If the administrator sets the threshold too low, the system will be more lenient in matching a submitted biometric to the user's template and subsequently will be more likely to accept an invalid user. Set the threshold too high, and you increase the likelihood that valid users will be rejected. To make ongoing management easier, make sure the thresholds can be configured and adjusted in house.
As with any authentication system, users must be enrolled first. Many biometric systems let users self-enroll. They authenticate to the local computer or to a directory and then enroll with the biometric. Unfortunately, if you are using biometrics to strengthen authentication but you rely on user names and passwords during the initial identification and authentication process, you haven't made any security gains. Monitored enrollment prevents this scenario but takes more time.
After enrollment, consider where the authentication information will be stored. Biometric systems that store data on the local machine can authenticate a user to that machine only. For larger deployments and for better management, look for a system that uses centralized storage. If the biometric software is deployed on all relevant systems, users can enroll once and have access everywhere.
For backup, multiple means of authentication should be recorded. Some devices let you enroll multiple biometrics--such as all the fingers on the right hand--for a single user. If something happens to one finger, a cut across the finger pad for example, the user can use another finger to authenticate without having to re-enroll.
In all cases, you will have to use hardware and software from a single biometric vendor: Interoperability is nonexistent in biometric authentication, despite the BioAPI Consortium's rallying to provide a standardized API for biometric integration. Authentication-management applications, such as Novell's NMAS and Secure Computing's SafeWord PremierAccess, which tie together biometric and nonbiometric authentication strategies for directory logins, are available, however.
Application integration is still based on individual partnerships, so it is important to ensure the device you choose supports your applications or that the vendor is willing to develop the integration for you. Integration usually takes place on the desktop or server using a Unix PAM (Plugable Authentication Module), a Windows GINA (Graphical Identification and Authentication) or a Novell eDirectory LCM (Login Client Module). As long as a user name-password pair is cached, your login credentials are used to log in to other applications. If your applications require a separate login, expect to do some developing.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
