Access Control & Identity--Who Wants Access?

March 14, 2013
Biometrics adds another level of authentication

For many years now, IT professionals have become more and more active in discussions about physical access control systems and there has been an active debate about the need for convergence between physical and logical access. IT managers use electronic means to secure logical assets; security managers use physical access control methods to secure facilities. On the surface, it would seem that both departments would benefit greatly from collaboration since both of their problems boil down to permitting access to the right people.

With such an obvious synergy and benefit to taking a more holistic view of enterprise security, why hasn’t this yet happened? What are the real barriers preventing companies from moving in this direction?

Perhaps one of the answers lies with the fact that we’ve been more focused on the “what” than on the “who.” If organizations are really going to make a meaningful impact on protecting their assets, whether physical or virtual, it’s most important to focus on the “who” —and coordinating that task between IT and security is becoming important.

Who was that (really)?

Although privileges are assigned to people, it’s not always clear who is entering a password or who is carrying an RFID card. The risk of not knowing “who” varies from asset to asset. Is it enough to be the holder of a swipe card to enter a parking garage? Probably. How about to access a medical record? Absolutely not!

It is in this context that biometrics is playing a larger role in securing facilities and assets of all kinds. With the introduction of multispectral imaging, biometrics has become reliable enough to deal with the fundamental issue of knowing “who” to a much higher degree of confidence.

In fact, by linking physical identity to a myriad of digital identities, converged identity and access management solutions become much more powerful. There is no meaningful access management without first establishing the “who” in transactions. Who is accessing my facility? Who is punching the time clock? Who is withdrawing funds from that ATM? The question is always, “Who?”

Thus, while access and authorization have always been granted to individual people, knowing a password or having a key is only superficially related to the authorized person — and neither can establish who exactly that is. Only biometric technology can do that.

It’s more than just about security

We’ve all seen it: business grinds to a halt after the deployment of a new security system. Designing an authentication solution that is both secure and convenient—that’s where the value is for the customer.

Convenience in an authentication solution is ease-of-use, accessibility, speed and all of the other things that become important to an organization after the primary objective — security—is met. Staffing help desks to reset passwords or reissue swipe cards while the employee is standing by is not an efficient use of resources. Nurses on a hospital floor cannot waste valuable seconds fumbling with the numbers and special characters in a password when accessing medical supplies.

A biometric solution can lower risks, reduce costs and improve efficiencies. It can meet regulatory requirements, provide an audit trail, and facilitate transactions, all without getting in the way of business. Today, biometric solutions authenticate people requiring access to secure facilities, sensitive records, government services, and controlled substances. The possibilities and benefits are real if the biometric is chosen carefully.

Security integrators are already aware that biometric technologies and scanners are not created equal. Some optical sensors work very well when the finger is clean and prepped with lotion. Is that convenient? Other sensors work perfectly—on the third or tenth try, while a line forms behind the user. These situations are the cases that cause security managers to abandon an application.

On the other hand, multispectral imaging is capable of overcoming the myriad of fingerprint capture problems that conventional imaging systems have in less-than-ideal conditions. The high performance delivered by multispectral biometrics affects more than security, it allows authentication to recede into the background while authorized people go about their business. That’s no compromise, that’s convenience!

What about customers?

Because biometrics can be so quick and easy to use, they are ideal for customer-facing applications. Today, financial institutions around the world are embracing multispectral fingerprint biometrics for authenticating customer transactions. In addition to enhancing transaction security, banks are able to provide additional convenience for their customers because there is no need for training; customers just present their finger at the ATM.

Biometric patient authentication is becoming important for reducing medical errors and for minimizing fraudulent access to healthcare. Government and private insurance programs around the world rely on multispectral fingerprint biometrics to prevent fraudulent use of the policy. Officials at one government program report that the biometric actually facilitates faster access to medical service by authorized patients while saving costs.

Theme park access is a customer-facing application where convenience plays a special role. To prevent ticket fraud, one major international theme park wanted to be able to link each ticket to a specific customer. However, because the overriding goal was to create a positive environment for paying customers, there couldn’t be even the illusion of a barrier between a customer and the park. The transaction had to be quick and intuitive for anyone to use. It’s significant to note that this biometric solution did not require identification of the customer, assuring the privacy of guests. Multispectral fingerprint authentication was chosen for its reliability and convenience. As a result, the solution reduced transaction time, enhanced customer experience, and reduced ticket fraud.

This scenario is being repeated in other commercial customer-facing situations, such as membership-only fitness clubs, large sporting events, nightclubs and other places where it’s important to maintain convenience for the customer, even during an authentication transaction.

An enterprise-wide authentication solution

IT managers have their hands full. Threats are coming from every direction and on top of it all employees want to use their own devices. Users hate security solutions that simply get in the way of them doing their jobs. Multifactor authentication is becoming a must, but the difficulty of managing point solutions is increasing risk, not reducing it. And the smartest smartcard still cannot assure the organization that the person holding is it the person it was issued to. They need to know “who.”

Security integrators know “who.” They’ve been integrating biometrics at the door for some time now. Perhaps it’s time to walk across the hall and have a conversation with the IT manager about integrating biometrics into an enterprise-wide authentication solution.

Home

Lumidigm Inc.

Oct. 3, 2011