Without any doubt, a commitment to integration is one of the main reasons why fingerprint-based identification is used so extensively in SA to control workplace access and manage T&A. Managing identity within the workplace has been the foundation for local biometric applications.
Dave Hunter, divisional managing director at Bytes Systems Integration says, “We recognised the potential of biometrics many years ago. Right from the start, we clearly saw how the technology could significantly strengthen the overall integrity of our Kronos workforce management solution.”
Hunter says that the Kronos platform addresses the needs of large organisations with high numbers of personnel who are widely dispersed geographically. “It is a heavy-duty solution for large, diversified organisations. Nevertheless, even such an advanced solution is still subject to the age-old security vulnerabilities that are created by a dependence on old-fashioned access cards and codes to authenticate people’s identities.”
In Hunter’s opinion, in 2004 the potential benefits that biometrics clearly offered were nothing more than that – potential benefits. “Unless we could integrate our technologies with biometrics, that potential was always going to remain unfulfilled. It was nothing more than a nice-to-have concept in some hypothetical future. Commercially, it would have been a non-starter. What turned it into a practical business reality was the extraordinary commitment towards integration from our long-term biometrics partner, Ideco.”
This perspective is endorsed by Mark Stoop, business unit manager within the Innovation Group at Business Connexion. “In partnership with Ideco, we have been implementing fingerprint-based physical security solutions in southern Africa for the past seven years.
“The business case for replacing traditional access credentials with fingerprint technology is disarmingly straightforward. Fingerprint-based identification cuts the repetitive losses caused by unauthorised access and activity within the workplace. This has been proven repeatedly in local organisations ranging from mines to food-processing plants. Our clients know this because they see the results on their bottom line. They recognise that any security solution based on a card or a code is clearly vulnerable to abuse simply because it is so easy for people to share or steal them.”
He points out that the ability to accurately identify people within the workplace delivers a great deal more than just preventing unauthorised access and buddy clocking – the practice where people clock-on for one another at work in order to defraud their employer’s payroll system. We are also able to deliver benefits in areas such as occupational health and safety, because we can accurately control who can enter certain areas as well as recording people’s location as they move around their place of work.”
As one of the leading local manufacturers of access control systems, Saflec has a user-base of over 500 companies across southern Africa. Sales manager, Barend Keyser, says that Saflec was one of the first SA companies to begin replacing conventional access cards by integrating biometrics within their systems.
“Back in 2005, we saw how fingerprint technology could move beyond its applications within law enforcement. By working closely with Ideco as our integration partner, it became commercially feasible to use biometrics as a highly secure means of managing identity within our access control systems. Without that partnership, we would probably still regard the technology as sci-fi on TV shows like CSI. Instead, fingerprint-based identification is now a business reality for hundreds of our end-users like Vodacom and Coca-Cola.”
Integration demands resources
Coetzee says that Ideco spends around R2,5m a year on providing integration services that enable the use of fingerprint scanners within a diversity of secure business solutions. “Most of that budget goes towards funding our technical and development team. It provides a ‘can-do’ platform of technical skills and expertise that allows us to co-operate with our partners in building fingerprint-based business solutions for their clients.”
But the financial commitment to integration does not end there. At any given time, Ideco typically has R600k worth of development or demo equipment allocated to specific projects where biometrics are being incorporated into new and existing solutions. Coetzee stresses that, “Our continuous investment in integration is one of the main reasons why more than 70% of all local biometric applications are based on fingerprint scanners from us.”
“Integration is a core component of our business. It is an on-going process that supports an ever-growing range of business applications that rely on accurate identification of the people who use them. As the business advantages of modern biometrics become more widely recognised, we are seeing increased demand for us to integrate scanners within different types of systems.”
For Coetzee, this extensive integration work across such a wide range of leading solutions is essential and it forms part of an integrated biometric security industry estimated at more than R3 billion per annum. “In order to drive high volumes of biometric sales across southern Africa, we had to demonstrate commitment to the companies who use the products.
“If we had just dropped boxes and walked away, Morpho would just be another one of the minor players in the local biometrics market. Instead, our integration work means that Morpho is rightly regarded as the number-one biometric product.”
A formal business process
The type of integration service provided by Ideco allows different levels of integration within the systems that Morpho features. Coetzee says, “We offer the service free of charge based on agreements that the solution provider uses our biometric products. Obviously, it is important that the technology itself is so highly regarded. That level of respect for the product is based on a long-established track record of exceptional performance and capabilities. At Ideco, one of our key roles is to make those commercial advantages readily available to the market.”
Ideco begins its formal integration process with an NDA to protect both parties when sharing their IP. This is followed by a strategy discussion to understand the business objectives and integration requirements. “Then the two teams of technologists do their thing,” says Coetzee. “They move the integration forward to a point where it can be evaluated against the original operational and commercial objectives and certified as being compliant to best biometric practices.”
Coetzee knows that integration is a living thing that evolves with advances in biometric technology as well as in the solutions where it is used. “With every new product or firmware release there are changes that could have a material effect on the overall solution. Ideco maintains on-going technical relationships with our partners so that we can support each other’s developments and maximise the demonstrable benefits that biometrics offer the end-user. Together, we ensure that the technology meets expectations.”
Thinking outside the box
Jason Matthews, MD of access control and T&A specialists, Jarrison Systems, has worked with Ideco since 2005 and says that integration is key to extending the business benefits that can be achieved through biometrics.
He cites Jarrison’s large-scale fingerprint-based solution at Omnia Fertilizer as an example, “In addition to handling T&A and access for about 5000 employees at Omnia’s Sasolburg plant, the solution also uses fingerprint identification to manage the personal protective equipment or PPE store. The PPE component of the system tracks what items were issued and to whom they were issued. Instead of signing for equipment in a book, we use fingerprints to identify who is taking the equipment and who is issuing it.
“Omnia also uses the Morpho-based solution to control its on-site induction process, ensuring that all the necessary Health & Safety compliances are met for visitors or contractors entering certain areas of the plant.”
With such an established local track record that demonstrates both the capabilities of biometrics and the proven business results they deliver, Coetzee sees the technology as being at a point where its application is not limited to conventional security solutions.
Increasingly, Ideco is seeing that accurate identity control is becoming an essential function within more and more business processes. Coetzee says, “We are currently working on 52 integration projects. These include the use of biometrics within logistics and supply chains; vehicle driver identification; managing the chain of custody within law enforcement; and handling identity-based processes within the manufacturing, retail, banking and medical sectors.”
Collaboration is essential
Very often there is a limiting silo effect in terms of maximising the commercial results that biometrics can deliver. Mark Eardley of SuperVision Biometric Systems says this is particularly evident within the established discipline of identity management or IdM. “Within corporate IT systems, the function of managing identity has traditionally been the preserve of specialised IdM solutions from big names like IBM, Sophos, RSA, Novell and Symantec.
“On the other hand, the function or discipline of authenticating identity is handled separately by the big names in biometrics, like Morpho for example. There is little collaboration across the two distinct disciplines and their respective strengths often remain in their separate silos as opposed to working together. It does not matter how sophisticated your IdM solution might be if it is based on cards and PINs and passwords. If the system cannot accurately authenticate users, well, what is the point of trying to manage what they can do?
“Equally, authenticating IT users biometrically is not much good without an IdM solution to handle what those users can do. But, if you put the two sets of technology together then you have a completely different animal. Then you have a system that can truly authenticate, authorise and audit users and their IT activity.”
Stoop says that although Business Connexion’s clients have first-hand experience of the financial benefits derived from fingerprint identification within physical security and workplace attendance, he recognises that organisations are increasingly exposed to security threats within their IT systems. “Corporate IT still relies on passwords, PINs and cards to control who can access their systems and operate within them. This creates the same obvious and elementary risks that we are countering with biometrics in physical security.”
He believes that the next major advance in biometric applications will be their integration into access and activity control within IT systems. “The motivation to introduce biometric controls into IT is really no different to what we have seen in physical security. The common goal is to prevent unauthorised access and the losses it causes. It strikes me that this is a particularly pressing need in IT given the level of losses being caused by corporate cybercrime.”
Once again, integration is critical to such an advance and Stoop and his team have worked extensively with Ideco to facilitate this. “We are now at the point where we can replace IT access cards, PINs and passwords with fingerprints. Not only can we control initial sign-on, we can govern access to applications, documents and Web forms. Through fingerprint-based authentication of the user, we can also authorise changes to data and control transactions. At the same time, we record all this activity and link it to the biometric identity of the user. This means that we build accurate audit trails that definitively show who did what within an IT system. And we can do all this right now.”
As for the future of biometric applications, Coetzee encourages anyone whose systems are reliant on identity to consider biometrics as a means to accelerate processes and reinforce security. “The only effective way to control identity is with fingerprint technology. South African organisations should be encouraged by the fact there is such a wealth of local experience in how to achieve this both in terms of technical expertise and practical knowledge concerning successful implementation.”
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version