dcsimg

Biometrics Not Quite Ready for the Enterprise

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  
Little yellow sticky notes cling to computer screens throughout Americanoffices, displaying users' passwords for coworkers, bosses... andpossibly hackers to see.

The passwords, generally as simple as a relative's birthday or a pet'sname, have long been too easy to steal, and they're just not workinganymore, analysts say.

What's the solution?

Biometrics and smartcards are the best solution, according to industrywatchers. But don't throw your password away quite yet. For now, justkeep changing it every few months and rip that sticky note off yourmonitor because the biometric industry may need up to five years to workout all of the kinks.

With passwords continuing to become more of an IT security nightmare,analysts agree something needs to change because too much vital corporateinformation is at risk simply because of weak passwords. Analysts arelooking at smartcards, along with biometrics -- authentication techniquesthat check a person's physical characteristics, like a fingerprint oriris pattern -- and some behavioral aspects like keystroke patterns.

''The password is becoming obsolete and hackable,'' says Mike Miley, vicepresident and chief technology officer for Science ApplicationsInternational Corporation (SAIC), a research and engineering companybased in San Diego, Calif. ''You never want to rely on any one identityanymore.''

With passwords wearing out their welcome, biometrics and smartcards arenext in line.

Biometrics are just further down the road. Analysts agree that smartcardswill be more widely utilized in 2005 than biometrics. But they say thecombination of the two identity verification methods will be the mosteffective way to access networks in the next five years.

Smartcards the first step

''The (smartcard) industry is a slowly building industry,'' says EarlPerkins, vice president of security strategies with META Group, anindustry analyst firm based in Stamford, Conn. ''Many computer companiesare starting to install contact or contactless readers for smartcardsright into PCs.''

But credit cards, drivers licenses and other forms of ID are losteveryday. The smartcard holder, however, will have an easier way to gettheir card back, quickly.

''You need an easy way to re-enroll or get a new card,'' says DavidFisch, a consultant with the International Biometric Group, LLC, abiometric security consulting and services firm with bases in New Yorkand London. ''The template takes random parts of the fingerprint andstores it so the user can easily get a new one.''

This use of multiple forms of identification is the key to securingprivacy, analysts say.

''Combining something you have, something you know and who you are ismuch stronger than anything else,'' says Miley.

Richard Fleming, chief technology officer and co-founder of DigitalDefense, Inc., a security services firm based in Dallas, says biometricsare the pinnacle of authentication.

''You are identifying the individual person by the fact that you knowthat this is your thumbprint attached to your warm body. It is a step upand beyond all other authentication methods.''

Miley says the next five years will see a large focus on identityproofing, using the combined powers of smartcards and biometrics. He saysthe cost of installing biometric tools onto PCs is coming down, which isgreatly due to the U.S. government's interest in the industry.

''The government is dedicated to testing biometrics for large- scaledeployment,'' says Miley, noting that the U.S. is interested in usingbiometrics in areas such as immigration and Homeland Security.

With the government pouring money into the research and development ofbiometrics, analysts say, the technology will become cheaper and morewidely used by the year 2010.

The Financial Angle

A major driver in the deployment of smartcards this year will be money,according to industry observers.

While a smartcard with a Simchip will cost a company about $10 to $15, abiometric devise, such as a fingerprint reader, runs at about $80 to $200per user, Perkins says. ''When you multiply the (biometrics) costs by 10or 30 employees, it is just not cost effective.''

Fleming says the high cost of biometrics has been prohibitive.

''Biometrics have been increasingly expensive to date,'' Fleming says.''The security component of IT budgets will increase over the next twoyears to 18 months, and will continue to increase after that.''

But Fleming says the cost for companies to install biometrics has alreadystarted to decline, and will continue in the same direction.

Fleming says the biggest challenges for biometrics at this point remainin infrastructure and levels of standardization.

''People may not want to buy another devise and install it onto theircomputer,'' Fleming says. ''The industry will have to agree on what kindof technology to deploy. If users don't know what to use and when, theymay just decide to do without.''

Miley says while there will always be privacy concerns, the ability touse biometrics as protection will become commonplace.

''There are lots of efforts now to use biometrics as a way to protectone's privacy, not as an invasion of privacy,'' Miley says. ''In fiveyears, we will see biometrics as a primary component of securitymanagement.''

Submit a Comment

Loading Comments...