4073ErbJustinAssessment2-1
.docx
School
Capella University**We aren't endorsed by this school
Course
IT 4073
Subject
Computer Science
Date
Jan 13, 2025
Pages
7
Uploaded by ChiefSummerAardvark26
Assessment 2 BiometricsJustin ErbIT-FPX4073 Organizational SecurityCapella UniversityProfessor HesseJanuary 8, 2025
Mega-Corp’s Biometric Authentication Strategy: Review and AdviceIntroductionSecurity businesses have always used user IDs and passwords to protect physical and logical information resources. But these approaches are starting to become less viable as the risks of breach and user abuse becomes apparent. This has encouraged businesses to adopt stronger authentication approaches. Perhaps the most promising alternatives are biometric technologies, which employ unique physical or behavioral characteristics to identify people. Biometrics is based on three key modes of authentication: what the user knows (passwords), what the user has (tokens, RFID cards), and what the user is (fingerprints, facial expressions). For Mega-Corp, the use of biometric authentication provides a means of strengthening security in its decentralized system. This paper reviews the possibility, benefits, drawbacks, and challenges of deploying biometrics at Mega-Corp and recommends a best-fit biometric approach to the organization.What are the Pros and Cons of Using Biometrics for Integrating Physical and Logical Authentication Processes?The implementation of biometric authentication for both physical and logical systems have several benefits. First, biometrics provide greater security by drawing on distinct biological characteristics that are hard to duplicate or rob. In contrast to passwords that can be shared or cracked, biometric data is inherently personal. This protects a sensitive area or system by making sure only authorized people have access to it. Furthermore, biometrics enhance user ease as they remove the need for passwords or even a physical token which can be forgotten, lost, or stolen. One-of-a-kind biometric technology can even automate processes by combining physical (e.g.,
building entry) and logical access (e.g., IT). This common approach minimizes redundancies and enhances organizational security.Biometric systems, however, are far from perfect. One significant drawback is cost. Implementing a biometric system means investing in hardware, software and ongoing support. Privacy is also an issue, as employees may hesitate to share sensitive biometric information in case it is abused or violated. Nor is biometrics foolproof; false positives (granting access to unauthorized users) and false negatives (withholding access from legitimate users) are common mistakes. In addition, ambient conditions like light or dirt on a fingerprint scanner can impact system accuracy. Despite these limitations, the promise of enhanced security and efficiency make biometrics an attractive proposition for Mega-Corp (Shailaja, 2020).Authentication Options Using BiometricsBiometric authentication comes in a variety of configurations, each with different features and applications. Facial recognition scans unique facial details and is ideal for busy places or hands-free settings. But it can be affected by illumination, facial obstructing, or ageing. Fingerprint scanning is one of the most common biometric devices available due to its affordable nature and relative simplicity. It’s effective in a controlled setting but potentially more useless for people with damaged or dirty fingers. Voice recognition uses speech patterns for authentication and is ideal for remote access, but is susceptible to impersonation or noise infiltration. High resolution iris/retinal scans measure specific structures of the eye. This approach works well in highly secured locations, but it can be seen as intrusive and costly. Hand geometry describes the shape and size of the hand, and it is applicable for stable users, but not necessarily for organizations
that experience high user engagement. These features give Mega-Corp the freedom to select an authentication strategy that fits its security and business needs (Microsoft Learn, 2024).Effectiveness of Biometric OptionsVarious aspects such as accuracy, speed, scalability, and user acceptance will determine whether biometric systems work well. Fingerprint scans, though inexpensive and widely deployed, can be restricted to settings where hands are often repeatedly exposed to environmental elements. Facial recognition is more efficient and less invasive, but it may not cope well with population differences or differences in environment. Voice recognition works well for remote signing, but is weak in noisy environments. IRIS and retina scans provide unparalleled precision, making them an ideal tool for protecting critical infrastructure. But they’re expensive, and users might be put off by their intrusiveness. When Mega-Corp chooses a biometric solution, security and user experience, as well as scalability, have to be balanced, so that the solution fits the organization’s needs (Nlyte, 2022).Token-Based or Injected RFID/Biometric AuthenticationInjected RFID (Radio-Frequency Identification) provides a replacement for biometrics through token-based authentication. Instead of physical or behavioral traits, RFID requires implanting a tiny machine in the skin that emits a distinctive signal. This approach is convenient as one does not need to keep physical cards or memorize passwords. But RFID tags are subject to cloning or theft, and thus are less secure than biometrics. Besides, RFID does not provide the same level of transparency as biometrics since RFID cannot prove who the user is beyond possessing the token. RFID & biometrics would be combined to create a hybrid system with dual factor
authentication, providing a better level of security. Mega-Corp for instance may require the user to scan an RFID tag in addition to a fingerprint for access, making sure users are both present and identified (Pacheco, 2023).Barriers to ImplementationThere are many issues associated with implementing a biometric authentication system in the enterprise level. The technical challenges involve compatibility with current infrastructure, deploying the system in multiple sites, and sizing it for a growing workforce. The price is steep, since biometric devices come with high upfront hardware and software costs, as well as maintenance and training costs. Another major barrier is user acceptance: employees may find biometrics disruptive due to privacy or anxiety about intrusive procedures such as iris scans. Compliance barriers (GDPR or HIPAA) are a legal and regulatory hindrance that complicates the implementation process. Second, a biometric breach must be protected because compromised biometric information cannot be redeemed the same way as a password. Solving these challenges will require Mega-Corp to take a progressive approach towards implementation via pilot initiatives, employee education and data protection (RSI Security, 2020).RecommendationUsing the analysis, fingerprinting becomes Mega-Corp’s best biometric authentication method. It is reasonably priced, accurate, and user-friendly, which makes it useful for securing physical and rational access. Fingerprint readers are relatively quick to install and use with existing systems, which provides an easy user experience. To mitigate potential barriers, Mega-Corp must roll the system out phase by phase in high security spaces such as data centers. Employee education and
awareness trainings may help resolve privacy concerns, and secure encryption and data security practices assure compliance with the law and regulations. Mega-Corp can improve its security by using fingerprint scanning, resulting in the least disruption to the business (Flexential, n.d).ConclusionBiometric authentication provides Mega-Corp with a strong mechanism to secure its decentralized infrastructure. This report reviews the pros, cons and barriers to implementation and it underscores the need to choose a biometric solution that matches your organization’s business objectives. With its cost, accuracy, and scalability, fingerprint scanning is the perfect fit for Mega-Corp’s authentication approach. Using a gradual implementation approach and a strong emphasis on user acceptance, Mega-Corp can use biometrics to safeguard its information assets securely and effectively.
References:Howell, J. (2024, November 29). Data Center Physical Security: The Complete Guide [2024]. ENCOR Advisors. https://encoradvisors.com/data-center-physical-security/Shailaja, C. (2020, March 31). Physical security of a data center. isa.org. https://www.isa.org/intech-home/2020/march-april/departments/physical-security-of-a-data-centerWilson, M. (2023, May 23). Data center Physical Security best practices. Nlyte. https://www.nlyte.com/blog/data-center-physical-security-best-practices/Sloan Security Group. (2022, August 22). Data Center Physical Security: Best Practices Every Plan Should Have. Sloansg. https://www.sloansg.com/post/data-center-physical-security-best-practices-every-plan-should-haveMsmbaldwin. (2024, March 27). Physical security of Azure datacenters - Microsoft Azure. Microsoft Learn. https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-securityPacheco, M. (2023, December 26). Data Center Physical Security: How to protect your valuable assets. TierPoint, LLC. https://www.tierpoint.com/blog/data-center-physical-security/Datacentre-Paul. (2024, December 11). Physical security in the data Centre: Best practices for 2024. Datacentre UK. https://www.datacentre-uk.com/physical-security-in-the-data-centre-best-practices-for-2024/NIST SP 800-12: Chapter 15 - Physical and Environmental Security. (n.d.). https://csrc.nist.rip/publications/nistpubs/800-12/800-12-html/chapter15.htmlD_Scalet, S. (2015, March 31). 19 ways to build physical security into your data center. CSO Online. https://www.csoonline.com/article/509635/physical-security-19-ways-to-build-physical-security-into-a-data-center.htmlThe critical imperative of data center physical security: Navigating compliance regulations. (2024, August 21). Datacenterdynamics. https://www.datacenterdynamics.com/en/opinions/the-critical-imperative-of-data-center-physical-security-navigating-compliance-regulations/Data center best practices You should know | Flexential. (n.d.). Flexential. https://www.flexential.com/resources/blog/data-center-best-practices