Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director."— Presentation transcript:

1 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director Novell Inc., rlopez@novell.com

2 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 2 Agenda How real is the threat? Will the technology facilitate your business objective? Understanding the issues Building a business case Additional considerations and futures Q&A

3 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 3 How real is the threat?

4 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 4 How real is the threat? “It’s not hacking that results in the most damaging penetrations to an enterprise’s security system. It is often the work of an employee within the enterprise that causes the most damage. And while many of those incidents are due to employee malice, a great number stem from the manipulation of employees - often without their knowledge - that results in the theft of crucial data. “ Rich Mogull, Senior Analyst GartnerGroup Gartner estimates that more than 70% of unauthorized access to information systems is committed by employees, as are more than 95% of intrusions that result in significant financial losses. Kristen Noakes-Fry, Research Director Gartner

5 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 5 How REAL is the threat?

6 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 6 Traditional, Best of Breed Security Architecture Web server Apps AIX, Solaris, HP-UX, Linux, etc DMZ NT/2000 OS/390 NetWare ® /NT admin Users Web server Web users VPN, Dial-up, Wireless users Access Control server OS/390Admin Unixadmin Apps NetWare Appsadmin Web admin

7 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 7 Leveraging technology to achieve business objectives

8 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 8 What is your objective? What benefits do you hope to gain and which pain points do you hope to address with the deployment of this technology? –A stronger form of authentication/better security? –An improved end user experience? –Are you hoping to reduce password related help desk and administration costs? Will you be requiring your mobile workforce to biometrically authenticate?

9 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 9 Is your main objective to be secure? –Tsutomu Matsumoto and the gelatin finger Two factors are better than one –How secure is the entire software architecture? Is the client and server software digitally signed? –Tamper resistant Are the client and server software mutually authenticating? –What is the authentication protocol? Is the communication between the biometric device and the back end system encrypted? –Integrated, circuit-based readers are probably more appropriate than optical-based readers Biometrics for security

10 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 10 Biometrics for convenience Is your main objective to improve the end user experience? –Can be very successful as a password replacement –Initially, saw more convenience than security- oriented engagements, but this is changing Which form factor is right? –While this model often provides the greatest ROI, there’s still the cost of managing the solution

11 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 11 Understanding the issues

12 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 12 Lessons learned from other Big Ideas What lessons can we learn from PKI? –1999 Headlines: “This is the year for PKI” –2000 Headlines: “PKI, Nothing but Pilots” –2001 Headlines: “This is the year for PKI” –2002 Headlines: “What’s PKI?” Why have PKI deployments failed to take off as hoped? What percentage of your applications recognize a digital certificate? It’s probably higher than the percentage of your applications that recognize a biometric device, let alone the one your organization is considering

13 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 13 Enabling applications In order for the project to be successful, it must be focused –Focus on enabling a specific area for biometric authentication with clear milestones What needs the higher level of authentication –A certain application –A group of users –All network access Which of those applications recognize or respect the biometric authentication? –The easiest way to restrict access to network resources is via single sign-on products

14 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 14 Building a business case

15 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 15 Building a Business Case Some aspects of advanced authentication can be quantified, but most value is very difficult to quantify and in some cases more qualitative. –Quantifiable benefits Password management Advanced authentication by itself does not provide an easily quantifiable ROI Advanced authentication coupled with other access management components provides compelling ROI Fraud protection –How much is your company’s reputation worth? Value of data Value of transaction Audit and Compliance –Not easily quantified Improved security/reduced risk Compliance to regulations

16 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 16 What are you spending today?: Calculating the cost of passwords Calculating Password Costs with IDC Data Number of employees IDC’s estimate of password management costs per year per user Annual Password Management Cost 1000 $200.00 $200,000.00 Calculating Password Costs with Gartner Data Number of employees Gartner’s estimate of password calls per user per year Your estimate of cost per call Annual Password Management Cost 1000 4.8 $30.00 $144,000

17 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 17 What costs should I consider? Hard costs –Hardware Can range from $50 per device on up An average finger print reader will cost $125 per device –Software Some vendors try to charge you extra for the software to make their hardware products work Soft costs –Implementing, managing, and supporting a biometric based solution –Enabling applications to leverage the biometric –These costs can vary by significantly by vendor and can easily make up the majority of costs

18 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 18 Calculating the cost of biometric solution Calculating Biometric Solution Costs Biometric device cost X # of users (@$125 per device) Software Administration Costs (first year) Plant and Facilities (Hardware/Servers) Total Cost of Deployment $125,000.00 Varies by vendor Varies by Vendor Varies by vendor $???,???.00 Note: Does it require a separate user repository, a separate security policy, etc.? The less it integrates with reusable infrastructure, the higher the cost of deployment and ownership will be. Annual password management costs - total cost of biometric deployment = first year return

19 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 19 Administration Costs Things to consider that will affect administrative costs: –What will it take to biometrically register each user? –What if later on you choose a different biometric vendor? –Is the access policy for biometric users separate from your application and operating system policy? What will it take to make these consistent? How will you enforce policy change across these systems? –Does the solution require a separate user repository? How will you manage the life cycle of users in multiple repositories? –Does the solution provide standards-based or open interfaces or will custom and proprietary work be required to integrate the authentication with the applications?

20 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 20 Additional considerations and the future Additional considerations and the future

21 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 21 My opinion A couple key things have happened in the industry that enable biometric deployments to show a positive ROI. –Vendors have begun to consider the life cycle management and deployment issues and have begun implementing this into their products. –Single sign-on technologies are finally coming of age and can greatly reduce integration costs and enable application integration

22 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 22 My advice Additional considerations: –There are over 450 biometric vendors in the market today The market is no where near being large enough to support this many vendors Plan on continued consolidation and attrition –Either deploy biometrics for a single application or deploy as part of a holistic access management strategy that considers: Identity management Policy management Access control –Require your biometric vendor to integrate with your standard’s- based user repositories, and support Multi-Factor Authentication –Understand the role of new standards such as SAML, SOAP, XACML and how this will not only relate to your biometric strategy, but affect the overall security of your organization

23 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 23 Questions?

24 Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com 24

Download ppt "Hosted by: June 23-26, 2003 New York City www.biometritechexpo.com The Cost Justification for Choosing Biometrics Roy Lopez System Engineering Director."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
Security Controls – What Works

Security Controls – What Works
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Identity Management, what does it solve By Gautham Mudra.

Identity Management, what does it solve By Gautham Mudra.
Identity and Access Management — at the Core of Business Andrew A. Afifi, M.Sc. Network Security, CISSP Technology Strategist.

Identity and Access Management — at the Core of Business Andrew A. Afifi, M.Sc. Network Security, CISSP Technology Strategist.
Lexmark Print Management

Lexmark Print Management
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution www.cognizancesecurity.com.

Cognizance Identity and Access Management Identity Management ● Authentication ● Authorization ● Administration The next generation security solution
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Similar presentations

Ads by Google