Is Your Enterprise Authentication Strategy Secured by Biometrics?

Posted by Claire Scholz on 28 January 2019
Find me on:

In the past, the enterprise has been slow to advance biometrics used for authentication. That is all about to change, or perhaps, it’s already changing at a rapid pace. According to a recent Spiceworks Study, nearly 90% of businesses will use biometric authentication technology by 2020. That is only one year away, is the enterprise ready for biometrics? 

Identifying how a business can leverage current and future biometric technologies will be a challenge, but one that could reap significant rewards. 

What is the current issue that the enterprise faces? User populations are growing, issuing and managing authentication credentials is problematic and costly. Hardware tokens must be physically shipped, users may forget passwords and PINs, and certificates must be issued, renewed and revoked. 

The most challenging areas and functions for security teams to defend are mobile devices, data in the public cloud, and user behavior. These, if left unaddressed, leads to the worldwide issue of increasing number of data breaches. In 2017, there were 1,765 data breaches - exceeding over 2.5 billion records in total. The industries with the highest number data breach incidents were healthcare (27%), financial services (12%), education (11%) and government (11%). 

So, how can an enterprise move forward and build a strategy for consuming biometrics to solve  the customer experience, increasing costs and lack of security of traditional methods?

Remember those mobile devices living in everyone’s hands?... Why not leverage the biometric capabilities that users already own? 62% of smartphone users and 56% of tablet users already bring their own devices into the workplace. The expansion of mobile biometrics is breaking down the barrier to adoption — no longer requiring expensive hardware to implement. 

Now, we know that passwords won’t be replaced overnight so how can the enterprise work to phase them out?

From a security and user convenience perspective, it’s important to consider biometrics as part of a comprehensive multi-factor authentication approach. Biometrics used in combination with passwords, risk-based analytics or other complementary authentication methods allow for a user’s experience to remain similar in the phase out. For example, an enterprise could replace current multi-factor authentication using a token with a push notification to a user’s mobile device to prompt for biometric verification.

It is important for the enterprise implementing biometric authentication to take a risk-based approach. Biometric authentication may not be the right choice for every use case. Start with one that provides greater security and cost-based advantages. Every enterprise has applications or web portals that allow internet-based access to sensitive or personally identifiable information. Are these applications protected with only a password? If so, smartphone biometrics can provide an efficient and cost-effective way to add a second factor of authentication, as explained above. 

Biometric-based authentication has come a long way in a very short period of time. Where is it going next? In the process of evolving, biometrics have become less intrusive, more convenient, all while continuing to add levels of security. This trend will continue as more solutions emerge that rely on methods that are less invasive to the user. Methods such as behavioral biometrics don’t require any action other than users just doing what they would normally do. Combined with machine learning and risk analytics, biometrics are on their way to shaping a future in which authentication ultimately becomes completely invisible to the user.  

 

To speak with an expert on how an enterprise can leverage biometrics to secure applications and business processes, request more information here.