Convenience and Security - the Only Way to Get Near Perfect Adoption
When you’re looking to set up your entire cybersecurity system for maximum adoption, and want to ensure compliance with your policies, the only way to accomplish this is to make it easier to do the secure thing than it is to do the insecure thing. That’s security engineering 101.
Many MFA solutions fail to do this, sacrificing convenience in the name of security. To avoid costly fines and prevent ransomware attacks, this can seem like an annoying but necessary trade-off. After all, if the choice is between “do the annoying thing” or “lose millions of dollars and customers because ransomware is holding your systems hostage”, you’ll go with the annoying thing.
It doesn’t have to be that way.
With identity and access management, particularly with the use of biometrics, you can move all of those permissions and abilities to a centrally managed hub. This not only improves your overall security (back to security engineering 101: fewer people with keys to the castle means decreased risk), but also forces a certain amount of compliance. You can’t exactly hand out your face for Colleen in Accounting to use when she forgets her key (I hope).
If you’ve had Active Directory and Windows machines in use in your organization for a while, chances are you already have permission levels and access that are potential risks. Moving to a biometric, passwordless solution will require a certain amount of access auditing as you grant the varying levels of permissions through setup. This will help find and clean up rogue admin accounts, and also move your entire organization closer to an administrative model following least-privilege. This type of audit about who has access to what is commonly a part of the comprehensive data audit needed to determine compliance with CCPA or GDPR, as well.
This type of protection against unauthorized access is an essential part of passing a myriad of security audits, most notably, SOC 2. Imagine ticking off all those boxes - no unauthorized access, secure identity authentication for anyone entering, and clear timestamps of when that specific person has entered a sensitive room.
Instead of cards or physical keys combined with pin-codes, which can be easily shared or lost, set up an iris scanner to guard entry to rooms or buildings that need to be kept secure. Futuristic and cool on your front door (like at our ImageWare offices), yes, but also a significant improvement in centralized security and permissions. No worrying about keys being copied or handed out to people - your central IT or security team controls whose iris scans are permitted in which rooms.
And all of this is based on a level of security around biometric information that people are comfortable with - at least, if you’re using ImageWare’s solution.
The concern many people share is based on the ethical use of their biometrics, particularly for work. Your face, fingerprint, palm, and other biometrics are personal parts of you, and it’s reasonable not to want to hand over your face or fingerprint to Corporate for processing. You also don’t necessarily want to rely on their third party vendors for accessing and storing your personal biometric data; as in the case with Suprema, they may spend so much time focusing on a pretty user interface that they forget basic best practices in their data management.
However, ImageWare’s systems don’t rely on keeping your face (or fingerprint) on file. In fact, it doesn’t have to be your personally identifiable information being stored or referenced at all. Taking facial recognition as an example, a user is enrolled in the system by scanning the topographical features of the face, with calculations run based on the geometric relationships of those features. Algorithms are run on those calculations to create a biometric template, and matching that is what is used to log in. We use an opaque identifier to then match authentication requests against what we have in our segmented, secure database(s), and that’s what grants access to a user.
On top of that, for facial recognition, we have industry leading anti-spoofing technology in place through Biointellic™.
To turn it into a highly simplified metaphor, your biometric template is stored in a file with a little tag on it, in a filing cabinet, which is one of many cabinets in multiple buildings in multiple places. When you want to log in, or approve a transaction, the system sends the database the tag associated with you, and it’s matched to the tag on the file in the filing cabinet. No personal information or contact details are attached to this template, so it is useless for any other purpose than authenticating access rights.
You walk up, hold up your tag, we check for a matching tag in our system, and then when it’s there, we let you in.
From the end-user’s perspective, the way it works is:
- Look at (or hold your body part up to) the camera - either on your phone, laptop, fingerprint scanner, iris scanner… etc.
- Let the scan do its thing - usually, it’ll be done before you feel the need to blink.
- Get access. Or don’t, if you’re doing something you shouldn’t.
Options also mean your users aren’t restricted to a biometric authentication method that may not work in every situation.
Don’t want to use facial recognition before 8 am? Try voice or palm instead.
According to law enforcement agency data, 30% of the global population don’t have a recognizable fingerprint to use for authentication. So, if you wore yours down playing a musical instrument as a jazz musician, or otherwise fall into that section of the population that doesn’t have a readable fingerprint? Face, palm, or voice!
In a loud room, or in an office environment where talking to your computer is weird? Try iris scan, or palm...you get the picture.
Using biometrics is enormously convenient, and when you can feel confident that the data is securely processed, securely transmitted, and virtually impossible to steal, it’s also the most secure way to handle access and identity management. When the most secure solution is also turnkey, integrates seamlessly with an enormous range of comprehensive identity and access management platforms, and takes less than 15 minutes to get up and running in your organization...there’s really only one question.
Why are you still using passwords?
Talk to our team today and learn more.