Gaining access to data centers in the not-too-distant future may be as easy as slipping your hand into a fingerprint...
reader or palm reader, or flashing your eye in a retina scanner.
These James Bond-type technologies are available today and are known as biometric tools. Biometric technologies rely on the complexity and individuality of body parts as a form of authentication.
Conventional authentication technologies, like ID badges and access codes, ensure that only authorized people gain access to a data center. However, both forms of authentication can be transferred to another person.
Biometric tools are different. They are based on what a person is, not on what they have or know. A person cannot give another person his hand or fingerprint. In fact, as morbid as it may sound, some biometric scanners can check to see if the hands being scanned are actually alive.
Most data center managers today cannot justify the cost and complexity of installing and maintaining biometric authentication tools. They rely on other means to control access to data centers, like ID badges and physical security checkpoints. Moreover, sometimes the data contained within data centers isn't valuable enough to warrant the extra protection and hassle of biometric tools.
"A lot of companies can't afford to be on the bleeding edge," said Evan Scott, president of the Evan Scott Group International, an executive-level search and managerial consultation firm specializing in computer security. Most companies with data centers will wait until biometric technology becomes a little more battle-tested before they consider it, he said.
"It would take a vendor like IBM saying they recommend and endorse them," Scott said. "The technology needs to be proven, priced right and make sense given security risks."
Moreover, there is still a lot of integration that must be done when installing biometric tools, Scott said. Most data center customers will wait until biometrics are part of a larger project that comes pre-integrated with other systems, he said.
Currently, the prime market for biometric technology comprises organizations that have highly valuable data -- such as government agencies. Security vendor VeriSign Inc. is also a big believer in the technology. The company employs these tools in all of its data centers. In fact, the company uses a variety of biometric tools to add levels of security that are even higher than the norm.
VeriSign doesn't rely solely on biometric products but considers them an important piece in a multi-method approach to authentication, said Ken Silva, vice president of network and information security at the company.
For example, all employees have an ID badge that grants them access to the front door of the building. To access some areas, employees need to enter an access code. To enter a data center, they need to put their hand in a biometric scanner. To get into the most sensitive data centers, they need to go through a second biometric scanner that looks at the iris.
At each level, there are fewer employees who use the technology, which makes it easier to manage. "We have a core staff that is used to using them. For example, people need to consistently put their hands in the scanners (especially if they have to do it two or three times a day)," Silva said.
No one would argue that all biometric devices are created equal. There are cases of the technology being thwarted. For example, researchers have found a way to mimic fingerprints using gelatin similar to that used to make gummy bear candies. Facial recognition scanners have been duped with short videos. Iris scanners can be tricked with high-resolution pictures of the eye.
"Some biometrics devices are better than others," said Andy Tsouladze, senior Unix system administrator at UAL Loyalty Services Inc., which currently uses a palm print scanner that has performed well. "In one of my previous jobs, we had fingerprint recognition devices that were failing three out of every four times."
"People were so frustrated; they did not want to hear about any biometrics at all. Bad publicity is a huge factor," Tsouladze said during a recent e-mail interview. The question of adoption is not so much about cost or complexity but about the perception of the technology, he said. "Good publicity from some major players in [the] data center area would create a big push. So far, I have not seen any," he said.
FOR MORE INFORMATION:
FEEDBACK: What has to happen for biometric tools to become the preferred means of authentication?
Send your feedback to the SearchSecurity.com news team.