Content

SECURITY CAMERA We Have the Technology – Don’t We?

With recent events fresh in everyone's mind, it isn't that surprising that security has been thrust into the forefront, or that access control and authentication have become key issues.

People around the globe have had to reassess their business practices and introduce new technologies into their everyday lives to combat the threat that they feel is now so real. It's not as if the technology was lacking - we already had it, but we were just slow to accept we needed it.

Businesses have since recognized the need to increase their security and even though a downturn was predicted and many companies felt the heat, security has remained high on the agenda for everyone. Passwords, hated by users and administrators for causing endless frustration, are now at last being superceded by the use of two-factor authentication. Although the technology's been around for a while, it has become far more prevalent as a means to gain access and receive authentication as the need to tighten up more than the purse strings has grown. Even the uptake of smartcards and tokens, which have also been around for a while, has been enormous. The increased uptake within financial institutions and other business models requiring high-end security has been fairly well documented of late.

Indeed documents once deemed as evidence of a person's identity, such as a driving license or a passport, have come under scrutiny in the aftermath of Sept. 11. We can see this in the way that new measures are being implemented around the world. There are even trials being held at Heathrow Airport, London, using biometric technology to authenticate, which may ultimately be seen as a medium to replace paper passports. The scheme involves a small number of hand-picked frequent fliers, business men and women who are to be enrolled in this scheme, in what looks like a probationary period, to see just how secure and practical the new system will prove. During this time these 'special' users will only need to use an iris scan, located in the airport, to authenticate prior to flying, instead of using their paper passports. By simply walking up to the new device and looking into it, a scan of the individual's iris is taken. This is then compared to the original kept on the database, if a perfect match is made the user is authenticated. Oh, so simple!

The iris, like the fingerprint, is unique to the individual and therefore fraud is unlikely - that is unless changes are made to the records held on the central database. However, once trials are complete, the authorities are discussing rolling it out to ordinary users who are able to get security clearance. The problem here is that you have to be able to prove who you are before they can issue you with clearance, and if proper screening is to be done, this scheme could take years to get off the ground. Making the change from paper passport to iris scan on an international basis would take a considerable amount of time though. So, it doesn't look as if this is going to be a quick answer to an ongoing security problem. However, it is evident that something must be done to combat the threat of fake passports continuing to provide safe passage for criminals - it's time this practice was firmly confined to the history books.

We've all seen where the dream of a 'paperless society' has got us. Most agree that there is more paper shuffling about now than ever before and that the expectation of achieving this was pie in the sky! With this in mind, it is doubtful that the iris scan, or any other biometric device for that matter, could fully replace the passport as we know it today. However, looking at the diverse solutions currently under development, many with a significant offering for the security conscious, it seems unreasonable to presume that a mixture of the old and the new couldn't work for the better. With strong encryption available and tokens that could presumably be reduced further in size, it may be time to look at ways to combine the two.

In fact, according to the U.K. Passport Office, it is already in the pipeline. A new smart passport has been under development for some time, which utilizes biometrics to improve overall security. How they implement this will depend on the biometric technology that they decide to enforce. Fingerprint, iris scan or whatever, one thing is for sure: it will reduce the risk of known terrorists sitting on your plane. However, as with everything new, there are misgivings, and civil liberties groups have already voiced their concerns over the recording of personal data on such a scale and its potential for misuse. So really it may not be the popular choice, even if it promises to be the securest!

Of course, it's not just at airports that we need to be able to prove our identity beyond reasonable doubt. And all our insecurities are clearly pushing us all towards a new way of working, traveling and living. Business transactions rely on decisions being made, documents being signed and money changing hands, without the need to actually meet face to face. This means that an electronic delivery system must be used with the ability to securely sign documents digitally to ensure authenticity and non-repudiation.

However, that's only half the story - what about 'time'? This is just as important because, if allowed to be manipulated in any way, a contract sent digitally could be intercepted and changes made that could alter the business transaction to the tune of billions! Time also changes as we travel and therefore we need to know where the document originated, including which time zone, who it was sent by and when it was sent. With all this information, it is then possible to prove authentication and provide non-repudiation in a digitally signed, time-stamped transaction that was securely completed over a WAN, Ethernet or Internet connection.

All this makes sense, but again, open text allows a document to be read 'in transit,' giving a competitor or an enemy the heads up on your next move! So once again, technology must be utilized to provide protection, only this time it is something that has been around a long, long time, in various forms. Encryption has been successfully providing 'coded cover,' allowing text to be transmitted securely, for literally hundreds of years. The facts remain - wars have been won and lost by intelligence gathering and so if you want to be a winner - if you've got the technology, use it!

Jayne Parkhouse is reviews editor for SC Magazine.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.