This content is part of the Essential Guide: Mobile endpoint security: What enterprise infosec pros must know now

How mobile biometrics can strengthen security

The eye-opening reality: iris scans, and other biometric authentication methods, will soon be used for enterprise mobile security, phasing out the old username and password.

Facial and iris scans may seem like sci-fi technologies, but they exist -- and have for decades. These biometric...

authentication methods have yet to make a splash in the enterprise, but that's all about to change, with mobile biometrics on its way to a smartphone or tablet near you.

One company helping to usher biometrics into the business world is Boston-based Hoyos Labs. The company, founded in 2013, developed the Biometric Open Protocol Standard (BOPS) and offers identity management technology to protect users from fraud and identity theft. BOPS contains guidelines for developing server-side applications that more securely store users' biometric data, said Hoyos CIO Jason Braverman.

Here, Braverman discusses biometric authentication's role in the future of mobile security and what it means for traditional usernames and passwords.

Q: How does mobile biometrics help ensure security?

Actually, this technology will increase user privacy.
Jason BravermanCIO, Hoyos Labs

Jason Braverman: Email has been the place to go to get a reset password and access to a bank account; then [hackers] can steal your money. And that happens every day. We can't rely on passwords anymore.

Most networks today are server-centric: all data is stored in some data center, and everything talks to that location. We see new [cyberattacks] every month, such as the Target hack, that reveal hundreds of usernames and passwords to criminals, because all the information is stored in one location. BOPS splits up the data amongst different locations. That digital representation of a person's face is stored in two or more locations -- let's say half on a mobile phone, the other half on a server array.

Q: Do biometric authentication methods force employees to sacrifice some autonomy in the name of security?

Braverman: Ultimately, it all comes down to user privacy. Actually, this technology will increase user privacy, and it will happen in the next couple years. Biometrics will empower users to own their own data.

There's almost no privacy today. Corporations and governments are tracking every purchase you make.

Test your knowledge on mobile data security

Data security approaches have changed since workers have become more mobile. Take this quiz to see how much you know about keeping mobile data safe.

Under the BOPS protocol, one of the end goals is to empower the user with their own data, so any data you create will be tagged to your identity and stored on the cloud server side. You then will have the option [of] who can see your data. That's the future of how biometrics and ID management will change user privacy and convenience.

Q: Where is mobile biometrics headed?

Braverman: Up until recently, the technology hasn't existed to make the user experience really, really good. The failure rate or lack of ease of use prevented early adoption. For companies like Samsung and Apple, the user acceptance rate has to be very high. It has to work 99% of the time.

The Samsung Galaxy Note 7 coming out [has an] iris sensor in the camera. When I first met with Samsung, the face sensor was taking several seconds. If any process takes more than two seconds, the user will not want to do it. That has been the challenge for biometrics: It takes longer than two seconds to do these processes.

Mobile biometrics has pros and cons.
Mobile biometrics has pros and cons.

Iris [scanning] is almost instant; you position your eyes in a little mirror at the top of the screen, it takes a picture of both eyes, and it's done. The camera sensors and LED emitters for this technology hadn't really existed until a few years ago, and are now small enough to fit in a phone, so now we're seeing the fruits of that labor.

Q: How is Hoyos Labs bringing mobile biometrics to the enterprise?

Braverman: We're developing the core foundation for authentication and ID management. Each business has to decide how to [enroll users], and there are many different ways to go about it. For high-security things like banking and healthcare, we recommend people go to a place where they can be watched doing [an iris or facial scan]. [Companies] want to ensure the people enrolling are who they say they are.

Next Steps

The next step for mobile biometrics

Mobile device authentication gets in your face

Dig Deeper on Enterprise mobile security