New Report on Enterprise Biometric Vulnerabilities and Opportunities

Bio Vulns - crop.jpg

Authentication in the modern enterprise is becoming more difficult.  The risks are rising, but adding more security controls can impede workers and are difficult to integrate into legacy systems.  Biometrics may be a better path to improve security while not adversely impacting the user experience.  But there are risks.  Biometric systems are not without vulnerabilities themselves.

ABI Research has recently published an infographic showing a comprehensive view of biometric system vulnerabilities as well as a whitepaper talking to the recommendations for enterprise environments.

The traditional username/password method is entrenched in most businesses, but in desperate need of improvement.  A sole reliance on passwords to gain access to devices, networks, and data is proving to be weaker as attackers are getting better at undermining them.  Passwords can be hacked, social engineered, and are a major source of vulnerabilities.  Once compromised, they open a vast number of doors for attackers.

Passwords alone simply are not good enough.  Users as well as system administrators find them difficult to manage.  Changing the status quo is difficult, as the majority of business processes are built to support passwords and workers typically adverse to new security practices.

Biometrics have been in use for some time in limited ways.  Considerable advances have brought the technologies forward to meet some of the challenges to drive broader adoption.  This has created very complex ecosystems to satisfy a variety of demands.  But like any technical authentication system, there are potential vulnerabilities at every step.  The key to improved biometrics security may be to simplify the technology to lessen the number of vulnerable points of attack.  Cost, user experience, and risk aspects must be recognized and proactively addressed for any additional controls.

Reducing risk.

Multi-Factor Authentication (MFA) reduces the risk of compromise as it does not suffer from the reliance on just one method to grant access.  Attackers must compromise at least two different controls.  The downside is by adding additional factors, it can undermine the user experience to the point of affecting productivity and acceptability.  Having biometrics satisfy one of the factors in MFA, holds the potential of reducing the friction users must endure, while improving the overall security of the system.

User Experience.


Automating the awareness of the user can make authentication a seamless experience.  We automatically carry our biometrics with us.  Nothing to forget, lose, or break.  Advanced technology can make the process even easier.  For example, the tracking of a user’s face while in front of their laptop can make the device aware when they walk away to get a cup of coffee and leave the system unattended.  The system can automatically lock the screen.  Conversely, when the logged-in user returns, the system can recognize the familiar face and automatically unlock the system.  Such an experience is beneficial to the user while keeping the device safer.

Managing Costs.

Nobody wants to spend money on identity security.  Yet, there are a plethora of peripherals and secondary devices which enterprises purchase, maintain, manage, and service.  Fingerprint scanners, hardware card readers, and digital USB keys are popular but incur additional costs and frustrate users who have to carry the gadgets and cables.  What if devices themselves had integrated and trusted components which could do the authentication work?  Specialized cameras, microphones, fingerprint scanners, and electronics to securely match the profiles locally on the machine may be the path forward.  Hardware which is optimized and secured, supplanting the need for users to deal with secondary peripherals, could lower the overall total cost of ownership for enterprises.

Is biometrics the answer?  Well, it is one answer which is growing in popularity with organizations seeking better security, employee productivity, and paths to reduce costs.

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.