Digital Identity and Biometrics: Requirements of a Digital First World
One of the features of the post-pandemic world is a concern about the hybrid mode of work. In other words, the combination between in‑person attendance at the office and remote work. In this context, digital identity became a key issue in terms of cybersecurity, given that the number of devices used —some of which are even shared at home or within the reach of several people — multiplied; plus, access networks (connectivity) diversified.
There’s also the continuous and growing trend of migration to the cloud, requiring remote access to data and daily-use applications, which in turn also requires a careful identity protection protocol.
During times of mandatory social distancing, 20% of small businesses allowed remote work without any cybersecurity plan.
What are the challenges? In a digital-first world, where everything tends to be digital —medical records, deeds and contracts, payments, etc.— safeguarding identity is key for individuals, whether as consumers or citizens, or simply as members of some kind of organization.
Assets, emotions, and even personal integrity are at stake. For companies, public entities and other institutions, the damage can be economic, legal, or reputational. Identity theft is a common crime and can cause from mild disruptions to serious consequences.
More information on this topic?
How to Protect Your Company from Identity Theft
Biometrics are here to stay
For many years now, science fiction has been using fingerprint or iris identification as a way to validate an individual’s identity. A simple cross-reference of these biometric data with a database will allow to determine if an individual is or isn’t allowed access. Far from the cinematic fantasy, it’s common for apps to use fingerprint validation: building access control, administrative process authentication, computer unlocking, etc.
Technology is advancing and methods are diversifying. To the physical features commonly used, such as face, iris, fingerprint and even voice recognition (“Hello Google. Turn lights on. Search for pizza delivery.”), other resources are being added thanks to AI; certain behavioral traits can also be used to verify a person’s identity, such as a handwritten signature on an electronic device, how keys are pressed, or cell phone usage habits.
Some legal aspects need to be considered with the use of biometrics, basically related to privacy, personal data protection and non‑discrimination. There’s currently an abundance of regulations in this regard. However, it’s a great tool to add to an effective cybersecurity strategy. There’s already an identity verification service with biometric resources (BaaS - Biometric as a Service).
Biometrics will authenticate over $3 trillion payment transactions in 2025, up from just $404 billion in 2020.
Fuente: Juniper Research
There are many examples at hand and the trend is unstoppable. Coming soon, Rio de Janeiro and Sao Paulo will require fingerprints for driver’s licenses; according to Ernst & Young (EY), more than half of international travelers already use it.
Biometric Fingerprinting: The Most Widespread Identification
Digital identity and security
The massive use of digital identity elements requires that organizations take precautions. The implementation of multi-factor authentication (MFA), combining alphanumeric keys with biometric components, is the most popular resource at the moment. Is something as unalterable as a person’s unique physical traits not enough? For many reasons, sometimes it isn’t. Depending on the value of the assets to be protected, the level of risk can be very high and cybercriminals have developed a wide range of strategies to achieve their goals.
Identity and access control solutions (identity access management, IAM) should be part of any cybersecurity strategy, especially in hybrid work environments and when using cloud or multicloud architectures.
Authentication by biometric systems can be implemented with a fingerprint reader connected to the user’s device by USB, with applications that use facial recognition through a selfie from your cell phone or voice recognition systems.
Nonetheless, one part of the security protocol resides in that endpoint (that also needs to be protected) and the other one, in the technologies implemented on the computing center side —whether local or in the cloud— through an IAM service that properly evaluates the permissions policy. In this regard, it’s worth remembering that the current trend prioritizes Zero Trust, i.e., the restrictive granting of permissions to essential resources, and the expansion of access as the need arises.