3. SEMESTER GOALS
•Obtain AWS Associate
Solutions Architect Certification
•Utilize the cloud to conduct
performance tests for biometric
authentication in an enterprise
environment
•Determine cloud biometrics
“best practices” for each
enterprise persona
Key Takeaway: Gain proficient knowledge about cloud
providers and define an ideal cloud biometric model
4. Office
• Company-
owned
workstation
• Company-
defined
group policy
BYOD
• More
flexibility,
harder to
manage
• MDM
software and
robust usage
policy
required
Multi-User
• Shared,
managed
computing
resources
• Concurrent
profiles
require
varying
permissions
Remote
• Company-
owned or
personal
device
• Data and
resources
accessed via
VPN
ENTERPRISE PERSONAS
Key Takeaway: Each persona has strengths and
vulnerabilities, requires unique authentication process
5. GAPS AND CHALLENGES
Privacy
• User’s
biometrics
are sensitive
• Increased risk
of data
compromise
Performance
• Increased
latency
• Higher
dependency
on reliable
infrastructure
Integration
• BYOD
management
• Legacy
support of
devices
without
native
biometric
inputs
Key Takeaway: Cloud biometrics may increase risk of
data compromise, integrating non-company devices
creates inconsistencies
6. KEY RESEARCH FINDINGS
• Enterprise biometric security via IaaS
• Enroll and store user templates in remote containers
• Access and process templates for authentication via virtualized
compute resources
Taken from: http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_largescale_05.pdf
7. KEY RESEARCH FINDINGS
•Solutions Architect certification provides in-depth
knowledge for provisioning, deploying, and
maintaining an enterprise biometric security system
in the AWS cloud
•Pricing – Financial feasibility of implementing
cloud-based biometric solutions
•Performance metrics – Quantify benefits of
implementing cloud-based biometric solutions
8. NEXT STEPS
Performance
Tests
• Test performance of biometric authentication for each of the enterprise personas
• Tests will include multiple modalities, devices, and use cases that reflect
enterprise employee needs
Analyze
Results
• Determine whether cloud-based biometrics affects FAR, FRR, EER
• Compare speed and accuracy of authentications vs. the performance of local
compute systems
Identify Best
Practices
• Identify ideal architecture and modalities required for each enterprise persona
• Begin to consider broader-scale implementation details going forward
9. SUMMARY
•Cloud-base biometric authentication has the
potential to increase enterprise security and
promote cross-platform compatibility
•IaaS is my recommendation for enterprise
biometric systems
•Further testing is required to develop a set of
guidelines for each enterprise persona
11. CLOUD COMPUTING SERVICE MODELS
SaaS
•Applications
hosted on 3rd
party servers
•Accessed and
maintained
remotely
IaaS
• Remote
datacenter
infrastructure
• Lease computer,
storage, and
network
resources
PaaS
• Scalable
environment for
businesses to
create apps
• Helps migrate
apps to hybrid IT
models
12. AWS MAJOR COMPONENTS
•Simple Storage Service (S3)
•Elastic Compute Cloud (EC2) resources
•Managed relational database integration (RDB)
•Identity Access Management (IAM) Directory tools
•Route 53 – Scalable Domain Name System (DNS)
13. AWS PERFORMANCE STATS
•S3 – up to 5TB file sizes, 99.99% availability,
99.999999999% durability
•Elastic Block Storage (EBS) – Up to 10,000
IOPS on a provisioned SSD
•Elastic File System – Scales up to Petabyte
magnitude
•11 global regions, 52 edge locations
14. AWS ENCRYPTION TECHNIQUES
•Data in Transit – Hypertext Transfer Protocol
(HTTPS) via Secure Sockets Layer (SSL) and
Transport Layer Security (TLS).
•Data at Rest – Server side encryption via S3
managed keys, AWS key management
service, and customer provided keys. Client
side encryption is also permitted.
Which cloud service model would best serve each enterprise persona (SaaS, IaaS, PaaS) for both the storage of biometric templates as well as the computation of matches for identification and verification
Corporations that employ BYOD policies create challenges for managing software, securing data, and ensuring proper integration of enterprise cloud biometrics into existing security architectures
IaaS - Amazon Web Services and Microsoft Azure are the leading providers
Resources scale on demand with enrollment, and biometric data will be encrypted both at rest (stored templates) and in transit (remote verification/identification)
Cross-platform compatibility with SSO
Authenticate once with a biometric, then access all company data and resources anywhere (office, remotely, etc.)
AWS and Microsoft are current industry leaders for IaaS
SaaS – Applications hosted on 3rd party servers, cost-savings derived from no longer needing to install/maintain apps locally. Not all enterprises wish to have data and apps managed by a 3rd party.
IaaS – Manage remote datacenter infrastructure, compute and storage resources, and networking services. Typically leased. This model offers highly scalable hardware architecture, but there is a higher degree of in-house maintenance required.
PaaS – Simple, fast and scalable environment for businesses to create and run applications through a web interface. Helps to migrate apps to hybrid IT models.