Justifying the Costs
Like most security solutions, the cost of a biometric system is difficult to estimate – basic differences between the systems as well as propriety technologies cause price points to vary significantly. But the majority of companies balance costs by offering customization, scalability, and enrollment management.
Worried about justifying the upfront investment to your company leadership? Identify how inefficiencies in your current security protocol could be rectified by biometrics.
“Biometric authentication can eliminate the inefficiencies of multiple digital identities, databases, credentials, and organizations managing enterprise access, including physical access. Addressing these gaps easily justifies investment cost,” Scarfo explains. “Biometrics can streamline operations, make physical and logical access easier and faster for users, increase security, provide an audit trail, and eliminate the help desk.”
Biometrics can also reduce time and labor for personnel, whether it’s reducing manned check points, card and key replacements, or password changes.
“Just as there is a price associated with the time spent to complete these seemingly simple tasks, when added together, the overall administration of a key or card system is costly,” Flink says. “Biometric data can’t be lost, stolen, or forgotten – it doesn’t wear out or need to be replaced.”
Allay Privacy Concerns
Occupants can be leery of enrolling in a biometric system, whether there are concerns about how data is stored or the basic principle of biological identification. But unlike Hollywood, which portrays biometrics as easy to replicate and hack, the reality is that this technology has already proven its reliability in various military, government, and high-security applications for several decades.
“Owners want strong authentication credentials for biometrics – the same level of security already provided by smart cards,” says Scarfo. “Unlike proximity cards and their readers, smart cards and biometrics can go through a challenge and response sequence to initiate conversations with the network. Card signatures are checked to make sure the card or biometric is indeed authentic and hasn’t been tampered.”
Biometric authentication can be strengthened when it’s part of a multi-modal system, one that requires two levels of identification to gain access. For example, a fingerprint scanner or hand geometry reader can be easily paired with a smart card or PIN password, as well as any other biometric device.
Communicate to occupants that all biometric data is encrypted, just like their personnel file with HR or medical records would be. Even if the information were improperly accessed, all a hacker would see is a string of 1’s and 0’s.
You can also emphasize how your existing security measures are already vulnerable to breaches. Outline areas of your building that could benefit from more stringent security, such as server rooms, pharmacy storage, or stock rooms.
Let employees know how many times a password needs to be reset, how many keys are lost each year, and the rate at which replacement ID cards are issued. Remind them that each incident weakens security in the long run.
“With traditional card access, once a badge is lost, it is still active in the access control system from the moment the badge is misplaced to the time it is subsequently reported,” says Flink. “By adding a biometric to the access control system, a badge alone cannot be used to gain access.”
Whether biometric data is stored on a smart card or the biometric reader, the ID template is specific to that building. Biometric information isn’t shared between different manufacturers, won’t be stored in a single database, and is rarely compatible between readers at multiple locations.
“A single smart card can store both the user’s ID number and biometric template. Because of this, there is no need to distribute hand templates across a network of readers or require the access control system to manage biometric templates,” Flink assures.
“This means integration with any existing access control application is greatly simplified, eliminating extra network infrastructure costs. Because the template only resides on the card, the solution also eases individual privacy concerns,” she continues.
Owners should take caution to fully explore the impact of biometrics on their overall security. You may need to have meetings with HR and legal prior to implementation. Occupant briefings and training will also be key.
Biometrics must also follow ADA guidelines, notes Sean Ahrens, a practice leader and manager for security consulting services with Aon Risk Solutions. A hand geometry reader might be at the right level for both populations, but an iris or fingerprint scanner will certainly be out of reach for some. It might be necessary to have two readers at different levels to make sure all occupants can be accommodated.
You should also consider how visible your biometrics will be. Any prominently displayed security system can be a tip off about valuables that lie within.
“Generally, biometrics create the perception of a higher level of security, which can ultimately be a disadvantage,” cautions Ahrens. “A biometric device can afford additional interest to a would-be aggressor – it sends the message ‘assets are in here,’ whether that’s the case or not.”
Make sure that the addition of biometrics is fully supported by sound protocol and building design. All facilities can benefit from a layered security approach and biometrics are just one of many tools to create a safer environment.
Jennie Morton firstname.lastname@example.org is associate editor of BUILDINGS.