Info. Security

Leaving Your Mark

Why anything less than you is not enough

Today’s mobile professionals carry more sensitive information than ever before. A single laptop can contain strategic business plans, corporate financials, intellectual property materials and private employee information that can be valued in the millions, if not billions, of dollars. The traditional focus of corporate asset protection, the notebook PC itself, has evolved to redefine the real asset as the data contained in that PC.

This realization, coupled with recent regulatory changes forcing the public announcement of data breaches of personal information, has sent a shockwave through the corporate world and is leading to faster adoption of more types of data security.

At the same time, fingerprint biometrics has become the “ultimate human interface” device by providing a combination of security and personal convenience never before experienced on the corporate desktop.

Security is achieved when the expense and difficulty of breaching something lies just beyond the perceived value of doing so -- and hence the breach is never attempted or completed successfully. Biometrics as an authentication factor helps to achieve this for typical PC access by working in combination with new and existing technologies to raise the security bar. Some examples of this combined approach are presented below.

Pre-boot Security
Securing the PC from boot-up requires the user to enter and configure the BIOS of the system. Corporate IT managers generally frown upon this since no centralized management approach is available for BIOS management today. When the BIOS protection is enabled, the HDD can be locked and require a password of eight to 32 characters to unlock. This needs to be done before the system even boots to the operating system level, where most attacks generally occur. If a user were to forget the password, the HDD must be replaced and the old one discarded.

By combining this existing but under-used security capability with a fingerprint biometric subsystem, this problem can be addressed and a much stronger level of system security can be immediately enforced. The biometric device can be used to replay the BIOS password when the user swipes a finger -- preventing the loss of the password and simplifying an overly complex security feature already present in the system.

HDD Encryption
A more advanced approach to securing HDD data is to combine a full HDD encryption solution with the biometric subsystem. This goes one step beyond the BIOS password by actually encrypting all data on the HDD using AES encryption technology. The HDD encryption must be unlocked in the pre-boot environment so the operating system can load and the system can complete the boot-up cycle.

This approach has significant security advantages over a simple BIOS password but again poses the same issue of reliance on a single password, which can be quite complex and difficult to remember. When combined with a biometric subsystem, the authentication derived from the fingerprint reader can be used as the authentication mechanism and to release the encryption key to decrypt the HDD -- once again removing the risk of a lost or forgotten password. It would be natural for the leaders in HDD encryption solutions, including WinMagic, Sophos/Utimaco, McAfee/Safeboot and Checkpoint/Pointsec, to begin offering this combined approach in the near future.

Operating System, Network Logon
Leveraging the initial authentication used within the pre-OS environment, the appropriate credential also can be passed to the operating system for local system or network logon. This saves one more manual authentication step for the user and again simplifies the password usage paradigm. Since network passwords are changed frequently, this is the most common area of focus for IT managers in attempting to simplify the user authentication process and manage it as efficiently as possible.

Any biometric authentication factor must support the ability to recognize and support forced password changes and, as many readily-available solutions do today, allow some form of centralized control over this process. There is a growing interest in integrating biometrics as an authentication factor at the OS level.

Single Sign-on, Remote Authentication
The same credential release mechanisms used for logging into the operating system also can be integrated with SSO and remote authentication solutions. In the case of SSO, all of the same password rotation, reset and protection rules apply, along with the added issue of the keys to the kingdom -- where one password is protecting all of the digital assets of the enterprise. With biometrics, users have the flexibility to create strong passwords with no need to remember them because they can simply swipe their finger. The added convenience helps to fulfill the true purpose of the SSO system, and stronger passwords can be created and managed much more effectively.

Remote authentication techniques today are dominated by the use of one-time passwords using stand-alone “hard” tokens or software clients that generate soft tokens offered by security leaders including RSA, Vasco and Verisign. The difference has to do with where the OTP seed and algorithm are stored and where the OTP is generated (in hardware or software).

A biometric subsystem can fulfill the role of the token and generate the OTPs based on a successful fingerprint authentication at either the hardware or software level, since the seed can be embedded in the biometric hardware in some cases. Using biometrics embedded in notebooks and peripherals addresses several issues, including the support and productivity costs of lost and forgotten tokens, costs associated with upfront token purchase or replacement of hard tokens, and installation of additional client software and reliance on PINs.

However, the greatest unacknowledged benefit is that now an OTP can only be generated based on who you are, rather than what you know or what you have -- thus solving the most basic authentication paradox in existence today.

Application Security, Compliance
Beyond device and network authentication, more organizations today are focusing on limiting access to specific applications or data repositories. New compliance regulations such as Sarbanes-Oxley stipulate employee authentication for certain financial transactions or internal procedures and require repudiation -- an ideal case for biometrics. The biometric subsystem can be called to request an authentication for practically anything, including an Excel spreadsheet locked with a password, an internal home-grown financial application, or a typical ERP or CRM system. Using this type of authentication approach again reduces the myriad number of password schemas that need to be created, recorded, remembered and managed by over-taxed employees.

As a single layer of security in a multilayered approach, a fingerprint biometric solution offers flexibility and the opportunity to simplify some of the more onerous aspects of security management. But what really sets a biometric solution apart from all other forms of authentication security is the convenience to the user.

You take your finger everywhere, never forget it, don’t lose it and understand how to use it. Swiping your finger is intuitive, pleasantly repeatable and doesn’t require any effort or special focus during those early mornings or late nights at the office or on the road. It is a personal experience tied directly to you, and only you, that makes this approach so much more compelling over smart cards, tokens, ID badges, physical keys and passwords. Your fingerprint can’t even be phished.

All of these reasons are what make biometrics such an obvious choice for enhancing the user experience. And when things get easier for users, they tend to adopt them enthusiastically. This behavior transforms into reduced help-desk costs, lower hardware replacements costs, better insurance premiums, and happier employees for the corporation, not to mention the overall improvement in security protocols and reduction in fraud.

Fingerprint biometric technology has been well-established for a hundred years and has been in commercial deployment by governments and public services for much of that time. However, it has only recently begun to reach real adoption in the commercial and consumer sectors due to significant advancements in packaging, cost reduction, and overall device and system performance.

All major PC OEMs are now offering integrated biometric solutions and early signs of peripheral adoption are on the horizon as well, evidenced by the fact that even Apple stores in the United States now carry a USB fingerprint reader. As the industry ramps toward ubiquity in the notebook PC platform, the mobile phone sector is taking notice as well and should not be far behind. This is the second most heavily used electronic device in the enterprise today (some would argue the first), and is a natural progression for biometric adoption based on the growing needs for data protection and network access.

While the value proposition offered by fingerprint biometric security is becoming increasingly clear, the proper criteria for selecting the right technology is not as well understood. This decision is not simply a matter of purchasing new hardware and software products, but instead it requires a fully integrated solution to extend corporate network and platform security. As opportunities for biometrics in the enterprise continue to expand, the market will continue to offer innovative, cost-effective approaches to the growing security dilemma.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3