The issue then isn't the back end system. It's the security of the back end platform that you choose. The choice...
of platform should be driven by the business and technical requirements of your application, nothing more. The security of the back end can and should be baked-in simultaneously with the development of the application. Choose your back end, then make it secure, not the other way around.
Again, biometric data is no different than any other data moving across the wire to your back end. That means it should be protected from the same vulnerabilities as the data moving through your network. It should be protected from theft and replay. If captured, biometric data can be replayed to impersonate the legitimate user and gain unauthorized access into the system. That makes it easy for the attacker, who doesn't need to have the right fingerprint, face or iris pattern. All they need is the digitized biometric data.
Protect biometric data both en route to the back end and on the database where it's stored. At the same time, harden the database servers storing such data as you would any other server:
- Turn off any unnecessary services on the database servers.
- Restrict access to the servers, particularly administrative access through appropriate assignment of groups and roles.
- Encrypt sensitive data, including biometric data, when in transit to or from the back end servers.
Dig Deeper on Biometric technology
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ... Continue Reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.