Biometrics: Improving Security for Working from Home
Biometrics has been around for longer than you might think
Biometrics has been around for a long time but has only had limited adoption until recently. I was involved in some of the early commercial biometric devices way back in 2000; the company I was working for at the time investigated the possibility of using them, but back then the false positive rates on the devices we investigated were way too high – either people could not authenticate or it was authenticating the wrong people.
We decided at the time the technology was too unreliable and it was too early to adopt.
Biometrics, for a long time, has been in a strange limbo, for many years we have not seen much from the technology until phones began to adopt it comparatively recently. Some laptops have also had biometric devices which have begun to gain in some popularity, but the adoption has been slow and biometrics exists in a very weird space.
Why are biometrics not more widely used?
Maybe a significant reason people have been resistant to biometrics is due to the privacy issues. Members of the public are, on the whole, highly resistant to organisations having their biometric details, and don’t trust that these organisations will secure these details appropriately and not misuse our biometric prints.
These issues have been a talking point for many, and the subject of a number of articles over the years. People are not yet trusting enough to adopt biometrics in their daily lives, but that trend IS starting to change, with more and more mobile devices and mobile software engaging with the technology, I think it is time to start reviewing the adoption of this valuable technology.
The business world at the moment is being rocked by Covid-19 and with many workers having to work from home during lockdown, there has been a significant amount of discussion about whether or not it would be more beneficial to keep a majority of employees working from home in the future. Many large organisations can see significant cost savings in reducing large corporate office spaces and there is a significant move to investigate possibilities, but before this can happen we need to look at changing the way we handle security.
Security for the ‘New Normal’
As I have mentioned a few times before, there will need to be a significant change in the way we handle security. With more and more people working from home, we need to:
- protect the endpoint from untrusted, less secure, home networks
- start thinking about multifactor authentication for all employee logins
- revisit biometrics as a possible second or even third factor of authentication
Biometrics offers something that many other forms of authentication do not – they ensure nonrepudiation of the individual’s identity, which is extremely valuable when it comes to remote working. For those wondering what that means, by its very nature, biometrics is very difficult – nigh on impossible – to falsify.
User Behaviour Analysis
Another solution to consider is behaviour-based biometrics which has, to date, been has been a rarely used area of security. The principles are that using AI learning techniques, software can learn the patterns of an individual and track them as they utilise protected systems and infrastructure.
Should someone log in then let someone else take the controls, the AI will detect that the individual using the logged in systems is not the correct individual, and will either log them out or challenge them to re-authenticate. This technology, again, has been around a while but has not been widely adopted – maybe it’s time to re-think.
Biometrics are invaluable if you can get around the concerns about securing the biometric data. Couple that with some behavioral biometrics and you have an extremely powerful authentication solution that not only proves the identity of the individual but also provides consistent ongoing authentication as that individual works. By using these two technologies as part of your authentication, you have an extremely powerful tool to the remote working solution.
Changing Security for Changing Times
To conclude, with the world changing and with the workforce becoming more and more distributed, we absolutely need to rethink our access control. Many organisations currently use user / password and hard or soft tokens for their authentication, which is great but if you want true non-repudiation, it’s time to look back at biometrics. With more devices integrating biometric technology, we are in a good space to begin looking at biometric authentication seriously, rather than as an amusing niche technology. Times are changing and we need to change with them.
So, if you are looking for some ideas on how to protect your organisation and its remote workers, be it with biometrics or any other solution, give us a shout. We have the knowledge, expertise and the partnerships.