Biometrics technology is the stuff science-fiction movies
are made of. For decades, we’ve glimpsed the future of iris scanning, voice
recognition, and fingerprint scanning—all in the name of total security.

When biometrics first emerged for computing in 1984, the
industry touted it as the cure for the common password. Through the 1990s and
early 2000s, several computer hardware vendors tried to entice security-conscious
organizations into changing their security authentication models from something
you know (such as long and complex passwords) to something you are (such as finger,
hand, or voice prints).

But let’s face it: To date, the industry has seen only a
very gradual acceptance—and often reluctance—to change the standard. New
security technology is often hard to accept, particularly in its early stages.
However, biometrics has had time to evolve, and it’s time to consider
integrating some specific biometric applications into your organization’s security

Lock down physical access

If you work in a midsize to large company, ID cards are
acceptable as an initial entry mechanism for your exterior controlled spaces.
What about after someone has made it inside the building?

Biometrics that use hand geometry or fingerprint scans offer
an affordable and scalable solution that can help put an end to that never-ending
task of key changes, ID card programming, and door security combination
changes. Users are human, and—more often than not—they won’t hesitate to loan a
key, hand over an ID card, or give out the combination to a door to help
someone do his or her job.

It’s often difficult to detect this type of misuse, and it
can be tough to punish a person if the results of that misuse help the company.
But by deploying a biometric entry system for interior sensitive spaces, you can
greatly increase the security of those spaces. In addition, you can significantly
decrease the change time between granting access and removing access without
disturbing current operations.

How much time and money does your company spend changing
locks, key codes, and ID cards after an employee no longer requires access? Do
the math, and make a pitch based on your calculated savings—you’ll win every
time and increase your overall security posture.

Secure machines on the move

For most organizations, laptops are part of the computing
environment. Some companies assign a laptop to a specific user; others assign
laptops to departments, and a pool of users share them based on travel needs.

However, using passwords on laptops can pose problems. These
issues include:

  • Forgotten passwords: Whenever a
    user forgets the laptop password, you must change the old password and
    create a new one before anyone else can use the machine.
  • Shared account: Instead of
    providing each user with an individual account on a laptop, some companies
    create a shared account with a simple or no password—and that means little
    or no protection for corporate data.
  • Locked accounts: Does this situation
    sound familiar? A user on a business trip working in a hotel room at 2
    A.M. forgets the password and therefore requires after-hours support. This
    can be the most dangerous scenario because you’re more likely to give out the
    admin password. That means you’ll need to change every machine that uses
    that password immediately.

Using biometric technology, you can better protect your
corporate data and your users by enabling them to access the machine without
requiring them to remember a complicated password. Determine how much time you
spend on laptop access, and you’ll likely be able to justify any additional
costs associated with biometric access.

Final thoughts

Biometrics can’t cure all of your access authentication
problems. If a user loses a laptop that contains sensitive data, that data is still
in danger.

However, biometrics can simplify and increase your control
over your organization’s assets. Integrate biometrics within your organization,
and gain greater control and flexibility over your security architecture.

Miss a column?

Check out the new Security
Solutions Archive
, and catch up on the most recent editions of Mike
Mullins’ column.

Worried about security issues? Who isn’t? Automatically
sign up for our free Security Solutions newsletter
, delivered each Friday,
and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant
network administrator and a network security administrator for the U.S. Secret
Service and the Defense Information Systems Agency. He is currently the
director of operations for the Southern Theater Network Operations and Security