Biometric Systems are Essential for Effective Access Control.
If it is Imperative You Know Who's in Your Facility, then Biometric Technology Should be an Integral Part of Your Security Measures.
What is Biometric Security?
Biometric security has moved on from science fiction into our everyday lives and is widely used as a form of identification or access control at almost all airports, corrections, hospitals, office towers, campuses, prisons, data centres, and even vehicles and smart phones just to name a few. The growth of biometric security solutions is growing exponentially every year as costs have lessened significantly.Firstly, what is “biometric security.” The definitions vary a little but essentially biometric security is a security mechanism used to authenticate and provide access to a facility or system (i.e., a computer network) based on the automatic and instant verification of an individual's physical characteristics and because biometric security evaluates an individual’s bodily elements or biological data with that person's biometric template, it is the strongest and most foolproof physical security technique used for identity verification.
Another definition is simply "Biometrics can be defined as the most practical means of identifying and authenticating individuals in a reliable and fast way through unique biological characteristics".
You may probably be thinking about fingerprint identification voice recognition but there are now quite a few different types that have made their way into mainstream commercial use and even more types are in the pipeline. Each type of biometric technology has its own pros and cons for deployment across an enterprise or facility.
Why so? Well, some people may feel uneasy about having their hand or fingerprint data stored inside a corporate server. Is it secure? What if the server is hacked? Who has access to my ID. These concerns are understandable and that is why manufactures today have developed "security by design" processes whereby ID data is stored very securely and uses strong encryption.
Another concern is infection. What if the person using the fingerprint reader before me has covid or some other disease? Nevertheless, there are still health risks and privacy concerns that need to be addressed and these concerns seem to be moving the trend curve towards non-invasive touchless technology and whatever the type, there are still concerns with data privacy that need to be addressed at the very beginning of the design cycle.
Different Types of Biometric Security
There seems to be phases that come and go with companies experimenting with new types ofbiometric technology
and there are two main categories. The first is "physiological" whereby the distinct characteristics of a person are converted into a digital ID and the second is related to behavioural characteristics of a person’s actions that are analysed and also converted into a digital id, such as one's signature or keystrokes made on a computer keyboard.With both categories, there is invasive and passive. Invasive means you interact or place your finger or eyes on a scanner and the digital id will be created and others are non-invasive, whereby they assign an id without touching anything. In some cases, you are not even aware that you have been identified. An example of this is facial recognition. The image below shows the various types of biometric systems across the two categories.
Higher Level Of Security
Biometric security systems
offer a much higher level of security when compared to a standard proximity card, fob or mobile credential. How so? It is easy for someone to loan their card to a friend or colleague and allow them to gain access to sensitive areas or logon to the network. It does not matter how secure the actual card is, if it cannot be verified that it is in the "possession" of the person gaining entry, then it is useless.Furthermore a card can be stolen, forged or even cloned without the owner being aware. However, it is impossible to hand over your biometric "unique" characteristics such as your fingerprint, iris, face, hand, or voice. These features are unique to you alone and biometric identification is the only mode of authentication that can unequivocally validate a person's identity and because of this it makes biometric systems best suited for medium to high security applications.
This does not mean that you need to roll out
biometrics
across your entire facility. It depends on the various risks, threats and value of your assets. However, it is wise to deploy them inhigh security
areas such as server rooms, data centres, entry points, laboratories, and human resources areas, etc.What Type of Biometrics to Use?
Choosing the correct type is not always a strait forward exercise and we have seen some organisations roll out a particular type of technology only to have it removed due to staff rejection-the staff though there were hygiene issues with fingerprint readers.Consideration needs to be given to the balance of "accuracy vs. convenience". Obviously, DNA is very secure and impossible to forge, but it is expensive to process and needs a laboratory to obtain results. This makes it unsuitable for access control applications. Whereas
voice recognition
is inexpensive but does have issues with accuracy.Accuracy is discussed in mainly two terms. False acceptance rate (FAR) and false rejection rate (FRR). The FAR is determined by the percentage of times an invalid person is accepted by the system. The FRR is the percentage of times a valid user is rejected by the system and manufacturers will publish both these rates for their products and solutions.
There also needs to be a consideration of the optimal user experience, coupled with budget, in addition to the level of acceptance by the system users. Later we discuss one the most important aspects of biometric systems -"interfacing" to physical access control systems. The image below shows the various types of
biometric security
and the general acceptance levels.
Engage Cornerstone Security Consultants
As you can see there are numerous considerations and technical details that need to be weighed before deciding to deploybiometric security systems.
Cornerstone are independentSecurity Consultants
and are best placed to provide you with insight on their application for your enterprise or facility.We can even take you to another facility where you can discuss the pros and cons with users of existing biometric systems. Please call us for more information or a security