Dont lose your “disc”
Published January 18, 2008 at 11:01 pm · Filed under Features
Advances in telecoms and personal computing have made working away from the office both practical and convenient. But, as George Skaff explains, it also has implications for data security
The news that disks containing the details of more than 7,000 Northern Ireland drivers have gone astray, following so fast after the loss by HM Revenues and Customs of two unencrypted disks containing the records of 25 million British citizens, has underlined the importance of implementing proper procedures for the transfer of data between offices.
However, confidential and corporate information doesn’t just leave organisations as part of a defined process. The rise in mobile working means digital assets are regularly taken off site on company laptops, PDAs and even memory sticks, and these too can go missing as organisations as diverse as the Gap, Nationwide, M&S, Nottingham Primary Care Trust and HM Customs & Revenue have found to their cost.
The main dangers when this happens are not loss of data - in most cases information will be backed up and easy to recover - but the risk of data falling into the wrong hands and the damage that is done to a company’s reputation.
For this reason, ensuring the security and privacy of digital assets should be a top priority for any organisations with a mobile workforce.
The problem with passwords
Today, passwords are still the most common way of securing access to data within organisations, but they are far from being foolproof and are can be broken. Users will often set passwords that are easy to remember; they will regularly have a single password for a number of different systems; and they tend to choose passwords using similar and predictable criteria, such as birth dates and the names of family members or pets.
In addition, most people are lax about maintaining the security of password authentication. In a survey by BPM Forum (Secure Your Network Assets Survey, April 2007), almost 60% of respondents revealed that they or someone in their organisation had given a network password to a colleague. Other studies have found that commuters in train stations require very little or no incentive to reveal their passwords.
The recommended solution to these drawbacks is to use different passwords for different applications and to make passwords more obscure. The problem with long, complex passwords, however, is that they are more likely to be forgotten or written down.
Biometric myths
A more modern solution is to use biometric security. Biometric fingerprint readers are being embedded into more and more mobile devices including phones, laptops, PDAs and even USB memory sticks. It is estimated that in 2006, more than 10 million laptops were shipped with such technology.
Despite its increasing prevalence, fingerprint biometrics is still mistrusted by some members of the public who fear that their civil liberties are at risk and that organisations are storing personal data. In fact, many fingerprint authentication solutions store fingerprints as a mathematical algorithm from which the original fingerprint can never be recreated.
Another misconception is that fingerprint authentication hardware and software is considerably more expensive than a traditional password-based ID verification system. When you consider that 25-50% of calls into helpdesks are for password resets and that each reset can cost £15 plus, the true cost of password systems becomes apparent.
Improved security
One of the key advantages of biometrics is that it removes human fallibility from ID verification. It can also provide additional features for protecting digital assets. For example, certain fingerprint authentication software packages make data encryption easy by allowing authorised users to encrypt and decrypt important files simply by scanning their finger.
Other benefits include One Touch Logon (the ability to utilise one factor authentication to securely log-on to your device or network), and One Touch SignOn, which gives quick access to applications and/or websites where you would otherwise need a username and password.
An additional benefit is that many fingerprint authentication solutions provide audit trails mandated by industry and government regulations to track what data has been accessed, when and by whom. This capability is critical for information that is taken ‘on the road’ and out of the office environment.
Conclusion
Advances in fingerprint biometrics and falling prices mean that biometric authentication is now a viable and sensible option for SMEs and consumers. Small and inexpensive enough to be embedded in all manner of mobile devices, the technology removes human fallibility from the authentication procedure. Unlike passwords, a fingerprint is not something you can forget, lose or share with others, and it is unique to its owner.
George Skaff is vice president of marketing at DigitalPersona, the leading provider of biometric authentication
solutions for enterprise networks, developers and consumer OEMs. DigitalPersona's products are used
worldwide by more than 90 million people.
http://www.digitalpersona.com/
DigitalPersona Pro SBS Edition extends the benefits of fingerprint-enabled secure sign-on and password management to small businesses with fewer than 75 users.
