Product Details
Product Rating
Biometrics (2003)
Biometric technology has met with misunderstanding in the past, but its benefits are becoming integrated into mainstream security. By Julian Ashbourn.
We are about to see many more implementations of biometric technology, particularly in relation to public services. If we take travel-related applications alone, there have been technology trials and pilot applications in the U.S., the U.K., the Netherlands, France, Australia, Singapore, Japan, and other regions. In the banking area there have been similar trials in the U.S., the U.K. and elsewhere, mostly very well received by the public.
Many countries are considering national identity cards incorporating a biometric. Malaysia already has one. The next generation of passports (as recommended by ICAO) will feature biometrics. Physical access control and time recording applications have featured biometrics for some years and are well established all over the world. Similarly, we have been using biometrics in prisons, cafeterias and libraries for some considerable time.
Seeing the possibilities
So, if in the public consciousness biometrics has hitherto been regarded as some newfangled emerging technology, all that is about to change. Public awareness of biometric technology and how it might be used is about to shift gear. This will cause many IT directors and systems administrators to take another look at the possibilities of using biometrics in the office for workstation and network access. The cost equation may still be a little difficult for some to justify, depending upon the perceived security risk (remember, it is not just the cost of the hardware and software, but the total cost of implementation).
But what of the IT industry itself? We are now seeing biometric sensors built into notebook computers, PDAs, keyboards, mice and other devices. Forthcoming operating systems will support biometric functionality and there already exists a wealth of software facilitating workstation and network access control. The big IT services organizations are certainly aware of the possibilities and (mostly) ready to rise to the challenge.
Weighing up the benefits
Is it time for the busy IT security manager, network administrator, or applications developer to take another look at this technology? If so, with what expectations? One of the barriers to acceptance of biometrics in the workplace to date has undoubtedly been a misconstrued expectation of what the technology can actually achieve. Disappointment that the technology isn't perfect has often been expressed. But of course, no technology is perfect. Indeed, such an expectation is somewhat ironic in the field of IT.
More pertinent perhaps is the provision of a significantly enhanced confidence as to the true identity of an individual accessing the service. Understanding this factor and what benefits it might bring to your organization is the key issue. Do not expect that, with the use of a biometric device, you will never experience an error. You will, and you will have to develop exception-handling processes to deal with them. Instead, balance the performance and reliability of biometric identity verification against alternative methods.
The applications and trials mentioned in the first paragraph were not entered into because they expected the technology to be perfect, but because the use of the technology was perceived to offer real operational benefits. In the majority of cases, these benefits were realized in practice, even with much larger user populations than will be encountered in the typical office environment.
It is feasible then that, in many instances, the adoption of biometric technology will provide considerably enhanced access control to your workstations, networks and applications, if this is what you are seeking. However, the implementation of such technology must be well considered if the potential benefits are to be realized.
We must understand environmental and operational issues, user psychology and acceptance, data protection and privacy issues, and of course the overall security architecture. It is not enough to just plug in a biometric reader and walk away. This is a key point and one that has, together with other factors, slowed the uptake of this technology.
It is time for organizations, public and private, to really understand what biometrics is about and provide proper training for both support personnel and regular users. Now is the time to get to grips with this technology.
It is time to undertake another of our product reviews, wherein we sample a selection of contemporary offerings in order to offer you a flavor of where the technology is today.
This time around, we have an interesting cross section of conventional and slightly less conventional products. Biometrically secured data storage via portable tokens is an interesting concept and the integration of biometric sensors into keyboards and other peripherals has matured considerably compared to early implementations.
Biometrics - What next?
When we first looked at biometric products at SC Magazine, there was a healthy degree of skepticism around their use. Everyone was familiar with the concept, but who was really going to part with hard-earned profits to implement an enhanced layer of security that most users didn't really understand? There were a few brave souls, and several trials of the technology in the public sector, but uptake was a little on the slow side.
Coming into the real world
Since then, we have seen a certain amount of rationalization in the biometric vendor industry, coupled to a more realistic pricing model and a better integration into popular operating environments. Consequently, both awareness and actual usage have increased. Biometrics is no longer sneered at as James Bond toys for the bored technocrat - the methodology is now taken very seriously. With the next generation of passports set to include biometrics, and various national identity cards likewise, we shall see an even greater usage of this technology.
The innovative Malaysian MyKad card, for example, uses biometrics on a chip card as a multi-application token to be used as an identity card, driver's license, travel card, ATM card and more. Other countries will be watching such developments closely.
But what of the technology itself? Matching algorithms will need to improve somewhat for facial recognition, while for other techniques such as fingerprint and iris recognition they are already quite strong.
As for the devices, cast your gaze to Asia. We predict that Korea and China in particular will be producing low cost, reliable devices with strong performance, making biometric capture devices something of a commodity.
Taking the broader view
This will shift attention towards the software side of things, with more adventurous and more robust applications emerging. We shall also see a greater level of integration with chip cards and certificates, coupled to an increasing appearance on mobile devices and computer peripherals.
In three years time, biometrics will no longer be considered an innovative or 'new' technology. It will simply be integrated into broader systems - which is where it should have been all along.
