Request demo
en
Site language:
Id-Guard
A biometric software product for increasing the level of security at the facility during video surveillance
Id-Gate
A biometric software product for biometric identity verification in access control and management systems
Id-Welcome
A biometric software product for displaying personalized media content
Id-Check
A biometric software product with facial recognition for reliable identity check
Id-Line
A biometric software product with facial recognition that expands the electronic queue systems with personalized services for visitors
Id-Time
A software product that provides simple and reliable working time and attendance by identifying faces using tablets, IP cameras, or terminals
Id-Logon
A biometric software product with robust user authentication for unlocking a device or gaining access to operating systems or apps
Id-Target
A biometric software product with facial recognition that provides enhanced communication with clients
Id-Fit
A biometric software product that provides a reliable and quick check of the gym clients access right without employee’s participation
Business centers
A new level of work with visitors and employees of Business centers opened with the help of biometric products
Public Institutions
Biometrics for convenient service to citizens, including remote monitoring of the quality of personnel work
Industrial facilities
Biometric monitoring of working hours and additional security tools for industrial facilities
Sports facilities
Modern methods of biometric analytics for safe operation of sports facilities
Transport facilities
Convenient and secure transport solutions based on the digital identity of the passenger
Gambling industry
Biometric solutions for a new level of security and interaction with visitors
Retail
Biometric video Analytics for targeted marketing and personnel control in distributed networks
Educational institutions
Biometric products for proctoring and video surveillance systems in educational institutions
HoReCa
Keyless biometric access to rooms, targeted approach to each client and information about the time of work for employees
Banks
Necessary tool for the security and competitiveness of a modern Bank
Law enforcement
Improving the level of security, speed of investigations and timely prevention of illegal acts in the urban public space
Medical institutions
Customer-oriented solutions, acceleration of the work process of the registry area, control of the staff of the entire institution
We provide biometrics as a competitive advantage for our customers
RecFaces makes facial biometrics simple and applicable. We provide a wide range of ready-made biometric solutions for businesses to upgrade their security and technological efficiency.
Partner section
We are ready for cooperation and sales through the partner network. To get advice on your project, please contact us by e-mail sales@recfaces.com
Our team
It is our principal and invaluable resource. Talented and energetic people of our team unite the like-minded ones which helps to expand expertise and company’s growth.
Join us!
Contacts
We are always happy to answer all your questions. Contact us in any way convenient for you.
Blog about biometrics
We share our long-term expertise
in the development of biometric software.
Press Releases
Discover our latest news and updates
on facial recognition technology
Newsroom
Find out more about
RecFaces company here
Nothing found for this query.
All results
Request demo
en
Site language:
Id-Guard
Id-Gate
Id-Welcome
Id-Check
Id-Line
Id-Time
Id-Logon
Id-Target
Id-Fit
Business centers
Public Institutions
Industrial facilities
Sports facilities
Transport facilities
Gambling industry
Retail
Educational institutions
HoReCa
Banks
Law enforcement
Medical institutions
We provide biometrics as a competitive advantage for our customers
Partner section
Our team
Contacts
Blog about biometrics
Press Releases
Newsroom
WELCOME
LOGIN TO PARTNER PORTAL
*Incorrect username or password

Trends-2022 in safety: the role of facial biometrics in the Zero Trust concept

Reading time: 9 minutes
Trends-2022 in safety — RecFaces
Reading time: 9 minutes

Zero Trust is a security concept based on the idea of lack of trust

Initially, the model was used exclusively in the context of protecting the company's information infrastructure. Recently, however, the Zero Trust strategy has also been applied to physical security. The fundamental principle of the Zero Trust is: “never trust anyone, and always check”. How is this postulate interpreted in modern security systems? And what is the role of biometrics in implementing the Zero Trust model? We deal with the RecFaces team.

Table of Contents

From safe period to Zero Trust
The main areas of Zero Trust in information security
Network protection
Device Protection
User Protection
Working with users in the Zero Trust concept
Recalculate All
Least Privilege Model
Authentication
Zero Trust and biometrics in information security
Zero Trust and biometrics in physical security

From safe period to Zero Trust

The first concept of Zero Trust was formulated by the analyst of the American company Forrester John Kindervag in 2010. According to his idea, in order to protect information resources, companies need to abandon the concept of “safe perimeter” and constantly check all users and all devices related to the corporate network.

In 2000s for information security specialists, the priority was to protect the borders of the local network from unauthorized access. At the same time, the zone inside the perimeter was considered by definition “safe”. However, the years went by, cloud services replaced the local IT framework, and the concept of BYOD (Bring Your Own Device) replaced corporate devices, when employees bring personal devices to the office: laptops, phones, tablets, etc. The Internet of Things (IoT) with its smart speakers, lamps and teapots, which are also a possible target for a cyber attack, has become widespread. The point of no return in the concept of a “safe perimeter” turned out to be the pandemic of coronavirus, when millions of people around the world went to the remote area. It has become apparent that devices can be compromised and user data stolen at any time. And, therefore, security checks should not be limited to the moment of connection to the network.

The main areas of Zero Trust in information security

Network protection

To steal information, it is not enough to enter simply the local network: you need to be able to move inside it. To achieve maximum network security, Zero Trust proposes the principle of microsegmentation, when the network and other resources are divided into small isolated areas within a common perimeter. Each of these segments has an individual security policy and access rights. And even if the attacker falls into the one zone, he will not be able to advance further and spread the threat to the entire network.

Device Protection

No matter how extensive the corporate network is, the information security service is obliged to know absolutely every device with access. And these are not only employees' work or personal computers. These are smartphones, and external hard drives, and numerous “smart devices”, the number of which is growing every year. Yes, stock count of all devices and regular monitoring of their state is not an easy task. However, as mentioned above, even a smart coffee maker installed at the employee's home sometimes becomes a weak link in the security system.

User Protection

The human factor is traditionally the most vulnerable place of any security strategy. Especially when a person works remotely, and it is physically impossible to track all his actions. There are stories when the company's network was “put down” by the children of an employee who installed malware on a home computer. That is, the attack should not necessarily be based on some malicious intent. An employee can show banal carelessness and get caught on a “phishing rod”. And the resources of the entire company will suffer as a result.

Working with users in the Zero Trust concept

In terms of the Zero Trust concept, any attempt to access the corporate network is a potential threat to the security of the company. The principle “this person can be trusted, and this cannot” does not work, since reliable users in this model do not exist in principle. Let us list the basic principles for minimizing the “human factor” in the Zero Trust strategy.

Recalculate All

Like access devices, all users must be recalculated and grouped. Moreover, not only employees, but also visitors, partners or contractors. Absolutely everyone who has at least a minimum right of access to the company's network.

Least Privilege Model

This principle implies the introduction of strict restrictions on access rights for each user. Anyone must be content with the necessary minimum to carry out work tasks. For example, an accountant cannot access marketing information and a marketer cannot access financial reporting materials. In this case, if the account of one user is compromised, the attackers will reach only part of the data, but not all the resources of the company.

Authentication

Reliable and strong authentication is the pillar of Zero Trust. An error in choosing how to confirm a user's identity can nullify all efforts to build a Zero Trust strategy. Although this truth is evident, there is the question of which authentication can be considered truly reliable.

Passwords remain the most popular method of user verification. However, this method has many disadvantages. Password theft most often causes data breaches and hacker attacks. Complex passwords only aggravate the problem. Many employees cannot physically remember a long combination of numbers, letters, and characters. As a result, the password is simply written on a piece of paper, which is then often stored directly on the desktop. A more advanced method is multi-factor authentication, consisting of passwords, PIN codes or combinations of numbers from SMS or special authenticator applications. For mobile devices, there is an option to confirm the identity of the user, using the data of the SIM card installed in the phone and identified by the mobile operator. But, unfortunately, smartphones and SIM cards are also not protected from theft and hacking.

Zero Trust and biometrics in information security

The most reliable alternative to passwords today is biometric authentication. And, above all, facial biometrics. Its main advantage is the inalienability of the access factor: a person's face cannot be hijacked or hacked. Let's take the example of Id-Logon — a ready-made RecFaces biometric solution, designed to authenticate users in information systems.

  • Authentication must be carried out continuously

    • The identity of the user is checked not only at the time of login, but also during operation. The background check option allows you to verify that the person is still at the computer. If the system does not see the employee, the frequency of checks increases, and after the selected time period, access to the device is automatically blocked. New authentication will be required to continue.

  • Control of unauthorized persons' access

    • For example, an employee is successfully authorized, but then a colleague or a stranger is at his table. In this case, based on the results of the background check, the system will notify the information security department about the incident or it will completely block access if such a work scenario is provided.

  • Additional verification for important transactions

    • The software solution can be connected to DLP data loss protection systems or other monitoring systems. In case of suspicious activity of the user or during significant operations, the system gives a signal for an extraordinary biometric check. All facts of such confirmation are stored in a special archive. Therefore, if necessary, the security service or company management can always check by whom and when a specific operation was carried out.

  • Multi-factor authentication capability

    • User biometric verification can be used both separately and together with passwords, PIN codes and other factors.

  • Protection against deepfakes and illegal access
    • To combat attempts to log in using a user's photo or video with access rights, the software solution provides Liveness algorithms. They allow the system to make sure that a real person is behind the device. In addition, the facial recognition algorithm itself is highly accurate. The probability of denying access to an eligible employee is less than 3%, and granting access to an unauthorized person does not exceed 0.0001%. If you try to authenticate or log in with photos or videos repeatedly, your device may be completely blocked.

Zero Trust and biometrics in physical security

The Zero Trust concept can be implemented not only in information, but also in physical security, where a person remains the main “vulnerability”. Regardless of who he is: employee, visitor or even security specialist. Following the principle of “trust no one”, it is always necessary to know for sure who is on the territory of the enterprise. Standard access cards do not give such confidence: we only know that a person with a certain identifier passed through the turnstile or door. But we can never be sure whether it was in reality, or whether the card was in the hands of a stranger.

For Zero Trust in physical security it is also preferable to use identification by facial biometrics, because it is almost impossible to forge a person's face or transfer it to another. In addition, this type of identification solves the problem of lost or forgotten passes, and also eliminates the need to search for a pass in a hurry in front of a turnstile or other ACS device. The pass procedure becomes faster and more comfortable. For example, identifying one person using the Id-Gate software solution by RecFaces takes less than one second.

Biometrics allows you to achieve continuity of control, which also corresponds to the concept of Zero Trust. Not only once to check the identity of a person at the time of access to the enterprise, but also to continue control when he is already in the territory. As well as monitor and suppress possible violations of the right of access. For example, in rooms requiring special protection, or even in separate isolated areas in the open air. At the same time, it is not necessary to install additional equipment or devices of physical control. It is enough to deploy a network of virtual access points based on Id-Guard. Using them, you can not only control the presence of strangers on the site, but also regulate the rights of access of employees to certain locations. If the camera detects an unauthorized person, the system will automatically notify the security officers. So, the software solution Id-Guard developed by RecFaces allows you to control quickly an access to the territory of people without the right of access, work with stop-lists and conduct prompt investigations of possible security incidents.

It is important to note that in addition to abuse by employees or visitors, there is another potential point of compromise in physical security. Specifically, reception staff, pass and identification unit and security services. That is, those authorized persons who give the right of access to others. Following the Zero Trust model, they must also be subjected to constant checks. Especially when it comes to any significant actions: from issuing a pass to working with any important documents. Here physical security engages closely with information security, and we are returning to the problem of accurate authentication of employees with access to accounting systems, which we mentioned earlier.

Implementing Zero Trust concept is a time-consuming process. Systematizing employees with different access rights, conducting a comprehensive stock count of devices, updating obsolete software that does not fit modern security standards is not an easy task. By comparison, Google took about seven years to create a BeyondCorp system. This is a framework based on the Zero Trust model and originally intended for internal use. In 2020 it was based on the BeyondCorp Remote Access cloud product, which gives employees the ability to access securely and remotely the company's internal resources from any device without using VPN. Certainly, this is an exceptional example. But even medium-sized companies require at least a few months. As an alternative, implementation of the concept can be carried out gradually, starting with a revision of the rules for verification and authentication of users. For example, by introducing biometric authentication into the company. Modern software solutions in the field of biometrics do not require large-scale investments in updating the infrastructure, nor complex installation, but at the same time fully meet the idea of Zero Trust. So, the installation of RecFaces biometric products takes 20 minutes. This time is enough for the user to get a complete and reliable product with full functionality.

Learn more about use cases and software specifications of RecFaces here.

Here you can rate our article
Thanks!

Subscribe to our newsletter

Relevant articles

Face as password and data breach control: biometric identification in information systems with Id-Logon

In recent years biometric technologies have become widespread both in the daily life of society and in various sectors of the economy and business.

25 January 2022 #technology
Biometrics on guard of security

The developer of biometric products RecFaces has increased the security level of a subway station in Bangkok with the help of facial recognition technology

21 October 2021 #news
Running race: biometric technologies vs deepfake

At the beginning of the year 2022 China introduced a bill regulating the distribution of video or audio recordings generated using face substitution or human voice.

09 February 2022 #technology
Submit a request for biometrics implementation
Want to get demo access to our solution or calculate the cost of licenses? Please fill out the contact form.
All fields are required.

    We will send a password for the archive with files Security code to the archive.
    Thank you for your interest in our solution.
    Your request has been received and is being reviewed. We will get in touch with you on the next business day.
    OK
    Application for training
    Want to learn more about biometrics? Leave your details and we will send you an invitation to the next webinar.
    Thank you for your interest in our solution.
    Your request has been received and is being reviewed. We will get in touch with you on the next business day.
    OK
    Leave your review
    Thank you for your interest in our solution.
    Your request has been received and is being reviewed. We will get in touch with you on the next business day.
    OK
    Demo license application
    Want to learn more about biometrics? Leave your details and we will send you an invitation.
    Thank you for your interest!
    We will send you an invitation to obtain a demo license soon.
    OK
    Application for cooperation
    Want to integrate your product with our solution? Let's work together!
    Thank you for your interest!
    We will contact you shortly.
    OK

    Регистрация партнера