Decentralized Storage: the Path to Owning and Protecting Your Data
- Anthony Eaton, Chief Technology Officer at IDEX Biometrics
- 28.02.2024 02:00 pm #biometrics #authentication #encryption #storage
As the world becomes increasingly digitized, the ways in which we store and manage data is also undergoing a pivotal transformation, especially in the realm of biometrics. The growing demand for seamless and secure authentication has propelled the widespread adoption of biometrics, with adoption rates for 18-34 year-olds reaching 75%. Given that biometric authentication directly ties access to an individual's identity, it becomes essential to consider how to store and protect such sensitive data. The use of a centralized storage method, where extensive profile information is consolidated into one location, is raising serious concerns around data protection and ownership.
The debated ownership of identity in a digitized world has triggered fears among global citizens. Almost 90% of people now consider violating the right to privacy as one of the most pressing societal risks. Anything that heightens that risk is likely to be perceived negatively, regardless of the organization or their proposed use of the personal data.
Biometric data, which refers to personally identifiable characteristics such as facial features and fingerprints, is often stored centrally, especially among larger corporations or governments using biometric authentication to grant user access and permissions. In these instances, a server hosting a biometric database is in some cases considered the most practical mode of storage, with all data kept in the same, centralized place.
While biometric credentials are unique to each person, storing them centrally leaves them at risk of data breaches and fraud. While biometrics is an inherently secure method of capturing credentials, data storage needs to also be considered as part of the security discussion. Decentralized methods are increasingly considered to protect users and their privacy.
No encryption, no protection
In March 2023 TikTok was pressured to be banned in the US, for fear of user data being shared with the Chinese government. Growing sensitivity around big tech’s influence has been amplified by a series of high-profile breaches over the past decade. Household names including Facebook and Netflix have been subject to serious breaches in recent years. Similarly, Apple continues to patch its infrastructure eight years on from the XcodeGhost malware that compromised 128 million iPhone users.
The upshot of such breaches is twofold. To risk exposing people’s private information in an era of high data privacy sensitivity, and fears over big tech’s growing influence, is a quick way to lose customers, employees and a trustworthy reputation. These access credentials could also unlock wider data pools relevant to the organization, such as business strategy, intellectual property or other sensitive information.
The threat of breaches from all sectors of society is palpable among citizens, and organizations must learn from past breaches and their impacts on consumers. They can do so by demanding that personal biometric security credentials remain truly safe and secure.
A decentralized, off-cloud model where biometric data is encrypted and stored locally offers a highly sought after alternative.
Security in people’s hands
Centralized storage is effective in certain organizational scenarios. However, it is crucial to implement the highest level of cybersecurity with optimal levels of privacy and data protection.
Decentralized storage involves encrypting sensitive biometric data and removing risk by not having all data deposited in the same place. One example of an off-cloud solution is a biometric smart card. A biometric smart card works by verifying the cardholder’s unique fingerprint. Should the card fall into the wrong hands, it couldn’t be used to carry out transactions. The user’s fingerprint is captured, transformed and encrypted. The encrypted biometric data is then safely stored on the card’s secure element, rather than on on-prem servers or in the cloud.
The biometric sensor market alone is set to triple its 2020 value to $3.3 billion by 2030. This is due to a drastic need for more secure authentication relating to access and payments. In fact, 84% of consumers in the US place huge importance on the privacy of their data in the digitized world, while 62% are so concerned by fraud that they feel it is an inevitable part of the transaction process when online shopping.
This makes biometrics a certainty, rather than a possibility; especially with 58% of consumers now agreeing that biometric payments make transactions more secure – up from 48% a year previous.
We’re in an era of GDPR in the UK and Europe, CCPA in the US, and evolving security legislation equivalents around the world, which are encouraging both organizations and citizens to rethink how they keep our digital assets safe. In their relative nascency, there is the perfect opportunity to pivot quickly and rethink the protection of fast-scaling sectors such as biometrics.