You're Nobody Without Your Mobile Device

Will mobile biometrics be an IAM driver or nonstarter in the enterprise?
This standardization issue would stick IT between a rock and a hard place with regard to mobile biometric adoption. Corporate-issued mobile devices could provide a degree of uniformity that would make it easier to f biometric mechanisms from them into the greater IAM ecosystem. But that strategy could hamper user acceptance, as employees are likely to carry their own personal phone as a primary device.

But the decision to use biometrics within a BYOD model could be less of a yes-or-no choice and more of a case-by-case option for identity assurance, Symplified's Platt says. Regardless of who owns the device, he believes that enterprise success will depend on how well the device can tap into federated identity protocols.

"The key to unlocking this value will be the way that the consumer device providers enable federated authentication protocols -- like SAML or OAuth," he said. "Done right, this will allow carriers to provide authentication to apps and services provided by third parties, including e-commerce websites and financial services providers."

Finally, enterprises will also have to deal with what lost or stolen devices mean for the ultimate integrity and convenience of their IAM infrastructure.

"To the degree that biometrics on these devices store sensitive information, such as centralized authentication information or other passkeys associated with biometrics, this is a potential risk," says Justin Strong, senior global product marketing manager for Novell. "Beyond this, IT must deal with how to resolve people who lose devices they had come to depend upon to access everything in their daily routine."

Embracing The Opportunities
In spite of the challenges, those like Strong believe that biometrics on mobile devices open up a world of IAM opportunities within the enterprise.

"With organizations trying to make the smartphone not only our most attached possession, but also a new form of currency, biometrics probably has a critical role to play," he says.

Strong believes that on a mobile device, this could extend well past simply authenticating access to email or information on the device itself and extend it into a commonly accepted method for granting access to the far reaches of enterprise assets.

"Imagine using your smartphone to authenticate who you are, then open the door to your office," he says.

According to some, if deployed well, mobile devices could provide the means to finally offer additional identity assurance on a wide-scale basis without having to deal with the inconvenience of tokens or the flimsy security of PINs.

"I think it will open up some opportunities, especially if organizations want to provide that extra identity authentication assurance to the staff that are logging into their systems," Unisys' Potter says.

Additionally, even though BYOD does add complications to the equation, biometrics on these devices has the potential to solve one of the most nagging general issues of BYOD: containerizing and securing corporate data away from private data.

"In a BYOD environment, a user might have a different profile to access the enterprise environment and data from his or her personal device," says Shivesh Vishwanathan, senior mobility solutions architect for Persistent Systems. "Biometric authentication can become the additional security entry point to this profile and to the more secure enterprise environment."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.