April 25, 2022
“Digitize First…Secure Later” - Closing the Gap with Biometrics
By Maria Pihlström
By Maria Pihlström
Cloud technology is the cornerstone of today’s ‘digital-first’ workplaces.
Gartner forecasts that the coming years will see a rapid rise in cloud adoption as organizations increase spending on cloud services by 21.7% in 2022. This growth in spending will mean that by 2026, cloud expenditure will account for 45% of all enterprise IT spending.
This rapid growth in cloud computing means vast quantities of corporate data is now in the cloud (both public and private), and it’s a lot of data! By 2025, it is predicted that the amount of data held in the cloud will exceed 100 Zettabytes (1021 bytes), and potentially reach 200 Zettabytes.
With so much valuable data going to the cloud, decision-makers cannot rush security. Yet 2021 was another year marked by hacks and breaches, and there are signs that enterprises have taken a “digitize first…secure later” approach to creating a digital-first workplace.
Passwords and PINs – a step backwards for a digital-first workplace?
Today, knowledge-based authentication methods (PINs and passwords) continue to be the most widely used tool. It is understandable why: PINs and passwords appear simple, cheap, portable, and familiar.
However, with cyberattacks and phishing representing some of the biggest security threats facing organizations, passwords and PINs are a security pressure point. Sophisticated software means that it can take a hacker just one minute to crack a seven-character password during a brute force attack. Implementing longer, more complex passwords does improve security, but is it a step forwards in real terms? Today’s digital-first workplace empowers employee productivity, so managing increasingly complex passwords goes against this.
To support today’s digital-first workplaces and close the gap between security and connectivity, a swift, secure, and futureproof access and authentication approach is essential.
Home & work and the rise of Zero Trust
Workplace digital transformation and more agile working patterns – and the security challenges this presents - have blurred the lines between enterprise and domestic security. Consequently, there is no set ‘perimeter’ around an organization’s digital estate. This shift has led to more organizations adopting a Zero Trust approach .
First proposed over a decade ago, more organizations are turning to the Zero Trust (never trust, always verify) model. Supported by a growing range of tools and guides from companies like Google, Microsoft, and federal government mandates, Zero Trust is a widely used approach to security and access control.
However, with the cost of a data breach reaching USD 4.24 million in 2021, up from USD 3.86 million in 2020, organizations need to transition to Zero Trust immediately to avoid 2022 being another record year for breaches, hacks and financial losses.
Even though the Zero Trust posture is maturing, implementing one can bring challenges. To help, a tech that is already tried, tested, and readily available is required.
Closing the gap with biometrics
Compared to knowledge-based authentication, biometrics unlocks swift and secure access control, complementing the convenience of a digitalized workplace. What’s more, it is firmly established, supported by robust standards such as FIDO2 and Windows Hello. Fueling the continued rise of biometrics is R&D, which has jointly tackled the issues of reliability and security. Thanks to this, gone are the days of frustrating users with false rejections and successful hacks (or spoofs) with something as simple as Blu-Tack or a Gummi bear.
So, what does biometrics in a digital-first, cloud-based workplace look like?
As organizations reconsider authentication and logical access control, there are multiple endpoints where biometrics can be integrated into the employee workflow.
PCs and smartphones are common endpoints to be considered. But for organizations looking to protect sensitive company data beyond employee PCs, biometric logical access is available via USB tokens and access cards. R&D around these two end-points ensures they work within existing infrastructures. Consequently, no major rewrite of an organization’s security strategy is needed, bringing biometrics within easy reach for decision-makers.
Navigating the road to Zero Trust
The whirlwind of the cloud revolution has seen a significant gap between connectivity and security emerge. Amidst the search for a solution, organizations need to ensure that their productivity is not eroded, all while staying ahead of the threat of hackers and human-error related breaches.
Given the scale of the workplace digital transformation, time is critical. So, matured, trusted and readily available and trusted tools are essential. Transitioning to Zero Trust represents the end goal of the logical access puzzle, and biometrics can be the first piece.
Stakeholders within the ecosystem can consider the potential for biometrics to level-up logical access control and authentication. By doing so, they can look beyond relying solely on knowledge-based authentication and consider how they can digitize and secure the workplace in tandem.