Highlights from Identity Futures 2020, including how biometrics is being deployed ‘as a service’.
In the age of COVID-19, Identity Futures 2020 went completely virtual. Held over 23–25 November, the event brought together industry leaders, world-class speakers and technology experts to discuss the future of biometrics and digital identity tech.
Daltrey’s Co-founder and Managing Director, Blair Crawford, sat down with host Alan Goode from Goode Intelligence to discuss the current state of identity management, how biometrics is being deployed ‘as a service’, and what organisations are looking for in identity solutions. Here are some of the highlights.
Alan Goode: What’s makes your identity management solution unique?
Blair Crawford: One of the big things that we’re hearing that others are not doing – but we are – is converged physical and logical being made available as a service. Not only that, but we’re also combining it with high-level identity assurance and liveness detection.
There’s fantastic biometric capability out there, whether it’s facial-recognition or fingerprint-recognition algorithms or hardware devices. What the market was missing was a way to pull all those things together – securely, privately and with a top-class user experience.
Q: What is biometric identity ‘as a service’?
A: Without context, ‘biometrics as a service’ is one of those buzz phrases – like blockchain and AI. When we talk about it being made available as a service, we are talking about it from a functional perspective. It should be a technology that serves the client’s operational requirements.
What Daltrey has done is we’ve made sure we architected our solution so that it can be called upon in literally any access scenario. Our development strategy was very clear: focus on APIs, focus on micro-services and focus on containerisation. If you get that right, you truly can make biometrics a service.
Q: In terms of biometric modalities, what are some of the use cases? Where is iris better than fingerprint, for example?
A: We’re certainly seeing a lot of interest and action around face at the moment. It’s an amazing user experience – the maturity of the algorithms has significantly increased. But liveness detection is very important because the corporate perimeter has been blown away. The frontline of everyone’s security is now their dining room or spare bedroom.
There is a much higher level of sensitive information that now needs to be accessed – on a higher frequency than ever before – from people’s homes. So being able to tie that liveness into the authentication workflow is allowing for the completion of more complex and highly sensitive transactions without the traditional perimeters.
You’ve also got to take into consideration the right technology for the right application. In a data centre, iris is still preferred by many organisations. It has a very low false-accept rate; it’s highly improbable that it will make a mistake. But in saying that, it’s also highly improbable that face biometrics will make a mistake if you are using the right algorithm, the right hardware and the right authentication criteria.
Q: Biometric knowledge may be improving across the community, but there’s still quite a bit of education lacking. So what standards should a buyer be looking at?
A: For the buyer specifically, they can look at the ISO standards for liveness detection, as well as the false-accept, false-reject and failure-to-enrol rates. But my opinion is that biometrics either works or it doesn’t. There are enough algorithms out there and enough competition – in terms of publicly referenceable performance criteria – to see what works and what doesn’t work in different situations.
Q: Where are you seeing demand for biometric systems and what applications are currently popular?
A: There’s lots of interest in authentication into the physical areas of government – offices, data centres, the traditional use cases. The one that’s maturing quickly, though, is digital (logical) access. So having an established biometric credential to be able to authenticate into the Office 365 and Atlassian environments, for example. Liveness detection for remote workers is also becoming very important across Australia, Singapore and the Czech Republic. In all cases, these solutions are about protecting intelligent property and sensitive client data.
What we’re seeing in terms of the adoption of our technology is a profile of risks – so it’s specifically highly-regulated industries that have significant risks. They may be being targeted by cybercriminals because they hold large amounts of sensitive information. Organisations with hugely distributed workforces are also seeing the value in biometrics. It’s not just finance or government or critical infrastructure. Our clients exist across all industries.
Q: Can you explain your vision regarding the ‘single identity’ for both physical access control and digital authentication?
A: That’s what has driven this whole business. Users don’t really like passwords, or access cards. So the fundamental driver for Daltrey was the idea that you should be able to have an amazing user experience to get on with your role.
The other element is that there’s a need right now to help organisations improve their security posture, and to take into account the current cyber–physical risk environment. So my vision in that regard is to have organisations be able to buy the capability where they can have a single ID with a set of trusted users who can then go about their job in a very easy way, from an authentication perspective. And our technology just sits passively in the background while allowing people to do their jobs securely and safely.
We believe that our approach to biometrics and the combination of technologies we’re bringing together to enable an amazing user experience should be the standard in biometrics.
Watch the whole conversation between Alan and Blair here.