What are the implications for enterprises and the security issues regarding fingerprint scanning? Anthony Tian, Regional Director, Asia Pacific, Good Technology, gives his thoughts.
The iPhone 5S fingerprint scanner is being seen as a mobile security game changer. What are the implications for enterprises?
While Apple's iPhone 5S Touch ID fingerprint scanning technology is a very slick addition for use by consumers, the fact that even Apple themselves didn't tout this as an MDM/business feature was a good indication that the enterprise should be leery to embrace it for use as 'true' data security tool. If Apple makes the Touch ID API available, it will allow developers to take advantage of the biometric features which provide an additional authentication layer to their application, thus creating a new frontier in app security.
However, like many new security features, Touch ID should not be considered a 'silver bullet', or convey a false sense of security. There is always a way to get access to mobile devices, especially when one considers that BYOD devices can have multiple fingerprints registered to the device. This is why corporations can't rely on hardware-based encryption alone. Instead, they need a secure container around the data and information on the device so that the information can't be extracted, even if a hacker gains access to the phone
Do you see this feature violating human privacy (in-built fingerprinting scanner just to operate the device)?
Consumers have the option to make use of this feature and they can always 'opt out' when it comes to its use on their personal device. However, if a company chooses to mandate use of biometric/fingerprint scanning capabilities on BYOD devices, it does raise some privacy questions when you consider there will then be a large database of biometric information that is potentially vulnerable to hacking.
Do you think fingerprinting scanning will go mainstream as a technology?
Apple has effectively introduced the concept of fingerprint scanning for consumer use, but there still remain a lot of questions around its effective use for securing devices. Therefore, it will likely still take some time before fingerprint scanning becomes a household feature.
Do you see any possible risks with the integration of biometrics in mobile security?
According to recent reports, a German biometrics hacking group has successfully demonstrated how they have bypassed the iPhone 5S' fingerprint scanner by taking a high-resolution photo of the users' fingerprint, which was then printed and used as a fingerprint to access the device.
While biometrics technology adds another layer of security to mobile devices, it should not be the only security feature used on corporate devices. You can't solely rely on operating system security because there are multiple things that users can do, outside of an organisation's control, to weaken it. If you're going to entrust your corporate data to a device, you need to provide a solution that protects the data, not just the device and gives you (the IT admin) control. It is critical for companies to secure both their mobile devices and their data with secure containerisation to protect sensitive data and corporate IP on those devices.
Sign up for CIO Asia eNewsletters.