InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Boardroom Strategies / Enterprise Smarts

CIOs in the Biometric Age

By Kim Boatman

Too often, says Forrester analyst Geoffrey Turner, security rides on mundane tidbits of everyday information and vulnerable passwords.

“Right now, one of the biggest drags on the economy and the ability to use information systems and networks to advance commercial activity is because we have very weak abilities to establish and verify the identities of individuals,” says Turner. “It’s all based on non-secret information. It comes down to your mother’s maiden name.”

The maturation of biometrics offers a viable alternative, says Turner, author of a recent Forrester report, Biometrics: State of the Art and Future Implications

Biometrics -- the distinct, measurable characteristics of an individual -- was once thought to be a technology likely to gain widespread use in a distant future. But several factors have contributed to biometrics’ arrival as a reliable process of verifying identity, says Turner, including the following:

  • Technological developments Iris scanning, through a high-definition image of an individual’s eyes, uses software to generate a unique mathematical description. Fingerprint recognition is perhaps the most familiar technology, using software that maps the unique patterns of a person’s fingerprint. Facial recognition and hand geometry are also employed. Uses of vein geometry in the hand or finger are less mainstream forms of biometric identification, although they are already in practice at some Japanese ATMs. Other biometric technologies under development include skin biometrics and gait and voice recognition.
  • Formal standards Standards provide a framework that defines how biometric technologies are implemented. They allow for interoperability, predictability and reliability. Organizations such as the American National Standards Institute/International Committee for Information Technology Standards set the parameters for biometric technology. Organizations work together to “harmonize” the standards, says the Forrester report. “The result is very coherent and common biometric technology architecture with high degrees of inherent interoperability. This bodes well for the rapid economical adoption of the technology across most vertical applications in both the public and private sectors.”  

  • The successful implementation of biometrics Public familiarity with biometrics has increased with the arrival of programs such as the U.S. government’s e-passport, which incorporates biometrics. Biometric ID programs are being used to make business travel more convenient, easing the way for frequent travelers between the United States and England, for example.

“Anything where the presence of the individual is in question, biometrics can be an improvement over the current level of assurance,” says Turner.

However, there are considerations CIOs should make before implementing biometric technologies, says Cheryl Waldrup, director of global marketing at Daon, a biometrics software company. Key areas to cover:

  • Consider applications, present and future CIOs making a business case for biometrics should think about current and future applications and choose wisely. “Be careful to choose hardware and software that allows for expansion or updates as the technology advances,” Waldrup says. Biometric security can encompass a wide range of applications, from accessing a physical facility to retrieving sensitive data to managing customer accounts. A centralized biometric platform can integrate with human resources, says Waldrup, tracking employee work hours and even allowing employees to use biometrics or a smartcard containing biometric data to pay for lunch in the company cafeteria.

  • Get buy-in  Biometrics brings with it a wariness about privacy issues, acknowledges Turner. Employees or clients might not be educated about how a technology works. “Most people don’t distinguish between systems that store biometric data in a centralized database versus those that only store them on a user-owned credential,” says a Forrester report Turner co-authored earlier this year. Implementing biometrics becomes “almost a bureaucratic, political task” for CIOs, says Turner.

    Everyone from management to employees to clients may have questions that must be answered. Waldrup suggests surveying employees before launching a biometrics program, or using focus groups to determine issues or special needs. An internal biometrics fair is a creative way to achieve buy-in, says Waldrup. Allowing employees to view the technology, experiment with devices and learn about tech advances can smooth the way. Inviting vendors of consumer-use biometrics can also be helpful. “By allowing employees to see how finger or palm readers can be used for home access control and how voice biometrics can be used to access bank account information, you may succeed in creating an environment of acceptance and adoption,” Waldrup says.

    It’s important to establish biometrics as a convenient, streamlined way to control identity rather than as a technology that requires surrendering privacy, says Turner. “It’s a means to have better control of their identity,” he says. “Include a message to the people who are going to be participating as to why it’s an improvement.”
  • Understand biases Certain technologies may be met with particular resistance. For instance, using fingerprints can carry a stigma, since fingerprinting has long been used as a form of identification by law enforcement agencies. Some people might also have hygiene concerns about fingerprint readers or other contact devices.
  • Offer reassurance Understand that ongoing support is a necessity as employees and/or clients adjust. Waldrup recommends offering online help, FAQs and in-person assistance.
  • Evaluate the technology Understand the pros and cons of various biometric technologies. For example, it’s sometimes difficult for people with dry skin or worn hands to give a clear fingerprint. Sensors may react differently when placed outdoors.
  • Plan implementation CIOs will need to look for ways to streamline enrollment in a biometrics program, particularly if many employees and multiple locations are involved. If biometric data is captured and stored on a smartcard, management of the smartcard system is also a consideration, says Waldrup. Enrollment kiosks may need to be established in several locations. Programs such as the Registered Traveler program -- in place at some U.S. airports -- can serve as a model, allowing the private sector to capitalize on systems developed by government agencies.

In an age when organizations, both public and private, are confronted with the possibility of costly, embarrassing data breaches, the potential payoff of incorporating biometrics is huge, says Turner. 

“Having biometrics in place is a firm gold standard as to how you establish your identity,” he says.

 

Kim Boatman is a freelance business journalist in Silicon Valley, Calif. She spent more than 15 years reporting for the San Jose Mercury News.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Initiatives
Peers and Superiors
Enterprise Smarts
Related Content

Features

View More


Metrics

View More

Fast Fact

“Anything where the presence of the individual is in question, biometrics can be an improvement over the current level of assurance.”
--Geoffrey Turner, analyst, Forrester Research
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Risks of Wireless Email
Playtime: 8 min 23 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com