Identity and Access Management (IAM) plays a central role in securing enterprise IT systems. IAM is a framework for managing digital identities and assigning individual users' access to resources. It provides organizations with the tools to regulate their access to systems or data, and reduce the risk of unauthorized access to secure resources or data leaks.
Matthias Reinwarth, senior analyst at KuppingerCole, explains that "Customer identity is at the core of most modern business processes and...customer identity management will be a key enabler for many organizations." He goes on to explain that IAM "enables organizations to quickly identify whose data they are responsible for and where it is stored," as well as when that data was accessed and by whom.
IAM systems perform three key functions:
- Identification through the use of user-specific digital profiles containing uniquely identifying information
- Authentication via username and password combinations, PIN numbers, one-time codes, or other security measures
- Authorization by granting users privileges based on their role, access level, or other requirements
All of these functions are vital to security, but authentication is especially important. As organizations expose increasingly sensitive resources to customers and other external users, the need for stronger authentication measures becomes more urgent. However, this presents a tradeoff: stronger authentication measures validating digital identities lower the risk of unverified users gaining access to secure resources, however, they also create hurdles for legitimate users. To succeed, IAM solutions need to balance strong security with a frictionless and unobtrusive user experience.
The Role of Biometrics in IAM
Biometric data plays a very important role in modern authentication systems. Static biometrics—such as a fingerprint or facial scan—provides a secure form of authentication that is easier for users than memorizing a password. In a study by IBM, 87% of respondents said they felt comfortable using biometric authentication today or that they would feel comfortable using it in the near future. In the same study, static biometrics were ranked as more secure than either password or PIN authentication. While static biometric data can be copied, it is significantly harder to copy than other forms of authentication.
However, static biometrics presents two challenges. Although fingerprints are harder to copy than passwords, they can be copied and used to fool even the most advanced sensors. Moreover, PII and data stored online are vulnerable to fraud via identity/credential theft or account take over. Second, a static biometric scan still introduces friction to the user experience. A fingerprint or facial scan might be significantly faster than entering a password or PIN, but it still requires the user to stop their current activity and wait for the authentication process to complete. For systems that require multiple forms of authentication (known as multi-factor authentication, or MFA), each factor adds a new hurdle for users to jump over.
For IAM solutions to provide an optimal user experience, they need to be able to continuously authenticate users. The only time the authentication process should present itself to a user is if an error occurs, or if stronger authentication is required. This process is known as silent security since it only becomes apparent to the user when it detects a problem. Static biometrics will not work for silent security since they require direct input from users, but behavioral biometrics are much better suited.
Behavioral biometrics allows IAM solutions to authenticate using dynamic biometric data such as swipe speed, finger pressure, and how the user holds their device. This data is uniquely tailored to each user's digital profile, is difficult to copy, and is difficult for fraudsters to reproduce. In addition, IAM systems can passively collect this data in order to continuously authenticate users without interrupting their current session. Using behavioral biometrics for authentication allows users to access resources securely and with fewer intrusive authentication prompts.
The Future of Biometric Security in IAM
Successful IAM implementations require strong authentication. Behavioral biometrics allows organizations to offer a more positive authentication experience for their customers while offering greater security than traditional forms of authentication. As more organizations implement strong authentication measures as part of their digital transformation, behavioral biometrics and advancing biometric security will continue playing a greater role – in demonstrating the impact of boosting authentication with biometrics – to make fraud prevention at once secure, reliable, and user-friendly.