Blockchain vs. Biometrics: Are They Equal Identity Management Innovations?
Identity and access management is perhaps the subfield CISOs, cybersecurity experts, and journalists follow the most closely. This may have something to do with the fact that most security experts believe identity is (or should be) the most important component of any enterprise’s digital security platform. Therefore, identity management innovations receive a considerable amount of attention and hype, more so than innovations than in endpoint security or SIEM.
In the past few years, two particular identity management innovations have threatened to turn the IAM world on its head: biometric authentication and blockchain technology. The former uses unalterable physiological factors such as fingerprints and facial recognition as authentication factors. The latter is a decentralized secure ledger system that auto-encrypts activity conducted on it and prevents targeted hacking attempts.
But are these identity management innovations created equally? What the popular and expert perceptions of both? How do their rates of adoption differ? In short, is there anything behind the hype behind biometric authentication and blockchain technology?
Biometric Authentication: Experts Approve, Public Unsure?
According to a recent survey of U.S. enterprises conducted by biometric authentication solution provider Verdium:
- 63% of enterprises plan on implementing biometric authentication after experiencing a data breach in the hopes of preventing another one.
- 81% of IT security decision-makers believe biometric authentication secures their enterprise’s databases better than passwords.
- 99% of enterprises use passwords as their primary authentication method, but only 34% report confidence in the security capabilities of passwords.
- 83% of IT security professionals state their employees will try to bypass password authentication systems via writing down passwords or using similar passwords.
- 86% believe that biometric authentication is the most secure option for enterprises and consumers alike.
- 54% believe it will improve employee productivity.
Indeed, biometric authentication has already been deployed at enterprises and received praise from early adopters. However, it might be premature to crown it the king of the identity management innovations. Other surveys have discovered evidence of public distrust or dismissal of biometric authentication:
- According to TSheets, nearly 50% of U.S. adults weren’t comfortable with biometric authentication.
- 40% couldn’t even identify biometric data.
- A separate survey by the Consumer Technology Association found that nearly a quarter of U.S. adults were uncomfortable with biometric authentication.
If you are part of a B2B enterprise, these findings may not initially concern you given that they’re focused on consumer behavior. However, the differences between consumer attitudes and employee attitudes can be difficult to distinguish If consumers are truly this reluctant to hand over their biometric data to any centralized authority, your employees may resort to the similar bypassing techniques they use with passwords to avoid your identity management innovations. That’s a significant investment they’d be rendering irrelevant.
Furthermore, many identity management experts contend that biometric authentication works best as part of a multifactor authentication platform rather than as an individual solution. Biometrics may not be a panacea your enterprise seeks—at least, not by itself.
What About Blockchain?
For all the hype surrounding blockchain, it’s actually hard to tell if it should be counted among other identity management innovations. The reason for this confusion is simple: it really hasn’t been implemented yet in an enterprise-level identity and access management context. The buzz surrounding it stems from its success in securing cryptocurrency transactions without being cracked or otherwise corrupted. As of right now, blockchain in the identity world is a theory, albeit a very popular theory.
Hypothetically, blockchain would offer more individual control over users’ identities, allowing for self-sovereignty in digital identities. This feature would empower individuals with full ownership over their identities; this would prevent identities becoming contingent on databases but instead allowing users’ to choose what attributes define them in their digital interactions. It would, in theory, create a user-based permissions model for granular control. Additionally, the inherent decentralized ledger capabilities of blockchain would prevent hackers from accessing centralized databases or storage buckets containing users’ data as seen in previous breaches.
However, identity and access management experts, speaking with Techcrunch show a considerable lack of consensus in blockchain’s future among other identity management innovations. Few are outright optimistic, citing the prospect of self-sovereign identities and secure, verifiable identity transactions. Others are dismissive of the technology, pointing out that blockchain was not designed for IAM and has inherent functions that make it more of a security vulnerability than a boon—such as putting information in a public permissionless ledger or increasing the attack surface via decentralization. And some experts are more neutral, seeing both sides of the argument. Plenty of startups are focusing on blockchain as an identity security tool, but it remains to be seen how they will be implemented and their effectiveness in the real world.
Identity Management Innovations: The Hype Bubble?
This article is not meant to be a condemnation of either biometric authentication or blockchain technology. Instead, it’s meant as a cautionary tale about getting swept up in the hype of identity management innovations. Cybersecurity is a field that can foster feelings hopelessness and despair. In such an environment, it’s easy to grab onto anything that promises to make security easier. We urge you and your enterprise to do your research, consult with your IT security teams, and be critical of anything that promises the moon. You owe it to your employees, investors, and customers to know exactly what your IAM solution can do and what’s still only in the realm of the possible.
Psst! Hey! Guess what! The richest man to ever live was Mansa Musa of the Mali Empire. And guess what else? I’m going to be at Identiverse June 24-27 in Boston, MA. You should join me! Use the registration code REGISTERNOW18 at this link to save $250!
Widget not in any sidebars