Data security and the biometric single sign-on advantage
By Arifin Hussain December 17, 2014
- High level of identification accuracy, security, and usability
- Considered ‘next-generation’ personal identification solutions
SINGLE sign-on is a biometric identification management system that allows end-users to use their biometric credentials in place of a password, token, or personal identification number (PIN) as a secure method of system or database access.
Single sign-on systems provide secure access to sensitive data and bring flexibility to identity management, fully integrated with Windows Active Directory, and are readily available for large enterprises, healthcare organisations, financial service institutions, or any government entity.
Traditional passwords are potentially the weakest link to information security systems for these organisations, and with an increasing number of data security breaches due to weak passwords and inadequate network and data encryption systems, many organisations are considering deploying biometric single sign-on solutions using either fingerprint, or finger or palm vein authentication for secure password and identity management.
Biometrics are unique traits or behavioural characteristics that can be captured and used for individual identification through a host of different biometric modalities such as fingerprint, finger vein, iris, facial or voice recognition.
Biometrics are unique to every human on the planet – even identical twins have different biometric physiological characteristics!
Due to their high level of identification accuracy, security, and usability, biometric single sign-on solutions are considered ‘next-generation’ personal identification solutions to reduce data security risks and potential loss of intellectual capital.
Rising financial losses from data security risks
The risk of data security breaches in industries such as financial services, healthcare, and government are rising fast and often result in serious financial loss, loss of confidence, and damage to brand reputation.
In a survey of more than 3,900 companies worldwide, it was found that the cost of lost financial data ranged anywhere from US$66,000 to US$938,000 per organisation, depending on the size.
Most data security breach cases are the result of internal threats rather than external cybersecurity risks. Weak passwords, unsecure identity management, and lack of proper monitoring of who is accessing data is often the root cause of data security breaches in almost all types of organisations.
Cyber-attacks are also rising as cybercriminals are now using more advanced techniques to easily break down traditional password based security systems.
The following are examples of industries that are particularly susceptible to suffering financial losses due to data security problems:
- Government: As reported by the US Government Accountability Office (GAO), government data breaches in recent months are at an all-time high. The government/ military ranked third on the data breach list in the United States, accounting for 11.1% of the overall breaches and 14.3% of the compromised records, according to an Identity Theft Resource Centre report.
- Healthcare: The healthcare industry is perhaps the most vulnerable to data security breaches because black market demand for health records is high. The Ponemon Institute, a research centre that examines data protections, recently reported that data breaches cost the healthcare industry up to US$5.6 billion a year.
- Banking/ financial services: Banks and other financial institutions are attractive targets for data security breaches mostly because existing external and internal data security protocols are weak and identity management systems are antiquated and easily exploitable. In a recent survey of 75 banks and credit unions, it was found that losses due to data security breaches reached more than US$2 million.
- Businesses: A recent report by Identity Theft Resource Centre shows that the business sector has been victimised by 32.9% of the total breaches this year in the United States, representing nearly 60% of the compromised records.
How biometric single sign-on helps
Most recent data security breaches were the result of employee passwords being compromised and unencrypted file sharing.
Using a biometric single sign-on solution can prevent unethical employees from repudiating responsibility for their actions by claiming an imposter had logged on using their authentication credentials when they were not present.
Using a biometric single sign-on system for sensitive file encryption is the most effective strategy to avoid these situations because when traditional passwords are compromised, even strong encryption cannot offer protection from data breaches.
Therefore, stealing, sharing, or swapping passwords by employees can cause devastating data security breaches – as we have seen in the past few years, and the problem is getting worse every day.
The No 1 leading cause of data security breaches resulted from employee error (39%). The Ponemon Institute concludes that these breaches are typically the consequence of complacency or negligence from lax or insufficient access control to sensitive or confidential data.
Implementing a single sign-on biometric solution can solve these problems easily and in a convenient way.
The advantages
The advantages of using biometric single sign-on for securing enterprise information are many. The main one is that, instead of traditional passwords or physical tokens, biometrics cannot be easily lost, stolen, duplicated, or compromised.
A biometric single sign-on system also reduces employee password reset requests which can be a financial and productivity drain on IT staff help desks.
Here are some other major advantages of using a biometric single sign-on solution for any kind of organisation:
- Strong authentication: Biometric single sign-on authentication provides stronger authentication instead of relying on traditional passwords. It is virtually impossible to steal or duplicate biometric characteristics for authentication purposes.
- Anti-spoofing capabilities: Each human biometric characteristic is unique, and every individual has different physiological characteristics such as fingerprints, finger vein patterns, palm vein patterns, iris patterns, etc. Therefore, all of these modalities are hard to forge, copy, or spoof. Some biometric identification management experts even suggest the use two-factor biometric authentication because single modal biometric systems have a higher risk of spoofing attacks. Moreover, biometric technology is now more advanced and there are new affordable multimodal biometrics devices that can capture both fingerprint and finger vein mages in one single scan, relying on the presence of blood flow via the vascular biometric modality for ‘liveness’ detection and anti-spoofing capabilities.
- Higher identification accuracy: Biometric characteristics are unique for every person in the world, and as mentioned above, even identical twins have different biometrics. Biometric single sign-on provides the highest level of identification accuracy and helps to prevent duplicate identities.
- High level of security: Biometrics has been considered the highest level of authentication security measure for many years in industries such as law enforcement, military, and the government using Automated Fingerprint Identification System (AFIS) software. As the industry has evolved, biometrics have become more sophisticated and available for commercial use in many different ways such as biometric single sign-on, which has strong potential for organisations to protect data from being compromised.
- Strong data encryption: Data encryption in many organisations does not always protect information, especially when traditional password security protections are weak. Implementing biometric single sign-on for data encryption can provide strong encryption protection.
- User-friendly and ease of management: The user-friendly nature of biometric authentication solution automation provides peace of mind to IT departments of any organisation.
- Cost effective: Implementing a fingerprint single sign-on solution reduces financial losses due to weak password management policies. Plus, the variety of biometric single sign-on modalities available brings flexibility to organisations which may be using fingerprints but would be better suited to use vascular biometrics such as finger vein or palm vein to achieve better return on investment (ROI).
Implementing a biometric single sign-on solution with convenient integration into Active Directory bolsters password management security and leaves IT departments in complete control.
Such solutions can help many organisations save costs related to government regulation, fines, and penalties on data security, and also financial losses resulting from data security breaches.
It is now essential for organisations to focus on unique end-user sign-on challenges and deploy strong authentication and accurate identity management initiatives.
Arifin Hussain is an SEO specialist with M2SYS Technology, a biometric identity management technology specialist.
Related Stories:
How multimodal biometrics improve border control security
Preventing data loss, and the health of your business
The end of passwords, and other IT predictions
Adaptive identities coming to forefront of security: RSA
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.