This content is part of the Essential Guide: Managing information security amid new threats: A guide for CIOs
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Biometric security measures and identification: A new enterprise rage?

Should CIOs heed biometric security measures and identification? Our #CIOChat-ters weighed in on the implications of biometric-scanning authentication.

The prospect of new, high-tech security technology has CIOs and IT organizations drooling over the idea of a world where secure information and operations are affordable and easy to implement. Within the consumer tech world, fingerprint authorization has made its way onto the smartphone, but most enterprises are still struggling to determine how and where to use biometric security measures and identification.

In SearchCIO's February #CIOChat, we asked participants: "What security tools should be on CIO's radar?" While biometric security measures might seem unrealistic and unattainable in the enterprise for now, their uses -- as strange as some might sound -- are already out there:

Yes, you read correctly: body odor biometrics. A study conducted by a biometrics research group at the Universidad Politécnica de Madrid in collaboration with Ilía Sistemas S.L. found  that while body odor can vary with diet, disease and mood swings, there are aspects of each person's body odor that remain recognizable. The group's analysis of 13 individuals during 28 sessions found that correct identification occurred more than 85% of the time. These low error rates are certainly promising, but will there be an application in the enterprise? Let's put the brakes on body odor biometrics for now.

SearchCIO Senior News Writer Nicole Laskowski has given biometric security measures and identification a lot of thought. In her recent Future State column, Laskowski talked to Kansas City startup EyeVerify LLC, a company using blood vessel patterns found in the whites of the eye for user authorization. This technology could be especially valuable for opening mobile banking apps or other programs housing sensitive, personal information. According to Laskowski's research:

As with emerging technologies such as cloud storage, smartphones and wearables, which gained popularity on the consumer side before they hit the enterprise, employees and customers are going to expect organizations to adopt biometric security measures and identification quickly once they've entered their personal lives.

Whether it's your eyeball or fingerprint, SearchCIO Executive Editor Linda Tucci asked tweet jammers if mobile is the best -- and only -- place for all this biometric technology to reside:

More on biometrics technology

Biometrics and wearable technology

Will biometrics replace the password?

Multifactor authentication requires users to provide a few different identifications -- often a cypher they know (PIN or password), an item they possess (smart card, USB key or pass), and a physical characteristic they submit to scanning (fingerprint or eyeball, typically) -- to access secure areas, devices or applications. Tweet jam participant Chris Scott, a technology practice leader at Tatum US, suggested that organizations might soon require two-factor authentication for those accessing their company assets, but CIOs don't need to worry about how -- at least not yet -- since consumer tech companies are already working that into the devices employees bring to work.

What do you think? Will biometric security measures and identification be a mobile-only innovation, or will it be woven into devices inside the enterprise, as well? Share your thoughts in the comments section below.

For more of this #CIOChat conversation, search the hashtag on Twitter. Our next SearchCIO tweet jam will be held on Wednesday, March 25, at 3 p.m. EST. Follow @SearchCIO on Twitter to learn the topic (TBA).

Dig Deeper on Enterprise data privacy management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Will biometric authentication be added to enterprise devices? If so, where?
The sooner the better in my opinion.
The sooner the better in my opinion. Should occur at all workstations, wireless or not.