Biometrics – Never trust, always verify

biometrics

Can biometrics be the first step towards a Zero Trust strategy? The post-pandemic world has created a new necessity for Zero Trust strategies 

Biometrics and associated biometric authentication mechanisms, come with numerous privacy challenges ranging from the leaking of your biometrics, to social media enabled spoofing and ingenious machine learning tricking mechanisms.  

The optimal solution to preventing data being leaked is to never share it. If you never share your actual biometric data, no badly secured cloud platform, no human error or malicious privileged database administrator can leak your data. However, if you choose not to disclose any biometric data to anyone can you still use it for the purpose of authentication? The answer is yes. 

The disruption and uncertainty of the past couple of years created new opportunities for fraudsters to retrieve personal information and impersonate customers, and it kickstarted a wave of account-based attacks that’s continuing to rise today. 

These recent attacks have put security front of mind for both brands and customers. But many organisations are still a few steps behind, lacking the measures to fight fraud effectively. 

A Zero Trust approach is critical  

So many attacks we’re seeing today are based on stealing customer identities, which means it’s more important than ever to ensure you know who you’re talking to in every engagement. 

Abbas Kudrati, Microsoft’s Chief Cybersecurity Advisor talks about how Microsoft approaches this challenge, using a ‘Zero Trust’ approach to engagements. “Zero Trust isn’t just a buzzword. It’s an architecture model that forces brands to verify the user at every engagement, trust nobody, and always assume a breach has happened,” he explained. 

It’s a two-pronged approach, involving participation from both customers and employees. Customers need to prove they’re trustworthy every time they speak to an agent, access their account, or complete a transaction. Similarly, employees need to prove they’re trustworthy throughout the working day. Zero Trust also involves more than just authenticating individuals. It requires brands to know their architecture, including all the devices and services used across their network, and the digital health of those devices. 

While it sounds simple in principle, Zero Trust can be a little trickier to put into action. In parts of the organisation like the contact centre, gauging the trust of agents and customers effectively—without causing too much friction in engagements—can be a major challenge. 

Security Buyer catches up with Michel Roig, President, Head of Payments & Access at Fingerprint Cards to discover the future of biometrics and a zero-trust strategy.  

Today’s enterprises are being challenged to stay one step ahead of security threats. Data shows that in 2021, the average cost of a data breach reached USD 4.24 million, up from USD 3.86 million in 2020 and the highest in 17 years.  

The surge in flexible and hybrid working arrangements (Working From Anywhere – WFA) is making an already challenging situation even more complex. Leaders now need to decide how to combine enterprise-level security with current working models. The timing could not be more critical. In 2021, the average cost of a data breach where WFA was a factor was a million dollars higher compared to non-WFA related breaches, and many organisations still need to adopt a stronger security strategy for cloud-data storage.   

An important strategy attracting increasing attention is a Zero Trust approach to security. While organisations consider how to implement Zero Trust in their IT strategies, a first step could be to consider the role of biometric authentication for logical access control, throughout digital estates.   

 

To read more exclusive features and latest news please see our Q4 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

Subscribe to our newsletter

Don't miss new updates on your email