Empower individuals to control their biometric data

Issue 1 2025 Information Security, Access Control & Identity Management, Security Services & Risk Management

What if your face, fingerprint, or iris was your greatest vulnerability in a cyberattack? All those parts of you that are most unique and private are now embedded in our devices, workplaces, and airports, promising seamless access and enhanced security. But there is a dark side to this convenience: the fear of knowing where biometric data is stored and how it is used, and cybercriminals have seized on this.

Attracted by these potential loopholes, they are questioning the security and integrity of our data storage. Trust in biometrics is being eroded as individuals worry that their sensitive information is being stored in cloud environments that are vulnerable to breaches and misuse. To address these concerns, the future of biometric access security needs to drive action for change on an economy-wide scale.

Why the cloud is a concern

The rise of cloud-based systems has accelerated the adoption of biometric solutions. By storing large amounts of data remotely, cloud platforms allow for scalability and easier system updates. However, high-profile data breaches and unauthorised access to personal information have fuelled public scepticism. Deloitte’s 2023 ‘Customer data privacy and security’ survey found that 67% of consumers fear their biometric data could be misused if stored in the cloud, and this concern is particularly acute in regions with strict privacy laws, such as the European Union under the General Data Protection Regulation (GDPR).

Geopolitical tensions also increase the risks. Critical environments such as airports, military installations, and nuclear power plants cannot afford vulnerabilities in their access systems. In fact, they are a goldmine for hackers. They can intercept valuable biometric data and commit serious crimes such as rigging elections, spying on hostile nations, usurping identities, or sabotaging sensitive systems and areas. These are irreversible actions with potentially dramatic consequences.

Moving to localised storage

Biometric systems that prioritise edge computing offer a solution. Instead of sending data to the cloud, biometric information is processed and stored locally on secure devices or smart cards. These systems eliminate the need to transmit data over networks, dramatically reducing the risk of potential hacking.

For example, smart cards embedded with biometric data allow users to authenticate their identity without needing to interact with the cloud. This decentralised approach enhances privacy as the data remains under the control of the user and is less likely to fall prey to cyberattacks. It also complies with ethical and legal frameworks by giving users autonomy over their personal information.

Strategically securing high priority environments

Industries that handle sensitive materials or information – such as pharmaceuticals, energy, and defence – demand the highest levels of access security. Traditional access systems, such as swipe cards or PIN codes, are not enough to prevent unauthorised access. Biometrics offers a reliable alternative to the strategy adopted by these high-risk industries, but only if it is implemented without introducing new vulnerabilities.

Some organisations have already deployed on-premises biometric solutions that process data in a closed environment, ensuring that sensitive information never leaves the facility. For example, nuclear power plants are increasingly using locally stored multimodal biometric systems (e.g. combining fingerprint and iris scans) to strengthen access controls.

Similarly, the military and financial institutions are adopting innovative technologies such as the use of biometric smart cards: personal data is stored exclusively on the card itself, without recourse to the cloud or external servers. This not only reduces the risk of data leakage but also ensures strict compliance with the RGPD by guaranteeing secure, local management of personal data.

Challenges and the way forward

Despite its benefits, localised biometric security faces challenges, especially as local devices must be robust enough to prevent tampering and cyber intrusions.

To overcome these hurdles, manufacturers are investing in advanced encryption techniques and tamper-resistant hardware. The use of biometric templates —mathematical representations of biometric data rather than raw images — also mitigates risks. These templates cannot be reverse engineered into the original data, further protecting users’ privacy.

Looking ahead, biometric systems will need to balance convenience, security, and ethical responsibility. By moving away from cloud dependency, organisations can rebuild public trust while securing critical environments.

Eventually, to fully realise the potential of localised biometric systems, the industry must come together to establish standards and best practices. This is not just a technological shift but an ethical and strategic imperative to rebuild trust and safeguard critical environments.

The future of access security lies not in centralised technologies such as the cloud, but in empowering individuals to control their own data. The question is not whether industries can adapt to this ethical evolution, but how quickly they will embrace this shift.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Identity, Security & Access Alliance focuses on intelligence and integration
SMART Security Solutions Ideco Biometrics BoomGate Systems Bosch Building Technologies Technews Publishing Integrated Solutions Surveillance Access Control & Identity Management
The Identity, Security & Access Alliance (ISAA) hosted several launch events in Johannesburg in August, showcasing the participating companies’ technical solutions with a primary focus on the solutions made possible by integrating high-quality systems to deliver comprehensive solutions.

Read more...
The role of drones in farm protection
Agriculture (Industry) Security Services & Risk Management
Laurence Palmer reminds us of the role drones play in agricultural security and offers a free security risk assessment template for downloading (link at the end of the article).

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...
Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.