Bobby Varma Jun 15, 2021 1:00:09 PM 6 min read

Zero Trust with Zero Hassles

How Biometrics Diminishes the Security Risk of a Remote Workforce

When catastrophe strikes, it’s human nature to look for silver linings. The pandemic has offered up its share, including for many, the freedom and flexibility to work from home. They’ve included people whose jobs would previously never be considered for remote work due to data privacy and security concerns. Employees who access financial records, medical records, credit cards, social security numbers, intellectual property – all are folks who have traditionally been expected to work onsite, no exceptions. It’s difficult enough to manage security in a physically controlled workspace. It’s even more complicated when employees are working remotely.

Cyberthreats now outrank physical threats as the most significant security risk facing companies. Until recently, CSOs, CTOs, and CIOs assumed that damage to their network would come from the outside. Once network users were verified, authenticated, and logged in, they crossed a metaphorical drawbridge and were relatively free to move about within the castle. The company’s cyber-guards had all their weapons pointing outward, overlooking the moat.

Today, security management has become wiser. They’ve realized that threats are just as likely to come from inside a network. As a result, “Zero Trust” policy is gaining traction as the preferred network architecture. Zero Trust is just what it sounds like – it’s a paradigm that assumes nothing and nobody can be trusted just because they’re inside the network. As a result, users must repeatedly verify and authenticate their identity with each step they take. The network perceives every action through a lens of suspicion: opening software, opening a file, editing a file, saving a file, and sending an email are just a few examples of activities that require verification and authentication.

In theory, Zero Trust makes complete sense. A day doesn’t go by when we don’t hear about a prominent company, hospital, government agency, or – yes, a pipeline – becoming the victim of a cyberattack. More organizations implementing Zero Trust would undoubtedly reduce the occurrence of these harmful and expensive attacks. However, the most effective solutions aren’t necessarily the most practical to implement. Just imagine what a hassle it would be for workers to enter a password repeatedly, all day long.

Replacing passwords with biometric identity can take all of the inconvenience out of Zero Trust policies. By using a computer’s embedded camera or attaching an encrypted biometric reader to verify the user’s face or iris, networks can continually validate that only authenticated users are accessing the network. From the employee’s perspective, the process is completely automated and seamless. They just go about their job sitting in front of their computer. However, if someone else were to take their place or join them, the computer would immediately shut down or close the application. The camera would identify that person is not authorized to access that information.

Use of the iris biometric addresses employee privacy concerns; unlike a face, it cannot be visually linked to an individual. Only the enrollment database knows who the iris belongs to.

The beauty of using biometrics in this way is that, when combined with other technologies like computer privacy screens, it removes any distinction between the security implications of working onsite versus remotely. The applications are wide-ranging. Legal documents, government documents, medical records, and all sorts of files that would normally never leave the office can be accessible to workers logging in from home. Security and alarm companies can allow authorized employees to monitor cameras remotely, outside the central monitoring station, without breaching privacy policies. Students can take tightly monitored exams, like board certifications, without traveling to a testing facility. Biometric enrollment occurs beforehand with the help of a mobile app.

Many of the work changes we’ve experienced in the past year will have a long-lasting impact. The pandemic has proven the extent to which a remote or hybrid workforce can reduce operational costs. Hiring managers are finding better talent when geography no longer matters. Employees who have a choice of where they work, and the freedom to better balance the demands of work and their personal lives, are happier and more likely to stick around. Businesses that were once certain all workers would eventually return to the office are now reevaluating.

For corporations, security is sacred especially when it comes to protecting confidential information. Historically, it has trumped concerns for employee convenience or flexibility. Thanks to biometrics, that balancing act will soon be a whole lot easier for many more companies. Even as they move to a Zero Trust model, their employees will enjoy greater freedoms and more seamless network interactions. Biometrics makes Zero Trust and zero hassles both possible.

Bobby Varma

Bobby Varma is the CEO of Princeton Identity.