Biometrics and information security management systems

August 2010 Access Control & Identity Management

A number of surveys recently reaffirmed the fact that insiders are now committing most of the economic crime within organisations. Two global surveys, by Ernst and Young and Pricewaterhouse Coopers highlight the fact that insider crime is on the increase and is being fuelled by the economic downturn.

We see there being another factor that is driving the growth of insider crime: passwords. Organisations simply have to stop using them.

Migrating biometrics into ISMS

For several years now, we have been replacing traditional cards, passwords and PINs with biometrics. In a huge diversity of workplaces, they are an accepted component of physical access control and workforce management solutions. So why has it taken so long for biometrics to migrate into IT security? The answer is that there has been a lack of competent software to allow professional integration of biometrics within IT systems: Consequently, we had to develop our own: SuperSign. And that did not happen overnight. There are several years of development work behind our password replacement solution and we have had to spend a lot of time in Europe and the United States in order to perfect it.

First, SuperSign is an IT security solution that provides a deterrent and a protection against insider crime: Biometrics is the only technology that can link who did what, where and when within an IT system. It is a deterrent because of the unbreakable bond it forms between users and their transactions. It is a protection because it enables the most stringent access controls.

Data loss prevention

DLP is a hot topic because of the challenges presented by increased data mobility. This does not just mean the mobility enabled by portable devices or the cloud: Sometimes referred to as ‘information leakage’, data security is certainly not a new problem and people have been battling with it for years. Its roots lie in the fact that digital information is mobile by its very nature. The Information Security Forum (www.securityforum.org) provides a wealth of insight into how leakage occurs and ways to prevent it happening.

The Forum describes information leakage as “an incident where the confidentiality of information has been compromised, typically as the result of unintentional insider action". The disclosure of business information outside of its intended audience has been an information security-related issue for many years, but the term information leakage has recently seen increasing use in the media, which is keen to draw attention to high profile breaches of confidentiality in large public and private organisations.

The insider who accesses your PC or laptop without permission may not necessarily have a major criminal intent, but could just be a sneaky snooper. It is not always about someone trying to rip you off.

Data-loss threats will vary from company to company, but the simple fact remains that traditional passwords and PINs create massive vulnerabilities. These can be exploited intentionally by the criminally minded, or lead to inadvertent losses through people doing things they are not trained or authorised to do.

The root of all data evil?

Controlling access to devices, data, applications and networks has traditionally been a complex challenge for IT departments. As authorisations alter to meet changing business requirements, users and administrators struggle with antiquated processes for managing user-names, PINs and passwords.

Not only are the old processes time-consuming and costly, their shortcomings actively encourage all of us to simplify sign-ons by writing passwords on post-it notes, re-using the same logon credentials or sharing passwords. Driven by the need for speed and convenience, this activity is routine and happens every day in offices all over the place.

Unauthorised access to IT systems through the abuse of passwords, PINs and usernames is universal and extremely damaging. Stewart highlights some of the dangers as follows:

* Illicit payments.

* Unauthorised access and transmission of information.

* Loss of confidentiality.

* Unauthorised changes and deletions.

* Loss of operating capacity and costs of downtime.

* Increased recovery and system restoration costs.

Biometric sign-on

Eliminating the dangers and losses from these wide-ranging threats has to start by addressing the gaping hole in IT security: passwords. SuperSign replaces passwords and PINs with fingerprints and it integrates with most applications, including Web applications, with no custom scripting or development.

Very often, IT managers are rightfully concerned about the addition of applications and solutions to their existing infrastructures. Start with straightforward biometric sign-on. This will not instantly close all the loopholes in your IT security, but it is the first step in implementing a solution that can then be extended to deliver other, organisation-specific benefits.

Although SuperSign can be used with a range of traditional cards, tokens and credentials, fingerprints are the obvious platform for securing IT systems: Biometric sign-on is just as fast as using passwords – if you can remember them all – but that is where the similarities end. No replacements, minimal administration and they form an irrefutable link between the user and the systems they accessed.

With absolute certainty, biometric based sign-on links the user to their transaction. By doing this, it creates a powerful monitoring and audit trail – who did what, where and when. Fingerprints really can make passwords and all the damage they cause a thing of the past.”

For more information contact SuperVision Biometric Systems +27 (0) 21 913 6075, www.supervision.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Security professionals gather at Integrate 360
Gallagher Access Control & Identity Management News & Events
Gallagher Security’s Integrate 360 brought together some of the best minds in security, innovation, and technology for two days full of insights, demonstrations, and future-focused discussions.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...
New ASSA ABLOY facility opens in South Africa
ASSA ABLOY South Africa iDSystems Impro Technologies Access Control & Identity Management News & Events
ASSA ABLOY announced the opening of its new facility in Durban, South Africa. This new site unites IDS and Impro operations, bringing both manufacturing plants under one roof to create a hub for innovative access solutions.

Read more...
iProov achieves FIDO Remote Identity Verification certification
News & Events Access Control & Identity Management
iProov, iiDENTIFii’s technology partner in Africa, is the first to achieve the new, global certification in face biometric identity verification from the FIDO Alliance, an open industry association whose mission is to reduce the world’s reliance on passwords.

Read more...