Make biometrics part of your security strategy

by Michael "Mullins CCNA, MCP" | Jul 21, 2005 7:00:00 AM

Tags: Authentication/Encryption, Michael Mullins CCNA, MCP, Biometrics technology, security strategy, biometrics, security, ID card, Security Solutions Newsletter

Takeaway: While biometric solutions have been available for two decades, the technology has seen only a very gradual acceptance. But biometrics has had time to evolve, and Mike Mullins says it's time to integrate some applications into your organization's security architecture. Find out what he suggests.

Biometrics technology is the stuff science-fiction movies are made of. For decades, we've glimpsed the future of iris scanning, voice recognition, and fingerprint scanning—all in the name of total security.

When biometrics first emerged for computing in 1984, the industry touted it as the cure for the common password. Through the 1990s and early 2000s, several computer hardware vendors tried to entice security-conscious organizations into changing their security authentication models from something you know (such as long and complex passwords) to something you are (such as finger, hand, or voice prints).

But let's face it: To date, the industry has seen only a very gradual acceptance—and often reluctance—to change the standard. New security technology is often hard to accept, particularly in its early stages. However, biometrics has had time to evolve, and it's time to consider integrating some specific biometric applications into your organization's security architecture.

Lock down physical access

If you work in a midsize to large company, ID cards are acceptable as an initial entry mechanism for your exterior controlled spaces. What about after someone has made it inside the building?

Biometrics that use hand geometry or fingerprint scans offer an affordable and scalable solution that can help put an end to that never-ending task of key changes, ID card programming, and door security combination changes. Users are human, and—more often than not—they won't hesitate to loan a key, hand over an ID card, or give out the combination to a door to help someone do his or her job.

It's often difficult to detect this type of misuse, and it can be tough to punish a person if the results of that misuse help the company. But by deploying a biometric entry system for interior sensitive spaces, you can greatly increase the security of those spaces. In addition, you can significantly decrease the change time between granting access and removing access without disturbing current operations.

How much time and money does your company spend changing locks, key codes, and ID cards after an employee no longer requires access? Do the math, and make a pitch based on your calculated savings—you'll win every time and increase your overall security posture.

Secure machines on the move

For most organizations, laptops are part of the computing environment. Some companies assign a laptop to a specific user; others assign laptops to departments, and a pool of users share them based on travel needs.

However, using passwords on laptops can pose problems. These issues include:

• Forgotten passwords: Whenever a user forgets the laptop password, you must change the old password and create a new one before anyone else can use the machine.
• Shared account: Instead of providing each user with an individual account on a laptop, some companies create a shared account with a simple or no password—and that means little or no protection for corporate data.
• Locked accounts: Does this situation sound familiar? A user on a business trip working in a hotel room at 2 A.M. forgets the password and therefore requires after-hours support. This can be the most dangerous scenario because you're more likely to give out the admin password. That means you'll need to change every machine that uses that password immediately.

Using biometric technology, you can better protect your corporate data and your users by enabling them to access the machine without requiring them to remember a complicated password. Determine how much time you spend on laptop access, and you'll likely be able to justify any additional costs associated with biometric access.

Final thoughts

Biometrics can't cure all of your access authentication problems. If a user loses a laptop that contains sensitive data, that data is still in danger.

However, biometrics can simplify and increase your control over your organization's assets. Integrate biometrics within your organization, and gain greater control and flexibility over your security architecture.

Miss a column?

Check out the new Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

Print/View all Posts Comments on this article

I think more people need to think this way tsecret@... | 07/22/05

Quality hardware required notblocker@... | 04/18/06