CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Why Biometric Data Use Poses Unique Security Risk<br />
By Morey Haber, CTO, BeyondTrust<br />
We live in sensitive times. One “sensitive”, under-discussed topic that we need to directly confront<br />
and have an open conversation about is around the sensitivity of data. Yes, that’s right, what do<br />
people today consider “sensitive” data?<br />
The definition of Personally Identifiable Information (PII) often includes your name, email<br />
addresses, usernames, passwords, birthdate, address, social security number, credit card<br />
information, medical history, etc. I would stipulate that most people can agree that these are all<br />
sensitive data sets.<br />
But there is an entire classification of sensitive data in the world that we do not discuss and is<br />
going to be a problem in the very near future. The sensitive data we are failing to adequately<br />
address is the linkage of our physical, carbon-based human bodies to all the biometric data being<br />
stored by IoT devices and services in the cloud. If you think this sounds farfetched, ask yourself<br />
if you or any of your loved ones participated in an ancestry DNA kit or received a new notebook,<br />
mobile device, or smartwatch that stores health or login data via fingerprints or facial recognition—<br />
I am willing to bet, that either you or someone close to you has.<br />
Compromised biometric data poses unique risks<br />
To understand the sensitivity of biometric data and why it should be a part of your conversations,<br />
consider the potential risk. You are a person. Typically, you have one single identity. One could<br />
argue that, even if you are a spy or have a criminal alias, you still only have one identity since,