The desire and need to process and communicate information has come to be a dominant factor in our personal and business lives. Automation has meant that we are increasingly reliant on the machines that store, process and communicate this information. Our culture is now that we must trust increasingly sophisticated and geographically obscure information systems and networks: our information assets are communicated, stored and processed within these invisible, complex webs.
As information security perimeters blur, domains of control become harder to define and maintain. This moving and evolving situation has introduced many changes in how we assign and maintain responsibilities for information security, information assurance & information governance – these changes are the heart of the challenges in the information security/assurance/governance disciplines today.
A cornerstone of today’s’ information architectures, displacing the digital perimeter as the defining security architecture characteristic, is digital identity. We are increasing dependency on digital identities for building and maintaining information controls.
Those who would subvert/steal informational assets are, of course, now attacking the systems of digital identity based controls. In response there is need for more robustness of digital credentials to support digital identities.
To meet this need we are now about to embark into the age of biometrics. This is a marked change of practice, wherein we will routinely use information that is intimately linked to our physical individuality in order to prove our digital id.
This will be a positive move. The long-standing use of shared secret information, such as passwords and ‘secret’ personal data, to provide credence to digital identity has been a continual game of leap-frog between the technologists and those who seek to defeat such mechanisms.
I believe that the move to biometrics will significantly raise the bar in this game. And the use of biometric data to support digital identities is a more natural simile of how we operate in the physical world: we will be digitising our skin, faces, voices, eyes to prove who we are.
I’m not saying there are not some real threats associated with widespread use of biometrics. For me this development does raise some important questions that should be further debated; for example, will my “digital body parts” be stored and used securely? – what is the risk of my being “digitally cloned” and if it happens will the biometric aspects make it hard for me to reclaim my digital identity?
But I do believe that well designed, deployed and managed biometric based identity systems can deliver a much needed, major step up in the levels of trust that can be achieved in our cyber-world.