Intelligent CISO Issue 43 | Page 50

Biometrics is aiming to change the identity and access management game .
FEATURE

Biometrics is aiming to change the identity and access management game .

Identification answers the question , ‘ who are you ’ – identifying the person as one , among others . Their details are then compared with others stored on the same or another system . Authentication differs in asking ‘ are you really who you say you are ?’. In this case , biometrics allows the person ’ s identity to be authorised by comparing the data they provide with pre-recorded data for the person they claim to be . To verify someone , identification requires a centralised biometric database that allows several person ’ s biometric data to be compared . Authentication doesn ’ t need this , with data able to be stored on a decentralised device , such as a smart card or on a smartphone .
For data protection , businesses should focus on the authentication method due to the decreased risk involved . This is because the ‘ token ’ ( ID card , smart card , phone app etc .) is kept in the user ’ s possession and their data doesn ’ t have to be stored in any database . If an identification process
requiring an external database is used , the user does not have physical control over their data , putting them at increased risk .
Biometric data is considered highly sensitive by the GDPR and should be , as such , strongly protected and carefully managed in respect of privacy laws . Essentially , businesses can ’ t process the data unless given specific consent from the user .
Finally , alongside biometrics , in order to truly be successful , it needs to form part of an overall security strategy . The move beyond the company perimeter brought about by remote working , coupled with the increase in data breaches have rendered the concept of trust extinct . This is where Zero Trust comes in . It is not a specific technology , but rather a strategy with strict and continuous identity verification and control of data in the cloud to minimise trust zones . Zero Trust adds a further level of internal security by ensuring people must authorise each time they want to access something – meaning they don ’ t automatically have access to the entire system – with biometrics acting as the authentication method .
A new frontier
So as businesses expand beyond the border of their network perimeters , some permanently in the era of the hybrid worker , the next frontier in the cyber fight is upon us . Biometrics is set to be a game-changer with its extra layer of security , through the unique identification of users .
For businesses , it should put them ahead of hackers by enhancing their identity and authentication methods , ensuring only those that can access systems , services and information are authorised to do so .
Organisations will likely experience some difficulties to get to grips with biometrics , due to its complex nature and strict regulatory and application frames . Unfortunately , businesses don ’ t have any other choice other than looking towards such highly secure and protective solutions as hackers constantly looking to take advantage of any chinks in the armour .
Businesses that don ’ t have the expertise in-house should look to partner with companies that do or reach out to organisations like the Biometrics Institute , with its primary objectives include sharing best practices and promoting the responsible use of biometrics in both the public and private sectors .
So as the race against the hackers hots up , businesses have a new vehicle to jump on and it ’ s up to them now to stay ahead . u
50 www . intelligentciso . com