Cutter Consortium :: Press Release: Identification and Authentication: Who Are You?...Prove It.

Save 20% on any title when you order by 30 June 2008!

Enter Priority Code 60R*C06SAVE at checkout to receive your savings.

Press Releases

Contact Media Relations

ORDER THIS REPORT

March 22, 2005 - Arlington, Massachusetts

Identification and Authentication: Who Are You?...Prove It.

Biometrics will be a profitable security option as new technologies move out of the lab and into the field. But beware the siren song of technology. We're not prepared to store a unique biometric ID for every living organism in a database anytime soon, asserts the Cutter Consortium Business Technology Council.

In the latest Cutter Consortium Business Technology Trends and Impacts Council Opinion, Cutter Consortium Fellows Tim Lister, Rob Austin, Lou Mazzucchelli, Ken Orr, Lynne Ellyn, Tom DeMarco, and Peter O'Farrell discuss the use of biometrics for identification through matching of fingerprints, retina or iris scans, voice recognition, face recognition, or even writing analysis. According to the Council, these technologies are viable in many, but not all, situations.

Tim Lister, the lead author of the Opinion says, "No system is completely secure. Fundamentally, every system is built on trust of some authorized individuals. A highly reliable biometric-based identification, authentication, and authorization system cannot stop misbehavior of trusted individuals. How many people have heard you read your credit card name, number, and expiration date over the telephone? Other security measures must be in place to monitor behavior."

According to Rob Austin, "Biometrics are not a silver bullet. The problem is not a technical problem, and the solution won't be technical either. Bad guys figure out ways to get around new approaches to security, and they have an easier time when the good guys place too much faith in a technological solution to a business problem."

Biometric solutions have a role to play in a more secure future, but if you are considering working biometrics into your company's security systems, do careful research. Employ multilevel defenses. And make sure you address the social system in which the technology is embedded. If supporting human systems aren't in place, a biometric device just provides a false sense of security."

Many of the issues center around on the question "What cost for what value?" How much will an organization pay for greater certainty in authenticating individuals before those people gain access to information and other valuable assets? How much security intrusion will the public accept in order to conduct business transactions in daily life?

The Cutter Consortium Business Technology Council suggests you consider the following when evaluating biometrics and other technologies as part of your security strategy:

What is worth protecting -- and at what price?
Humans will remain the weak link in security systems.
Remember, passwords in 2005 are about as effective as luggage locks: it makes it a bit harder to get into the bag, but anyone determined to get in is past the lock in seconds. Walk around your workplace, look for passwords on Post-its and whiteboards. If you can't find any, you're not looking hard enough.
The cost of your current security system, even if it consists of just passwords is your minimum identification and authentication budget.
Identify and map each employee with permitted access of asset. Beef up security wherever there is just cause for tight access or where the asset value is high.
Identify fast, reliable methods to authenticate your staff.
Train your staff in security measures, and establish acknowledged, ongoing measures of compliance.
What will biometrics save you in help desk costs for password resets? In many companies, the savings are significant.
If you deploy biometric authentication, can you eliminate tokens like secure ID cards? At an annual cost of roughly $60 per user, many companies can save an ongoing expense.
If all your applications and servers required biometric authentication for access, could you save on intrusion detection processes and technology?

To request a copy of the Trends Opinion in which these comments were made along with additional recommended actions or to schedule an interview with any of the Council members, contact .

ORDER THIS REPORT

More information about Cutter Business Technology Council members is available at http://www.cutter.com/trends/trendsmethod.html

About Cutter Consortium

Press Release: Identification and Authentication: Who Are You?...Prove It.

SITEMAP SEND FEEDBACK NEED HELP?

Cutter Consortium, founded in 1986, is a global IT advisory firm helping organizations forge solutions to the business technology challenges they face. Through its research, consulting, and training, Cutter assists enterprises as they create, implement, and maintain IT systems and organizations that support business objectives and encourage innovation. Cutter pushes the thinking in the field by fostering debate and collaboration between thought leaders from different domains, countries, and disciplines. As a completely independent entity that has no special ties to vendors, Cutter Consortium is beholden to no one and dedicated to providing completely objective, unbiased information to its clients. Cutter Consortium gives you access to the top thinkers in IT.

Cutter Consortium, 37 Broadway, Suite 1, Arlington, MA 02474, USA. Phone: +1 781 648 8700, Fax: 781 648 8707