It's important not to forget that all of the biometric data has to be digitally recorded and stored, and the security around this data must be planned out and access limited appropriately, Chaney says. "In addition, these 'super' highly privileged access users must also be monitored and subjected to even higher level of security," she says.
A major concern is if the servers storing biometric information is hacked, Holden says. "if a person's biometric information is stolen, that could have extremely serious consequences for that individual," he says.
Another big challenge is determining who should use biometrics technology, as well as when and where, Chaney says. "Every end user will have to submit to an examination to collect their individual data," she says.
That process can be a daunting task for any corporate security program, Chaney says. "Hopefully, as you build out a layered security defense you will find that it is not necessary for all assets to be protected with biometrics technology," she says. "As with any security program you must first assess what needs to be protected and then decide the level of protection."
Integration into the security program is another issue. "Obviously there are greater barriers to entry and startup costs to get these systems up and running, compared to the relatively simple and easy deployment of password-based solutions," Taule says.
Lack of accuracy is another potential problem. "There are solutions that can overcome these concerns, but there are factors to be considered that can hinder system effectiveness," Taule says. "For example, if using a voice print or thumb print, what happens if someone becomes hoarse or cuts their finger?" he says.
One of the biggest challenges is the process by which the biometric is originally captured and bound to an identity, Taule says. "Often this is accomplished in person, but this has high overhead costs and is highly inconvenient for distributed organizations."
Sign up for CIO Asia eNewsletters.