Question
How are biometric technologies being deployed, and how likely are they to be deployed in the future?
Answer
Biometric technology has been deployed for a number of reasons, including physical access control, protection from identity stealing, strong authentication for application access, secure check cashing (this technology can compare a user’s face against a database), voice-activated transactions and access to PDAs and other mobile devices and platforms. These applications use biometrics to provide uncompromising authentication.
Biometrics will increasingly be deployed to meet the requirements of personal privacy legislation under GLB in financial services and HIPAA in health care.
Facial recognition viewing systems will be employed to identify criminals and will certainly be deployed as part of the homeland security initiatives.
Question
What are the benefits and successes of biometric technologies?
Answer
Biometric technology authenticates users based on the unique characteristics of an individual user. These characteristics are not easily stolen, lost, forgotten or imitated, making biometrics a better alternative than token technologies such as smart cards and other “tow factor” authentication systems. Biometrics has been successful as part of both physical and technology access solutions. Biometrics does reduce costs associated with users forgetting passwords--help desk costs for this activity range from $25 to $75 per reset.
Question
What are the challenges to the deployment of biometric technologies?
Answer
Authentication is one of the three As--authentication, authorization and accountability--for user administration and control. Though authentication is critical, solving the other two are challenges that enterprises must address first. It is difficult to administer authorization for access to applications or data in a large organization with tens of thousands of users. This will require significant expenditure to solve and will push biometrics to the back burner in the near term.
One of the knocks against biometrics, especially voice and face recognition, is that the system has high false positives. This means an authorized person is denied access because the system cannot process and match to the database even slight deviations in an individual’s appearance.
Smart cards and other two-factor solutions have become the accepted form of strong authentication systems. Companies have a significant investment in this technology, which works close to 100% of the time (compared to 90 to 98% with biometrics). This makes biometrics a tough purchase decision. The department of defense just issued its one-millionth smart card--evidence of how entrenched and successful two-factor authentication is. An organization of that size would be hard-pressed to switch to a new technology any time soon.
Question
What should biometric vendors do to accelerate the deployment of biometric technologies?
Answer
Biometric vendors must continue to integrate closely with three As solution vendors such as IBM, RSA, Netegrity and CA. Biometric vendors should partner with online information solutions, including portals, online exchanges and other intranet infrastructure providers. Targeting financial services and health care verticals will lead to early wins and long-term recurring revenue.
Targeting universities and health clubs will help educate and broaden the acceptance of biometric technologies among a diverse user base. These systems should be sold at deep discounts in order to provide the technology as an educational and viral marketing activity.
Vendors should also focus on wireless technology providers. They will be integrating voice biometrics into cellphones to enable strong authenticated purchasing.
Question
What should enterprises keep in mind when considering biometric technologies?
Answer
Enterprises must remember the problem they’re trying to solve and stay focused on it. If strong authentication is the business or security driver, then biometrics is a good solution. But other forms of two-factor authentication need to be considered. If the problem is implementing a corporate-wide user permission control system, then biometrics is a good solution for the strong authentication part of the problem. But authorization and accountability must be solved; indeed, these two issues should be targeted first before biometrics is undertaken. Enterprises must also consider whether their online platforms are biometric-enabled.
The Yankee Group originally published this article on 7 October 2002
