Stronger security technologies such as biometrics and public key infrastructure (PKI) are at the heart of companies’ future IT security plans, according to the latest silicon.com CIO Jury.

With recent issues around the possible introduction of a national biometric ID card and various ID and password theft scams, we asked our panel of CIOs if stronger authentication for either employees or customers is a part of their longer term IT strategy over the next five years.

Two-thirds of our 12-man panel came out in favour of biometrics and PKI – ranging from very small-scale specific uses to enterprise-wide schemes – four against.

Graham Yellowley, director of technology at Tokyo-Mitsubishi bank, said he is looking at both PKI and biometrics.

“We will be implementing PKI early 2004 and we are evaluating biometrics for all employees, though this will probably not be implemented in 2004. We would like biometric access for systems access and for security door access,” he said.

Martin Armitage, head of the global information organisation at Unilever, said the company is already using PKI for mobile user authentication. Gavin Whatrup, IT director at advertising agency Delaney, Lund, Knox, Warren & Partners said biometrics have the potential to boost the whole flexible working trend.

“Biometrics will play a useful part in securing the mobile worker and reducing the support overhead attached to PDAs and laptops. And as other parts of the mobile equation improve and reduce in price we can then start to make intelligent decisions about how flexible working can best benefit our organisations and clients,” he said.

Some users see the government’s proposed biometric national ID card as something that could help set standards and accelerate the adoption of such technologies in the private sector.

Pete Smith, IT and telecoms director at satellite communications company Inmarsat, said everyone could be carrying a ‘smart’ ID card in a few years.

“When this happens it could be used as part of a PKI scheme for authentication on company computers. Smartreader technology is already low cost – look at most of the laptops currently shipping and they already have these readers built in,” he said.

Nick Clark, director of IT services at Tower Hamlets College, said it is unlikely that any of these technologies would be sufficiently affordable, user-friendly and secure.

“We will also wait for a steer from the government as we wouldn’t want to set-up anything expensive for our students that wasn’t compatible with a national ID scheme,” he said.

Cost, complexity and reliability remain as barriers for the remainder of the CIO panel. Frank Coyle, IT director of John Menzies Distribution, said the level of security should reflect the actual problem.

“Introducing complex security technologies, which are not appropriate, to the problem carries the risk of adding cost, reducing flexibility and acting as an artificial barrier to the business,” he said.

Today’s CIO Jury was…

Martin Armitage, Head of Global Information Organisation, Unilever
Ian Auger, Head of IT and Communications, ITN
Nick Clark, Director of IT Services, Tower Hamlets College
Frank Coyle, IT Director, John Menzies Distribution
Ric Francis, CIO, Safeway
Derek Gannon, IT Director, The Guardian
John Keeling, Director of Computer Services, John Lewis Partnership
Pete Smith, Director of IT and Telecoms, Inmarsat
Sinclair Stockman, CIO, BT
Gavin Whatrup, IT Director, Delaney, Lund, Knox, Warren & Partners
Graham Yellowley, Director of Technology, Tokyo-Mitsubishi
David Yu, CTO, Betfair.com

If you are a CIO, IT director or equivalent at a large or small company and want to be part of silicon.com’s exclusive CIO Jury pool, or you know an IT chief who should be, then drop as a line at editorial@silicon.com. CIO Jury will be back soon.