Long live '123456'!
Another development that is sure to spur on adoption and raise user acceptance of biometrics is the rate at which it's creeping into consumer devices. A fingerprint scanner has long been a feature of certain laptop computers, while Apple's fingerprint-unlocking feature on the iPhone 5S will bring this technology to millions of users.
"Even a few years ago, if you had said we would have a million people's biometrics, it would have been unthinkable," comments Shermetaro. "Apple has made biometrics cool and also educated consumers on how to enrol and use it as a form of security.
"The biometrics space had previously oversold and underperformed, with only a 60% to 70% success rate. There was also the stigma of 'they think I'm a bad guy', but Apple has now flipped that around."
Shermetaro sees a vibrant and growing market for biometrics, strangely enough in developing economies such as Brazil and South Africa, rather than in advanced markets like the US. Lumidigm has been working with a number of banks in these countries and expects to roll-out fingerprint-enabled ATMs in South Africa this year. As many as 40% of Brazil's ATMs are already biometrics-enabled.
With such technology becoming a feature of everyday life, and systems reaching a price point that make them easily accessible, there's little doubt that an individual's physiology is going to become the ultimate security tool.