Biometrics is no longer the stuff of science fiction, and is ready to take its turn in prime time for general industry applications, including securing the data center, according to experts. Fingerprint technology is a particularly good fit for this use, industry watchers add.
In fact, controlling physical access to rooms or production areas is a long-time biometrics application, said David Fisch, a consultant with International Biometric Group LLC, an independent analysis firm in New York. "It's been viewed as a futuristic technology, but that's not really the case. If you want to secure a room, it's a great way to do so."
In addition to the government-related uses one might expect, there are grocery stores that are piloting biometrics systems to allow customers to pay with, literally, one touch. "You enroll your credit card, and then when you check out you just use your fingerprint," Fisch explained. "Biometrics is being used for both security and convenience."
Vertical markets as diverse as banks, construction sites and the trucking industry are all using biometrics to some degree, Fisch pointed out, with biometrics revenue expected to grow from $1.2 billion in 2004 to $4.6 billion in 2008. That's around 400% growth per year.
The good, bad and futuristic
Biometrics actually encompasses several different major technologies, including handprint, fingerprint and iris or eye identification. Voiceprint and skin identification are also up-and-coming applications. Thor Mollung, an independent security consultant in Medford, Mass., said fingerprint technology is probably the best choice for data center security. Handprint readers are large and bulky, he said, and if someone has a prosthetic limb or an injured arm, it's obviously difficult or impossible to get an accurate reading.
For its part, iris technology is still a bit too futuristic. "Companies haven't really bought into the idea of having someone walk up to a wall and put their eye against a reader," Mollung said.
Especially when used with other security layers -- personal identification numbers or magnetic-swipe or other types of ID cards -- a fingerprint system works to both identify and verify the person seeking access.
Another plus to this layered approach is that if someone loses his ID card, or the card is stolen, the need for a fingerprint will ensure the data center remains secure. Also, Mollung pointed out that the ID card and fingerprint combination means "I can be enrolled in an office in California, but if I have access to a site in Boston, I can go there and not have to re-enroll because I carry my template around with me" on the card.
Prices more reasonable
Pricing for biometric systems has fallen over the past few years, with fingerprint readers costing less than handprint readers which, in turn, are less expensive than iris or eye readers. A good-quality fingerprint reader that can write a user's fingerprint on a smart ID card can be bought for under $1,100, Mollung said. This compares to regular card readers that sell for around $300 each.
A fingerprint reader that doesn't write to a card is even less than $1,000, but this approach can mean an increased number of false positives or false negatives, Mollung explained. In other words, every time someone tries to access the data center, the print reader must search through the files of all the users' prints in the system. This increases the possibility that someone who should have access might be mistakenly kept out of the data center -- a false negative -- and increases the possibility that someone who shouldn't have access at all will be let in -- a false positive.
ID cards cost around $6 each, a bit more for cards with graphics like corporate logos.
Generally speaking, companies will need one reader for each door to the data center and then another to act as an "enrollment" device -- where the fingerprint templates are stored. These prints are what are matched to the individuals' prints on their ID cards.
Most companies attach this enrollment reader to a PC or server to physically store the data. As long as the server is behind the firewall, it's relatively safe, observers pointed out. Also, even if security is breached, all that can be seen is a mathematical series of ones and zeros that represent any given fingerprint. In other words, it's not possible to hack into the system and then steal an image that represents a specific person's print; the information is never stored in image format. Plus, the fingerprint information is encrypted on the server and on the device reader and when it's traveling back and forth between them.
Regardless of the type of biometrics used in the data center, Mollung urged customers to keep a few other things in mind. First, don't put a biometric reader in an environment where you're giving access to the whole company. "That defeats the idea of restricting access," he said, which is why a data center is a good use of biometrics.
Even within the data center, there may be "concentric rings of protection," Mollung explained. There might be a keypad that requires a PIN on the front door of the data center, with a fingerprint system needed to access the largest or most business-critical servers that are in a separate raised-floor area within the data center. Perhaps the test servers or tape library are in another area within the data center, with their own security systems.
Mollung also suggested customers consider putting in live video feeds. "If someone is denied access, you can get their face on your security camera screen" and then request the system give you an image of the person's ID card to make sure it's the right person and not someone trying to use another employee's card. "No matter what you do for data center security, never think one dimensionally," he said. "Anything you do should be integrated with other security."