A year ago, RSA, the security subsidiary of storage giant EMC, gave both prospective buyers and technology providers reason to believe that adoption of voice biometric-based user authentication was entering a new phase. By offering Adaptive Authentication for Phone, the company prepared to pave the way for seamless integration of voice biometrics into its fabric of hardware, software and business policy governing access control.
Finally! Clarity in the form of a packaged offer that includes voice biometrics.
Alas, this simple starting point for business enterprises was not to be. In August, RSA and EMC were conspicuously absent from SpeechTEK in New York City. No promotional campaign ever took shape; no more shoes were dropped. The implication is that a company with a $50 billion market capitalization and $11 billion in top-line revenue could not build a compelling business case for speech-enabling its authentication infrastructure.
The parent company’s mantra is to “store, manage and protect” enterprise data. However, like its brethren in IT and network security systems, it has a well-established hierarchy of priorities. At EMC, the order of things include: risk assessment, access control for information and infrastructure, protection of confidentiality and the integrity of information, security management and compliance. User authentication is definitely part of the mix, but it is not a first-order concern, which makes voice-based caller authentication almost tertiary.
Succeeding In Spite of the Cynics
Last May, at the Voice Biometrics Conference in Washington, DC, Opus Research highlighted several large-scale implementations of caller authentication in customer-facing contact centers including a roster of banking customers of ABN-AMRO, communications services customers at Bell Canada and “clients” for government largesse in New Zealand and Australia.
As it stands today – and illustrated in coverage on voicebiocon.com – we’re seeing continuing growth in implementations. In September, BellCanada had already enrolled 275,000 customers into its voice authentication system. Healthcare giant WellPoint has enrolled well over 150,000 affiliated employees. And, likewise, voice biometrics is being used for phone-based authentication of the 128,000 members of Australian Health Management (ahm).
Solving Real-World Problems
The steady increase in enrollments is a good measure of the maturity of the emerging market. It’s a triumph for the tenacious group of technology providers that have successfully provided solutions to both security mavens and customer care specialists. They have boldly moved into the market where EMC and its cohort of security “pure plays” are unprepared to tread. Like EMC’s product planners, enterprise security officers have a well-defined hierarchy of concerns. First and foremost is to prevent wrong-doers from compromising important data. They fight the most common kinds of attacks: denial of service, constant spam, worms and other forms of malware that can bring down the corporate WAN and make all data inaccessible.
Mobility and Social Networking Will Accelerate Adoption
The growth of e-commerce, online banking and mobile access accentuates the need for multifactor protection of customer data for financial services, healthcare and insurance companies. Thus, securing “the phone channel” was the theme of Voice Biometrics Conference in Washington, DC in May. In the meantime, the advent of unified communications (UC) has redefined the term “phone” and with it, both security officers and infrastructure providers have to take a fresh look at network security.
There is growing evidence that mobility and customer convenience are poised to accelerate adoption. As an example of the first phenomenon, simply look at the roll-out of VoicePay as a simple, voice-authenticated means for mobile phone subscribers to make electronic payments. IBM has made duel advancements in the latter area by making speaker verification a feature pack that is baked into its flagship middleware and application server WebSphere, while at the same time introducing highly-reliable, text-independent speaker authentication, which has the potential to greatly simplify the user enrollment process. (Both companies will be featured at Voice Biometrics Conference London November 28-29, 2007.)
Network infrastructure providers have three primary areas of concern. One is to maximize up time, which puts emphasis on intrusion detection, firewalls, session border control and all that fun stuff. Another first order concern is protecting the privacy of a conversation. This is accomplished through encryption of the actual “talk-path.” In addition, the system can maintain “whitelists” or “blacklists” regarding devices that reside at the endpoints of various talk paths.
At this point, the tension between the mainstays of “secure” networking and the values underlying of UC becomes obvious. An emphasis on real-time communications and collaboration dictates implementation of constant “presence indicators,” push-to-talk initiation of phone calls and the simplification of spontaneous conferencing. This is antithetical to prevention of unsafe network entrance.
“Who’s on First?”
This question, first asked by Abbott and Costello, isn’t funny in the context of spontaneous voice teleconferencing or other IP-based real-time communications. How many of us have been on the company’s conference bridge when an extraneous tone indicates that an unknown person has joined the call. Blacklisting a rogue device or softphone does not prevent a malicious interloper from joining the call. As the tools for enterprise-wide collaboration and real-time communications take hold, enterprises are bound to attach a premium to detecting who’s calling, not just what they are using to initiate the call.
Our hypothesis is that voice biometric-based authentication is the most natural and cost-effective way to authenticate callers in real time. At Voice Biometrics Conference London, we’ll have solutions providers and their customers describe how and why our hypothesis is true.
Categories: Articles