The executives at my enterprise have extremely sensitive information on their laptops. I'm considering deploying...
biometric authentication on these devices. My question is, if I use biometrics, how useful or necessary is full-disk encryption?
Actually, you've asked about two separate functions for protecting a laptop: strong authentication and encryption. While these two can be used in conjunction, they don't provide the same protection schemes.
Biometric authentication is used to positively identify the user at login. Full disk encryption prevents unauthorized users from accessing the system data. If you put biometric authentication on the laptop and it's stolen, without full disk encryption, there's nothing to prevent someone from pulling the disk drive out of the laptop, putting it in an external case and reading the data on another system.
It's worth noting that while it may seem like biometric authentication is superior to password-based systems, that's not necessarily true. Studies suggest that biometric authentication is in many ways easier to break. Your fingerprint "password" can be lifted from a door knob on the outside of a locked office, a coffee mug or even a keyboard left at a cubical. Even if you use optical recognition, the invention of 15 megapixel cameras may allow that group photo taken at the company outing, once blown up, to have enough detail to fool the optical eye scanner on a laptop.
It should also be pointed out that both biometrics and full disk encryption don't do any good if someone walks away from his or her laptop without logging out first (it takes little time to go to an active laptop, plug in a thumb drive and download many megabytes of information). My advice is use both full disk encryption and biometric authentication (ideally as part of a multifactor authentication scheme) whenever possible. The combination will ensure a high level of security for authentication and data protection. You can use biometrics as a "something I have" authentication method, but I wouldn't uninstall the full disk encryption software anytime soon.
Should open source disc-encryption software be used?
Learn more about biometrics devices, systems and implementations
Related Q&A from Randall Gamby
Securing biometric information is a crucial step for enterprises to take, but what happens if the data is still compromised? Expert Randall Gamby ...continue reading
Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.continue reading
Bimodal IAM may be a new term, but this new way to use user credentials should probably already be in practice among secure organizations.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.