19 September, 2018
category: Biometrics, Corporate
By Alexey Khitrov, CEO, ID R&D
As we’ve seen from headline after headline, the inability to safeguard sensitive business systems and data can – and likely will – have devastating consequences for enterprises. Attacks that interrupt business continuity, or data breaches that expose trade secrets or private customer information, leave enterprises with unexpected costs and a damaged reputation that can be difficult to turn around.
At the same time, it’s employee behavior that is the biggest risk factor for enterprise security. In order to be productive, today’s workforce must have easy access to critical systems and data, often from multiple devices. However, many employees continue to be careless with their security credentials or leave active sessions unattended. And then there are the intentional threats, where a disgruntled former employee or other such party purposely tries to exploit credentials they still possess.
With a biometric security strategy, employees will complete the act of logging into enterprise systems simply by greeting their devices … never again will an employee have to contact a network admin to reset a password – because there won’t be one.
Password-based security is what most enterprises use to secure employee access today. It’s a method, however, that’s becoming less effective and more cumbersome, to the degree that passwords are widely seen as destined for obsolesce.
The user experience is a key element in the success of any security practice: methods that include too much friction are less likely to be properly adhered to. Where efficient methods aren’t provided, enterprise employees will naturally be tempted to take shortcuts. Unfortunately, passwords are only getting more challenging for enterprise employees, who face requirements to use more complex passwords, change them more often, and may also be responsible for remembering multiple passwords to access different systems within their organization. In the worst-case scenarios, employees will abandon best practices and adopt behaviors that negate security, such as writing passwords on sticky notes attached to their devices.
The promise of biometric technologies is being able to perform a bit of jujitsu that flips employee behavior from a risk area into the very means by which individuals can be authenticated. Given that the user experience is intrinsically tied to effective security practices, the goal is to achieve authentication via a method that is both frictionless and fully secure. With biometric security, the employee is functionally his or her own password; each individual’s voice, face, or other identifying features can serve as the basis for authorizing access.
With the support of machine learning and AI, biometrics can now recognize patterns within each individual’s behaviors that are just as unique as their fingerprints
Moreover, biometric technology has been making significant recent strides – with the support of machine learning and AI – to now recognize patterns within each individual’s behaviors that are just as unique as their fingerprints. This means that employees’ natural behaviors, such as the cadence with which they type on a keyboard, the way they press and move their finger across a touchscreen, and even the way they walk across a room can all be used to accurately verify their identities. In addition to allowing everyone to feel a little more special, these biometrics have the power to make passwords a thing of the past. The technology has the ability to defeat Mission Impossible-style spoofing attempts as well: an attacker wearing a mask, holding up a photo, or playing a voice recording of an authorized person will be seen for what they are and denied access.
With a biometric security strategy, employees will be able to complete the act of logging into enterprise systems simply by greeting their devices, or even by how they stride to their desk. Never again will an employee have to contact a network admin to reset a password – because there won’t be one. Those same behavior-based security measures will also protect credentialed sessions. If another person tries to use an unguarded or stolen device, their own typing or swiping will give them away as an unauthorized individual. In this way, biometrics can offer employees and enterprises a fully frictionless experience that is much more immune to hacking and employee error.
Alexey Khitrov is CEO of ID R&D, a developer of next generation biometric authentication solutions that enhance user experiences across devices.