For any business owner looking to enhance their access control procedures, biometric security is a key area of consideration. This move away from traditional security measures such as passwords and keys is not without reason. The past few years have seen supposedly securely hashed passwords cracked and sold on the internet – most notably 177 million LinkedIn accounts stolen in 2012 and sold in 2016 – and RFID and NFC contactless card skimming technology advance at a frightening pace. With the two most cost-effective and easy to implement methods of securing access to a company’s premises or assets seemingly losing the arms race against hostile actors, many are looking for an alternative.
In this atmosphere, biometric measures look increasingly attractive. While often considered to be the gold standard in access control by lay-people, it is a complex and multi-faceted area of security that best serves businesses with a thorough understanding of their security requirements. Certain technologies may seem secure and simple to implement on paper but could have hidden vulnerabilities or productivity costs that could lessen or erase their benefits to your business. As such, the decision to integrate biometric security devices into your premises is one that should only be made after close analysis of the risk profile of your business,both the capabilities of a given system ands well as your business’ needs and goals.
What biometrics technologies are available?
Biometrics is a broad field, encompassing a wide range of technologies, not all of which are suitable for commercial security. For example, one of the most commonly installed biometric devices – but one of the least commonly depicted in media – is the personal signature verification system. While being able to verify the handwritten signature of an individual is valuable for secure package delivery and remote conclusion of a contract, it is less useful for access control.
More iconic technologies such as iris recognition, fingerprint authentication and voice recognition are often the first to be considered. While these may be seen as interchangeable – each capable of securing a door against unauthorised entry – they serve different purposes. As such, it is important to have a clear understanding of their individual capabilities and vulnerabilities.
Compared to the lock and key, biometrics is a new security technology. Like any new security technology, it has had significant teething problems that have greatly diminished its effectiveness. Simple issues of accuracy remain a major issue with many kinds of newer biometric devices such as facial recognition cameras – the same input accurately presented could be rejected as a false negative because of improper calibration or simply not captured. This disconnect between the concept of biometrics and its reality can be seen in many people’s daily lives; many smartphone users will have experienced the frustration of not having their fingerprint recognised and needing to enter their back-up password in order to access their phone. Technologies with higher levels of accuracy such as iris recognition require expensive devices and are far from instantaneous, as the capture process requires the subject to hold their head still and look directly into the camera. Even the smallest movement could result in a poor-quality capture and necessitate a retry.
Not a silver bullet
Biometric security needs to be installed as a specific remedy, not a general one. The reason biometric security is not widely deployed is because most businesses are not exposed to the sophisticated kind of attacks that require these more complex solutions. For example, while many businesses use contactless access cards as part of their security regime and skimming technology has reached a level of sophistication where device are simple to use and highly effective – famously, in 2006 it was found that the then new British biometric passports could be cloned using a chip reader that cost less than $400 – these attacks are still a significant investment of time, energy and money on the part of a hostile actor.
Skimming and duplicating an employee’s card in order to gain access to protected premises still requires skills outside of operating a basic piece of technology, such as the ability to surreptitiously get close to an authorised employee and breach a premises without being recognised as a hostile actor. Only a small number of businesses holding high value data or assets such as certain commodities or currency will be worth that kind of effort, making it an unnecessary expense for many.
Beyond that, biometric devices may not even address the weaknesses in your security regime. If your problem is mostly internal leaking of data or employee theft, biometric security will not stop these people at the door. While biometric security can verify the identity of an individual, they cannot verify that those individual’s intentions align with those of the organisation.
A biometric security device’s feasibility needs to be assessed against more than just the security benefits it provides to your business, but also against how it impacts the management of physical space in your building. Most applications of biometric security concern themselves with physical access control. As such, if your business is already struggling with slow movement from area to area and bottlenecks in thoroughfares, requiring employees to authenticate their fingerprints upon entry or stop for iris recognition could just deepen these issues, requiring substantial reworking of your office’s layout. Failing to consider this can lead to stop-gap solutions that undercut your business’ security – i.e. remedying long lines for the fingerprint authenticator by allowing people to pass through secured doors by using a keycard.
There may also be legal ramifications attached to the capture and storage of employee biometric data. It is important to discuss all plans to implement biometric security measures with a lawyer versed in industrial relations and privacy law.
Consider if your business truly requires biometric security, or if you could not keep your people and property safe with a more human solution. Wilson Security provides a wide range of virtual and onsite security services to businesses across every industry. Discuss your risks and requirements with one of our consultants today to help you build a solution that best meets your needs.