Biometric authentication: the new software security approach
More industries are adopting cloud-based software to improve data management and productivity, but ensuring data is secure remains a challenge. MARISKA MORRIS reports
In what is being called the fourth industrial revolution, more industries are turning to cloud-based software to manage data. This software allows easier access to information, back-ups and, with the latest technology, it also offers real-time updates. This ensures that the most up-to-date information is available at any given time.
One example of cloud-based software is African Management Software (AMS) from Deep Red Technology, which is used to manage medical surveillance in the occupational-health sector. The front-office application in AMS is designed to increase productivity through simple and efficient operation.
“Its aim is to manage the occupational-health clinic systems effectively and efficiently, incorporating all the surveillance processes in one user-friendly system,” says Richard Pfab, general manager at Deep Red Technologies.
He adds: “AMS has successfully integrated with many hardware devices, which makes it a simple process for patients to move from their audio testing to vision and lung-function testing, and then to the medical exam. AMS generates all the required certificates and stores them safely in the database.”
He notes that the system maximises the number of patients that can be serviced, while minimising user error. AMS also has a “back-office” function, which includes a web portal hosting patient records.
“Clinic staff and patients are able to access interactive charts, reports and any authorised patient records from any device, at any location with an internet connection. In order to avoid downtime during internet connection problems, AMS data is stored on a network database. It is thus impossible to lose data, even if there is a system failure at the clinic or hosted data centre,” Pfab notes.
Like all new cloud-based software, AMS simplifies data access and management, which improves productivity. However, these systems come with their own challenges as data is more vulnerable to hacking, which could put sensitive information at risk.
In its research into IT security risks, Kaspersky Lab, a global cyber security company, found that data protection is the most important security concern for businesses. It also found, however, that nearly one in five companies worldwide struggles to manage security across various platforms.
Deep Red Technologies has implemented numerous security settings to assist in protecting sensitive information on the AMS system.
“Only authorised personnel have access to the system by means of a username and password, and/or biometric (fingerprint) authentication,” Pfab says. Similar biometric technology is used by Fujitsu South Africa with the Palm Secure system.
This technology uses infra-red scanning to track the structure of veins in the palm. Palm-vein technology has more than 500 reference points, which makes it more secure than fingerprint authentication. While Fujitsu aims the technology at manufacturers through the Industrial Kiosk, it is widely used by the healthcare sector in Turkey.
Similar to AMS technology, Palm Secure is used to manage patient records. However, Turkey implemented the system to prevent patients from receiving the same medicine from various clinics in order to resell it. With the Palm Secure system, clinics were able to identify whether a person had already received their medicine from another clinic.
Werner Simpson, an engineer at Fujitsu South Africa, notes that the hand-detection or palm-scan technology is more secure than a username and password. Employees are prone to forgetting their username and password. In some cases, this confidential information is shared freely among co-workers, which puts sensitive information at risk.
The biometric authentication technology is considered very secure. However, not everyone agrees that biometric authentication is the safest security approach to protecting software.
Technology magazine Wired quotes law Professor Alvaro Bedoya in its article titled: Biometrics are coming, along with serious security concerns. Bedoya explains that biometrics is inherently public information, while a password is private.
“The whole point of a password is that you don’t tell anyone about it. I know what your ear looks like, and I can take a high-resolution photo of it from afar. I know what your fingerprint looks like if we have a drink and you leave your fingerprints on the pint glass,” Bedoya says.
Biometric authentication is widely used by police to identify suspects, because of its public nature. In the same article, Wired notes: “Just as you can buy software to brute force your way through pins and passwords, hackers are already engineering ways to spoof biometric authentication.”
According to the article, more than five million fingerprints were compromised when the United States Office of Personnel Management was hacked. Biometric authentication might be a current solution to protecting software, but it is by no means a permanent solution. The best preventative measure to keep information safe is to appoint a reputable cyber-security company to manage software security.