Is Biometrics Coming Of Age?
As Devices Get More Affordable, Data Centers May Start Scanning
Once fodder for sci-fi and spy thrillers, biometrics has matured to the point where even home users can employ a bit of 007 for protecting their laptops. The technology, once considered too expensive for many smaller data centers, can now be utilized with existing access controls to provide an extra layer of security for doors, devices, and servers.
After years of trying to woo enterprises and consumers into utilizing biometrics, it seems the industry is finally taking off, according to the IBG (International Biometric Group). A recent report projected biometric revenue growth from $2.1 billion this year to $5.7 billion by 2010. A robust market often draws innovators and developers, and that's good news for small to medium-sized enterprises, thanks to the subsequent competition.
Already, some SMEs are employing at least a smattering of biometrics, usually with fingerprint readers, and as prices drop and technology gets more popular, it may finally be time for recognition technology to get recognized as an important security tool.
A number of biometric manufacturers has emerged in the market, but IBM (www.ibm.com) seems to be leading the charge in particular. Early last year the company announced its ThinkPad T-43, with a reader linked to an embedded security subsystem, and since then has been integrating more biometrics into all of its product lines.
Smaller manufacturers that have brought out affordable options include IDTECK (www.idteck.com), which has fingerprint, facial, and multimodal readers, and DigitalPersona Pro (www.digitalpersona.com), which can help companies establish a biometric audit trail for regulatory compliance.
Beyond specific products, a larger trend that's boosting adoption is the focus by vendors on making their biometric offerings fit with existing security controls. In the past, biometrics for data centers was usually a rip-and-replace situation because biometric readers wouldn't work with the card readers or keypads already in place. But now there's better integration, says Joseph Kim, associate director of consulting at IBG. "Instead of ripping out door readers, you can layer biometrics on top of them," he says. "This is really useful because it doesn't put one security system in place of another; it creates a multitiered security system instead."
The readers most often given this treatment involve proximity cards or fobs, Kim notes. Because the cards don't need to be swiped, they can be read from a distance while an employee places a hand or finger on a biometric reader, making the process efficient and speedy.
Not Ready For Prime Time
Although there are a number of products that have widespread appeal, such as fingerprint and palm readers, not all biometric devices are ready for the mass market quite yet.
Iris and retina recognition has been targeted for robust growth by IBG, but some believe that the technology could actually have fairly limited adoption. The issue isn't with the readers, which have advanced nicely over the years, but with user perception, according to Ron Hughes, president of the California Data Center Design Group. "Often, when IT wants to put in retina scanning devices, there's resistance from users," he says. "Many people are afraid that the scanners will damage their eyes."
To date, there is no evidence to support such claims, and Hughes notes that vendors aggressively try to demonstrate that no harm comes to the eye, just as fingerprint scanning doesn't hurt someone's fingers. But many users balk anyway. "It seems unlikely that retina scanning is going to catch on with a larger audience," he adds. "Government entities like the Department of Defense use it widely, but I don't see it coming to smaller companies or data centers."
Also likely to have less appeal is facial recognition, Hughes says, but with that technology, there could be acceptance in the long term. "It just hasn't caught on like we thought it would have," he says. "But there's a possibility it will."
In general, there are two major areas that need to be tweaked in the industry for biometrics to catch on more widely: value and user acceptance.
As seen with iris and retina recognition, users are somewhat wary of certain types of biometric functions. But user reluctance goes beyond simply opening one's eye a bit wider; in an age of identity theft, many users have expressed concern that the data being captured can be stored and used in some way to track them.
Although some might call this thinking paranoid, IT managers need to understand that it's a very real concern. Already, employees are aware of monitoring software that tracks Internet usage, as well as email content filters meant to trap data embezzlers, and have expressed anxiety about being "watched" while on the job. Having their movements tracked through biometrics puts another onion-skin layer of worry on top of those existing thoughts.
To lessen the anxiety level, user education usually does the trick, and vendors can even be brought in to demonstrate how biometric technology can't be used to steal anyone's fingerprint or determine their activities any more than an ID badge could.
The biometrics industry will also have to address questions of value in order to gain wider adoption, Kim says. Replacing 1,000 desktop machines with computers that have fingerprint recognition isn't a question of integration but of whether such a move is really necessary. "If you don't need biometrics, you probably won't implement it, and that's for good reason," he says. "It's not inexpensive enough yet to put in place 'just in case,' so for now it has to prove a return on investment."