Ben Bulpett, EMEA Director at SailPoint, asks why business leaders don’t incorporate smartphone security into their workplace
Unlocking a phone with a touch of a finger or a facial glance has become so commonplace that 75% of smartphones purchased in 2019 were equipped with some form of biometric authentication. Replacing the traditional passcode, these newer forms of recognition add an extra layer of security, guaranteeing that the correct person is accessing the device and the private data it holds. Yet, while so many of us have secure identity management on our personal smartphone, why is it that so many of our organisations have not looked at applying a similar security layer to their computers and systems?
As technology continues to bring more users, applications and data together, these connections also bring more vulnerability. From employees, to partners, to contractors, your organisation’s information should always be secure by ensuring that users have access only to what they need.
A biometric access control system establishes a user’s identity by identifying physical or behavioural attributes of that user. It offers a more secure system than the current methods used by many businesses, where codes, passwords or swipe cards are used to access computers and the rooms they are housed in. Passwords and codes can be forgotten or hacked, while swipe cards can be easily misplaced or stolen, creating serious security flaws. And furthermore, if that access isn’t properly governed, who knows if the person requesting that access is who they say they are AND should even have the access they’ve requested.
What really identifies each user’s needs as unique is their human behaviour, particularly based on their role within the company. Through analysing each user’s behaviour in real time, such as where, when and how they access system data, one can build a profile of each user. A user profile can also contain such information as who they report to, what they last accessed and what level of privilege they have associated with a specific system. The profile helps to track if users are behaving in line with their usual patterns, while easily recognising potentially risky behaviour. As malicious intruders won’t know an individual user’s daily routine, it makes the intruders much easier to spot and protect against. By providing the essential information about what a user is accessing, when and how, a biometric access control system guarantees that the user accessing your corporate resources is who they say they are.
That said, to truly secure an organisation and its users’ access, biometrics as an overlay to existing measures for ensuring access is just the beginning. Once a user confirms they are who they say they are, the next step is whether or not that user should have the access they request to whatever system or application they have requested access to. Identity governance is the secure path forward to reducing system security risk by governing proper access to corporate resources. Biometric access control systems are becoming more widely used by organisations keen to take authentication to a new dimension. Biometric systems can be easily integrated with an organisation’s existing identity and access systems and have increased in adoption as the technology becomes more widespread.
With the growing use of AI, machine learning identity has moved from just being an enterprise deployment, to an enabler for any size organisation to rethink their approach, from front door access to ensuring each user has the access they rightly require, no more, no less. An integrated identity platform gives organisations the power to embrace secure new technologies that will scale their workforce, reduce risk, and heighten operational efficiency.
Hasn’t the time come to make your organisation as secure as your smartphone with an integrated identity approach?