Last updated on May 20, 2022
How Biometric Authentication on a Published Application Improves Data Security
What Does Biometric Authentication on a Published Application Mean?
Biometric authentication on a published application is an advanced form of authentication beyond just two-factor authentication. It leverages biometrics to verify the identity of a user wishing to gain access to a virtual application from a client. Common biometric authentication methods include fingerprint scans, facial recognition scans, retina scans, and speaker (voice) identification.
Biometric Authentication Methods
These biometric authentication methods may be used to identify people digitally:
- Visual biometric devices
- Fingerprint scanning
- Facial recognition
- Iris recognition – uses a picture of the iris
- Retina scans – analyzes the pattern of blood vessels at the back of the eyes
- Hand geometry recognition – verifies identity using a mathematical representation of the unique characteristics of a person’s hand.
- Signature recognition – from the person’s handwritten signature
- Ear Authentication – certifies identity using a person’s unique ear shape
- Chemical biometric devices
- DNA (deoxyribonucleic acid) matching – uses genetic material to identify someone
- Behavioral Identifiers
- Typing recognition – verifies identity based on their unique typing characteristics – including how quickly they can type
- Gait – analyzes the way people walk
- Vein/Vascular Scanners
- Finger Vein ID – verifies identity based on the vein patterns in their finger.
- Auditory biometric devices
- Voice ID
How Do Organizations in the Financial, Public, and Healthcare Sectors Benefit from Biometric Authentication?
Data security is a major concern in the financial, public, and healthcare sectors. It’s why laws and regulations like the following were put in place:
- Gramm-Leach-Bliley Act (GLBA) for the financial sector
- Payment Card Industry Data Security Standard (PCI DSS) for the financial, public, and healthcare sectors that use credit and debit cards
- EU General Data Protection Regulation (GDPR) for organizations in public and private sectors that use the personal data of EU residents
- Healthcare Insurance Portability and Accountability Act (HIPAA) for the healthcare sector
All these laws and regulations have stringent user-authentication requirements. In fact, some of them (like HIPAA and PCI DSS) explicitly recommend using biometrics as a method of authentication. PCI DSS Requirement 8.1 stipulates:
“In addition to assigning a unique ID, ensure proper user-authentication management for non-consumer users and administrators on all system components by employing at least one of the following methods to authenticate all users:
- Something you know, such as a password or passphrase
- Something you have, such as a token device or smart card
- Something you are, such as a biometric.”
A similar specification can likewise be found in the HIPAA Standard § 164.312(d), i.e., Person or Entity Authentication.
The Need to Improve Authentication in Virtual Applications
The growing adoption of virtual applications in the financial, public, and healthcare sectors has greatly improved data security in those areas. Organizations can reduce their attack surface by removing sensitive data from endpoint devices and moving them into a secure, central location.
However, because those endpoints unavoidably act as the main entry points into that centrally stored data, it is imperative that users gaining access through those endpoint devices first go through a strict authentication process. The usual username and password authentication will not suffice. Parallels® RAS can help in that regard.
Using Biometric Authentication with Parallels RAS
Parallels RAS iOS clients now support Touch ID®, which enables two-factor authentication when combined with passcode entry. Passcode entry authenticates with something the user knows (the password), while Touch ID authenticates with something the user is (his/her thumbprint).
Make use of your biometric devices with Parallels RAS!
