Biometric revenue, estimated at $399 million in 2000, will skyrocket to $1.9 billion by 2005, according to International Biometric Group. The New York City-based consulting firm says network access and e-commerce applications will fuel the growth. Raj Nanavati, a partner with IBG, gives IT organizations an overview of biometric technologies in this special interview with TechTarget.
TechTarget: Briefly explain what biometric technologies are and how they work.
Nanavati: Biometrics is the automatic identification of people based on behavioral or physiological characteristics. It includes technology for fingerprints, facial scans, voice scans and iris scans. The goal is to use biometrics to control access to buildings or doors, to computer networks or to government programs.
TechTarget: What's driving the growing interest in biometrics?
Nanavati: The direct reason for using any kind of security technologies - biometrics, tokens, smart cards, whatever - is to provide enhanced security with respect to accessing applications, to help you cut down on fraud. Biometrics provides a more robust audit trail. If you can positively identify somebody when they're initiating a transaction, and you know for sure it's that person, you can rely upon that [information] down the road. For example, if you were doing time and attendance using fingerprints or hand geometry, then you would know it was that person who was at that facility at that
TechTarget: What obstacles remain for implementation? Cost?
Nanavati: Cost is one factor, but I think a bigger factor is lack of knowledge of the technology. A lot of enterprises aren't familiar with biometrics, so they aren't focusing on how it could be deployed at a particular facility. Integrating the devices is probably the second-biggest issue. People aren't fully aware you can take a fingerprint scanner and use it for enterprise solutions.
TechTarget: Which industries are more readily adopting biometrics?
Nanavati: It tends to be larger organizations that are looking into the technology -- Fortune 500 companies and government agencies. Obviously a number of airports have announced projects recently. But there are a lot of small and medium size firms that are using biometrics: it's not a technology that's relegated solely to companies with million-dollar budgets, that's for sure.
TechTarget: How could IT organizations evaluate biometrics as a security option?
Nanavati: Every organization is a little different. What is the level of security and what data or assets are being protected? What does it cost to administer passwords? If you've got 10,000 employees, each one has a password. After a while they'll forget their password, so they'll call up your helpdesk and you'll need to staff it. Even if you staff the helpdesk with just three or four people, that's a couple hundred thousand dollars a year. So part of (biometrics' advantage) is the direct costs: you're getting rid of those helpdesk positions.
Another advantage is enhanced security. Supposing once every couple of years you have employees who leave and then hack into your system. Fingerprint technology would stop that. The other factor is inconvenience. What if you have traders on a trade floor and one person forgets his password? There's no fraud there and there's no call-center cost that might be reduced. But there is the fact that this person has wasted an hour trying to figure out his password. With biometrics, he could go to any workstation, put his finger in front of the scanner and get authenticated.
Biometric technologies aren't perfect. You do have to install them. There's also some cost associated with maintaining them. It becomes more of a balancing question: given the ineffectiveness of passwords, and the fact there are costs associated with passwords, companies need to ask if there is a benefit to using fingerprint, face-recognition or other biometric technologies. Biometrics is a nascent industry with respect to network security, and people are just now beginning to learn about the technology and understand the options.
TechTarget: How could IT departments formulate a cost-benefit ratio?
Nanavati: Enterprises should look at the type of data they need to protect, the users accessing the data, what the regulatory framework is, how often passwords have to be changed, the cost of maintaining those passwords - a whole array of factors. It's going to be different for a five-person advertising firm than it is for a 50,000-person bank or for a hospital. It really varies by vertical, by sector, by types of applications. It requires a fair amount of research and understanding of biometric technologies: how they work and what the technology is capable of doing.
TechTarget: Given that many organizations still struggle to implement firewalls and other more common security technologies, why is IBG predicting such a rosy future for biometrics?
Nanavati: The key with biometrics is making them easy to use, inexpensive and able to be integrated into real-world applications. This could make them a much better option than tokens, passwords or cards. In the long term, biometric technologies are going to get cheaper and easier to install, so we think it's inevitable that they will become more popular. There are millions of organizations already enrolled in some type of biometrics. The technology is by no means a new, unheard-of system. The big question is whether we'll see biometrics gain ground in e-commerce applications.
Garry Kranz is a freelance business and technology writer in Richmond, Va.
Go to searchSecurity for additional Web resources on biometrics
View a more detailed definition of biometrics from whatis.com
SPONSORED BY: EMC
FREE BUSINESS CONTINUITY/APPLICATION DEVELOPMENT WEBCAST SEMINAR
Learn strategies for protecting your information lifeblood from disaster -- while accelerating enterprise application deployment. Presenters include experts from Andersen, MasterCard International, and EMC.
Live webcast: Wednesday, December 5, 11:00 a.m. PST, 2:00 p.m. EST. Sponsored by EMC, CRM Magazine, and destinationKM.com.
This was first published in December 2001