“Biometrics have really come of age in the last few years in terms of algorithm accuracy and hardware security, which can provide strong security and high usability with peace of mind,” says Mark Cochran, President, BIO-key PortalGuard, in an exclusive interview with ITSecurityWire.
ITSW Bureau: According to you, what role does biometrics play in multi-factor authentication (MFA) security strategy in today’s cybersecurity landscape?
Mark Cochran: There has been a big push for enterprises to use passwordless authentication options, which is driven in part by the threats businesses face today. Just this week, one element of the SolarWinds breach was due to an intern using an easily-guessed password of “SolarWinds123.” However, the onus is not on individual employees to ensure authentication security–never mind those that are temporary workers–it’s up to the enterprise to use a security strategy that utilizes multi-factor authentication (MFA).
Since passwords can be easily hacked or stolen, one stronger way to authenticate without using passwords is biometrics. The market has evolved to have more awareness about this method, mainly because businesses need to get beyond password-based security solutions but still need a scalable solution and a great end-user experience.
Read More Interview: Enterprises Leverage AI to Secure Sensitive Data
There are a variety of positive reasons to use biometrics with an MFA strategy, especially as we hear far too often of two-factor authentication methods being compromised. SMS messages can be redirected or hijacked, or passwords can be stolen or compromised. Biometrics is a truly personal way of authenticating a user because no hacker or man in the middle can subvert or replace a fingerprint.
When biometrics is paired with an Identity and Access Management solution that provides a strong algorithm, enterprises can achieve a low false-accept rate on, say, a fingerprint. The other side is when a fingerprint is falsely rejected, which can cause user irritation, but with better algorithms, the chance of this happening is reduced. Compared to other authentication options, biometrics still offers a frictionless experience for users and provides a high level of security for enterprises.
ITSW Bureau: How can enterprises effectively accelerate their adoption of cloud-based IAM solutions to maintain security?
Mark Cochran: An easy first step to accelerating a cloud-based IAM solution is to implement standards such as SAML or OpenID: Connect on applications that can support it, and then allow MFA to operate in the forefront as a wall of security.
Using standards-based authentication can consolidate access points and apply a more robust layer of security. Enterprises can also integrate APIs or RESTful calls into other applications that may not support standards like SAML.
Beyond consolidating access points, enterprises benefit from consolidating user directories, eliminating user management in all different apps and services. Doing so means enterprises can realize a successful security strategy across a range of cloud-based applications, particularly when using a modern cloud-based Identity as a Service (IDaaS) security solution.
Read More Interview: Protecting SSH Keys in Multi-Cloud Operations
The need for a cloud-based IDaaS solution is even greater today, with many people working remotely and enterprises planning to make remote work permanent. It’s a perfect storm for data to be hacked or leaked with more people working off-site and accessing cloud applications.
Facing this paradigm shift means that enterprises are seeing more complexity around security access and data, so they need to have flexible enough solutions to provide a good user experience and strong security.
To this end, cloud-based IDaaS solutions can act as a layer over security solutions already on-premise or with legacy protocols. IT allows for additional security to be applied with quick time-to-value, which is critical to businesses that want to improve their security posture against cybersecurity threats.
ITSW Bureau: What are the ways in which enterprises can streamline access and secure identity using biometric authentication?
Mark Cochran: Enterprises can streamline access with biometric authentication and Single Sign-On (SSO), allowing a user to sign into one portal to access multiple cloud-based applications. SSO is beneficial in today’s evolving ecosystem as enterprises use more cloud-based systems–SSO brings disparate applications together, especially when the average number of passwords for an individual is 100.
However, it’s important to note that there is a key distinction in how SSO should be deployed. When SSO is tied to a mobile device and used to unlock or access an app on the phone, it means the user has to re-enroll and reassociate their login with their apps on a new phone. This is often achieved through passwords, which isn’t the most secure authentication method.
Enterprise-grade biometrics is an attractive form of authentication when paired with SSO and the appropriate algorithm for sign-in acceptance. It’s a form of strong authentication that’s centralized in a database to be used across devices, which for enterprises provides user convenience with a focus on security–it keeps hackers out.
ITSW Bureau: What trends do you think will help to advance biometric security for enterprises?
Mark Cochran: Hackers are investing extraordinary amounts of time and energy into gaining access to data through enterprise authentication frameworks, with the vast majority related to compromised credentials and passwords. Old school passwords and even some two-factor authentication forms are failing to prevent a modern-day security attack by letting people in the door who then wreak havoc on corporate systems. The root of this problem goes back to passwords.
They’ve lived their life and served us well, but they’re past their time. Enterprises need to focus their security enhancements elsewhere, specifically on biometrics. Biometrics have really come of age in the last few years in terms of algorithm accuracy and hardware security, which can provide strong security and high usability with peace of mind.
One current security threat trend that positions biometrics for advancement is account handovers, which is when users knowingly or unknowingly share their logins with a third party. Handovers have led to many data breaches in the news where security controls have been successfully bypassed. This is where biometrics can be extremely helpful because it’s personal and unique to each user–you can’t replicate or steal a fingerprint. As threats continue to evolve and change, biometrics is proving to be more secure and not prone to these kinds of attacks.
Mark Cochran is the President of BIO-key PortalGuard. He is responsible for managing the PortalGuard development and operations teams tasked with delivering new product innovations and providing superior customer support. Mark has over 24 years of B2B experience in the software and technology industry, including 18 years of delivering Identity and Access Management (IAM) solutions to organizations worldwide. He is a veteran member of a subject matter expert team capable of analyzing information systems and processes to implement dynamic security improvements.