Every time you access your phone via fingerprint reader, you're using biometric identification technology. So, while biometrics on the consumer side has become commonplace, a number of barriers have blocked widespread biometric adoption in the enterprise.
According to ABI Research, the majority of revenues in most biometric recognition technology categories today come from government entities, with fingerprint recognition the most commonly used biometric recognition method. Other major technologies are palm prints, handwriting, iris, retina, and voice/speaker.
Windsor Holden
But for the most part, enterprises are staying away from biometrics as a means of providing security. "There seems to be very little usage outside highly sensitive arenas such as military or airport personnel access," says Windsor Holden, research director at Juniper Research.
One key factor is the perceived cost both for deployment and staff training. "Unless a company has actually suffered significantly from outcomes arising from unauthorized access in the past, it may be reluctant to invest in preventative measures," Holden says. "There may also be some concerns that the technologies involved may be prone to errors, potentially preventing genuine employees from entering premises."
Maxine Most
Maxine Most, principal at Acuity Market Intelligence, a research consultancy focused on biometrics and electronic identity, says biometrics in the enterprise has been growing slowly as the technology has become more accessible because of lower costs, increased reliability and ease of integration.
+ MORE BIOMETRICS: Biometric security is on the rise +
Most acknowledges that biometrics in the enterprise has not seen the kind of accelerated growth experienced in the consumer realm. "However, as the number of mobile devices with embedded biometric capabilities increase and enterprises integrate BYOD into their enterprise network and data security frameworks, the adoption of biometric physical and logical access will expand and accelerate," Most says.
"Why issue smart or even dumb cards to employees when everyone in the building already has a highly sophisticated NFC- and Bluetooth-enabled device with them at all times?" Most asks. "Biometric smartphones will become the mainstream authentication device replacing the various other identity approximations: cards, tokens, fobs, etc., that are currently used for access control."
Maxine Most, principal at Acuity Market Intelligence
Given the potential benefits of biometrics as part of a security program and growing concerns about the need for secure access to systems as well as facilities, companies might begin to explore these tools more deeply. But organizations need to take a number of steps before they plunge ahead with deployments, experts say.
1. Overcome employee privacy concerns
Companies need to figure out how to overcome cultural barriers that might exist with regard to using biometrics as a security tool.
Despite the fact that many consumers routinely use fingerprint readers to access their personal devices, employees might be concerned about privacy, intrusion and safety issues associated with their workplace environment.
In addition to the cost and complexity of integrating biometrics, user pushback due to fear, discomfort and misunderstanding is among the primary reasons why enterprises have not adopted biometrics for security, Most says.
2. Educate and train
One of the early decisions managers need to make is how best to educate and train users on biometrics technologies and how they might be used within the company. "You can't just deploy a system and leave it at that; employees will need to be trained in how to use the system to gain access," Holden says.
If possible, the education process should be collaborative, with management and employees exchanging views on how biometrics might fit best within the organization.
+ ALSO:7 ways to beat fingerprint biometrics +
If employees and other users are not open to moving to biometrics systems or not well trained in how the technologies should be used, there's a good chance the implementation will fail.
3. Pick a biometric method
Gathering feedback from employees might help with another key decision: which biometric modality to use. While fingerprint scanning might be the most commonly used type of biometric access, will it be sufficient for the organization's access needs or are additional modalities needed?
When selecting a modality, organizations need to consider factors such as the level of security provided, accuracy of data, cost of the solutions, ease of use and user acceptance.
"Give people choices of biometric factors to use [for example] fingerprint, retina scan, voice, facial recognition. None are perfect and none are totally convenient," says Avivah Litan, vice president and distinguished analyst at Gartner.
4. Make deployment decisions
Another important decision point is figuring out exactly where and how biometrics systems will be deployed and used. This includes deciding on where to place access control systems for both physical locations and logical resources, whether biometrics will completely replace existing access and authentication tools, and determining how to grant access privileges.
For large, global enterprises with dozens and even hundreds of locations, these are no small considerations. In addition to the questions of where to use biometrics are those regarding who should use the systems. "Will biometric access be limited to employees or [used by] outside contractors as well?" Most says.
In addition to deciding who the users will be, another consideration is what the enrollment process will entail for those people using the system.
5. Set up enrollment procedures
"If there are multiple facilities, will biometric enrollments be shared across these facilities?" Most says. Other questions regarding enrollment include how individuals will be "un-enrolled" or de-authorized from the system once they leave the organization or change status, and how the biometric enrollment and management systems will be secured.
"Enterprises have to develop and deploy a secure enrollment process that electronically vets employee identities using internal or other reliable third-party records," Litan says.
For example, there are cases where employees scan driver's licenses or passports into the system and a third party verifies the document's legitimacy and match to the employee's asserted identity, Litan says.
6. Conduct a trial run
Before rolling out a biometrics system broadly in the enterprise, as with any type of technology implementation it's a good idea to conduct trials first.
"Test your systems before you deploy your biometric solution [to] ensure that it works, Holden says. "Have a few employees attempt to use biometric authentication to gain access, thereby ensuring that the system is correctly calibrated and can recognize the requisite attributes."
This too requires decision making, such as determining who should test the systems, where and to what extent. Can this be done solely in-house or should consultants be brought in to help?
7. Have a backup plan
Finally, enterprises should decide on a backup plan in case one is needed.
"After all your trials and testing, there may come a point where the system doesn't work," Holden says. "There could be a systems failure, an electrical fault, or for whatever reason an individual is falsely denied access. These [backups] may include more traditional mechanisms such as passcodes, to be used under defined conditions or circumstances. But these mechanisms need to be in place as a fall back."
Violino is a freelance writer. He can be reached at bviolino@optonline.net.
This story, "7 steps to biometric bliss" was originally published by Network World.