While this application is interesting will it ever become mainstream? Or for that matter will biometrics ever become mainstream? This application, much like fingerprint door locks, themostats, USB keys, and other comsumer devices are neat but but really lack a compelling reason to buy other than they are neat. Biometrics found its roots in law enforcement and has made its way to federal security programs but outside of that it is still struggling (ref: biopay folding up tents). Enterprises still strugle with the cost/beneft. Not to mention because biometrics found a place in law enforcement and other "bad guy" applications, consumers have been, and remain, weary of their use. This trend will eventually go away but it isn't happening fast.
So while this is a neat SSO+ unsage I would not be as willing to say "the time may finally be right" until there is a compelling need and some evidence of mass adoption.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Biometrics - right time or neat gimmick?
Is the time right?
For years the time has been right, for some; there are already a number of very large IAM implementations around the world that rely on two-factor authentication where one of the factors is a biometric (especially finger scans).
Will it become ‘mainstream’?
1. Not until Authentication is generally understood to be different to Identification – the functional and privacy aspects are different for each.
2. Not until other authentication credentials are agreed to be unsafe - passwords are there now, but two-factor non-biometric is only beginning to be used widely and the limitations are yet to be realised.
3. Not until it’s called “fingerscanning” or “personal identity” or "be yourself" or something similar, rather than having the “fingerprinting” criminal/privacy connotation (which it clearly isn’t).
Is there a cost/benefit?
Sure is ! For IAM implementations I've done it's been far cheaper than passwords, digital certificates, one-time password tokens, iris and so on. The ROI leaves the alternatives well behind. If you have one of those other solutions in place now the savings are significant
Compelling reason to buy?
Here are just some:
Significant cost savings for an enterprise.
Market leadership (eg banking).
Improved security and privacy.
But I wouldn’t expect end-users to be forced to buy them, as it's a strategic solution.
Is it a “gimmick”?
Yes, if it’s only a single-factor.
Yes, if it replaces your username.
No, if its done for the right reasons - centralized authentication and access control where there is a need to know who you are dealing with, or where there is a need for legal “non-repudiation”.
Finally even simple security cards are two-factors; photos and signatures are (weak) biometrics.
Allan Milgate
Biometrics is mainstream
I Saw your article and I can’t agree with you more - biometrics is changing how organizations view and deploy strong authentication. What has kept biometrics from becoming mainstream for years had been less to do with the technology but more with ubiquity and price of the fingerprint sensors. The embedding of swipe sensors from UPEK and Authentec by all the major laptop/tablet manufactures have made this technology readily available at the right price point for enterprise use. This together with centralized fingerprint management and identification technology such as Imprivata’s OneSign allows companies to leverage these devices within the enterprise.
Interestingly enough Imprivata was originally started as a fingerprint biometrics company to levarage opportunities in the identity and access management space. Having designed large government biometrics projects we knew in time biometrics would transition to being widely available on notebooks and keyboards. The latest generation of sensors is truly remarkable in terms of physical size, speed, reliability, image quality and price. Many of our customers have deployed biometrics enabled SSO to to workforces of thousands of users using combinations of notebook, tablet and integrated keyboards with built-in sensors.
What I have seen in looking through our customer base is significant adoption of fingerprint identification and eSSO in verticals such as healthcare, healthcare and state/local government where response time, convenience and security/privacy all need to be simultaneously addressed. In healthcare, for example, the combination of fingerprint identification, eSSO, shared workstation and fast user desktop switching have proven to be a powerful combination for giving clinicians not only ease of access but the ability to secure their desktops to meet HIPPA compliance.
Good luck with your SSO Summit. Omar Hussain, our CEO is attending. We also have Christopher Paidhrin, our customer from Southwest Washington Medical Center participating on a panel. You might want to catch up with Christopher to get his experiences with a large biometric deployment
David Ting
CTO Imprivata
dting@imprivata.com
Biometrics
I would say there's a compelling reason to buy. While most of the functionality falls under the category "nice to have"... the password manager is genuinely useful. I've been using a fingerprint reader to remember passwords and login for quite a while now, it would be a pain to go back to the old methods.
-Martin
Post new comment