Maria Pihlström, senior global marketing manager at Fingerprints, discusses how organisations can secure enterprise cloud with biometrics
Cloud technology is the cornerstone of today’s ‘digital-first’ workplaces. Gartner forecasts that the coming years will see a rapid rise in cloud adoption as organisations increase spending on cloud services by 21.7% in 2022. This growth in spending will mean that by 2026, cloud expenditure will account for 45% of all enterprise IT spending.
This rapid growth in cloud computing means vast quantities of corporate data is now in the cloud (both public and private), and it’s a lot of data! By 2025, it is predicted that the amount of data held in the cloud will exceed 100 Zettabytes, and potentially reach 200 Zettabytes.
With so much valuable data going to the cloud, decision-makers cannot rush security. Yet, 2021 was another year marked by hacks and breaches, and there are signs that enterprises have taken a “digitise first, secure later” approach to creating a digital-first workplace.
Passwords and PINs – a step backwards for a digital-first workplace?
Today, knowledge-based authentication methods (PINs and passwords) continue to be the most widely used tool. It is understandable why: PINs and passwords are simple, cheap, portable, and familiar.
However, with cyber attacks and phishing representing some of the biggest security threats facing organisations, passwords and PINs are a security pressure point. Sophisticated software means that it can take a hacker just one minute to crack a seven-character password during a brute force attack. Implementing longer, more complex passwords does improve security, but is it a step forwards in real terms? Today’s digital-first workplace empowers employee productivity, so managing increasingly complex passwords goes against this.
To support today’s digital-first workplaces and close the gap between security and connectivity, a swift, secure, and future-proof access and authentication approach is essential.
Home & work, and the rise of zero trust
Workplace digital transformation and more agile working patterns — along with the security challenges this presents — have blurred the lines between enterprise and domestic security. Consequently, there is no set ‘perimeter’ around an organisation’s digital estate. This shift has led to more organizations adopting a zero trust approach to security and access control.
First proposed over a decade ago, more organisations are turning to the zero trust (never trust, always verify) model. Supported by a growing range of tools and guides from companies like Google, Microsoft, and federal government mandates, zero trust is a widely used approach to security and access control.
However, with the cost of a data breach reaching $4.24 million in 2021, up from $3.86 million in 2020, organisations need to transition to zero trust immediately to avoid 2022 being another record year for breaches, hacks and financial losses.
Even though the zero trust posture is maturing, implementing one can bring challenges. To help, a tech that is already tried, tested, and readily available is required.
Closing the gap with biometrics
Compared to knowledge-based authentication, biometrics unlocks swift and secure access control, complementing the convenience of a digitalised workplace. What’s more, it is firmly established, supported by robust standards such as FIDO2 and Windows Hello. Fuelling the continued rise of biometrics is R&D, which has jointly tackled the issues of reliability and security. Thanks to this, gone are the days of frustrating users with false rejections and successful hacks (or spoofs) with something as simple as Blu-Tack or a Gummi bear.
So, what does biometrics in a digital-first, cloud-based workplace look like?
As organisations reconsider authentication and logical access control, there are multiple endpoints where biometrics can be integrated into the employee workflow.
PCs and smartphones are common endpoints to be considered. But for organisations looking to protect sensitive company data beyond employee PCs, biometric logical access is available via USB tokens and access cards. R&D around these two endpoints ensures they work within existing infrastructures. Consequently, no major rewrite of an organisation’s security strategy is needed, bringing biometrics within easy reach for decision-makers.
Navigating the road to zero trust
The whirlwind of the cloud revolution has seen a significant gap between connectivity and security emerge. Amidst the search for a solution, organisations need to ensure that their productivity is not eroded, all while staying ahead of the threat of hackers and human-error related breaches.
Given the scale of the workplace digital transformation, time is critical. So, matured, trusted and readily available are essential. Transitioning to zero trust represents the end goal of the logical access puzzle, and biometrics can be the first piece.
Stakeholders within the ecosystem can consider the potential for biometrics to level-up logical access control and authentication. By doing so, they can look beyond relying solely on knowledge-based authentication and consider how they can digitise and secure the workplace in tandem.