We live in times of high-speed change. New technologies are born, grown, multiplied and replaced at a breathtaking rate. Furthermore, companies are increasingly relying on technology in areas where it has never been present before. However, as cybersecurity specialist Ludmila Morozova-Buss points out, “People and organizations need to know that their digital technologies are secure, otherwise, they would not embrace digital transformation.”

In this post, José María Labernia, Head of IT Security at LafargeHolcim EMEA region, explains the role security plays in this digital age and outlines his views on biometric security, a matter of great relevance nowadays given its increasingly frequent use in industry.

Q. Is facial recognition technology sufficiently developed to be used as an identification system?

A. Facial recognition is just one of the biometric methods that look at individuals’ unique physiological features as a means of identification and potentially of access control. As with any other biometric technique, reviewing the crossover error rate (CER) is essential, as it represents the point at which the false rejection rate equals the false acceptance rate (i.e. it is just as important to reject imposters that seek to be improperly authenticated (false acceptance rate) as it is to reduce the number of legitimate authentication attempts being rejected (false recognition rate).

CER determines how effective face recognition is and, for example, the chances of a random person in the world looking at someone else’s iPhone X and unlocking it using Face ID is approximately 1 in 1,000,000. Therefore, facial recognition is confirmed to be very reliable and extensively used among intelligence agencies across the globe. That said, as anyone can imagine, factors such as pose, illumination, resolution, noise and blur will affect the quality of the image being analyzed for face recognition, but AI algorithms help to optimize and adapt those factors when they are sub-optimal to an extent that a recognition decision can be made.

Facial recognition is indeed affected by GDPR, and data subjects have the right to be informed whenever their image is being recorded and even to request their recorded image be removed from a CCTV system.

Picture: Jose María Labernia, Heat of IT Security at LafageHolcim EMEA Region

Q. What is the greatest benefit of using facial recognition?

A. Facial recognition’s greatest benefit is its ease of use. For example, millions of people today unlock their mobile phones by applying face recognition techniques and it is also highly beneficial for national security controls over large numbers of people concentrated in an area or commuting to work. Over time, we will see the industry moving towards biometric mechanisms to enable access to IT resources, thus rendering the hundreds of passwords that each individual currently manages uselessly over time, even in large corporations. At LafargeHolcim, we are already taking great advantage of the “Hello” feature in Windows 10 and some users no longer need to type in their passwords to access their workstations.

Q. Is it possible to set limits on technological developments in order to avoid inappropriate use of technology?

A. It is indeed difficult to set such limits, as innovation and the use of new technologies grow faster than legislators can rule. There are no barriers, countries or walls for technology and the limits (at least in the early stages) are defined more by the big players and entrepreneurs’ ethics than by government regulations.

Q. What international standards (if any) must developments comply with in order to be launched onto the market?

A. There are several internal or international standards we have to comply with, the most relevant of which are ISO/IEC 27001 and 27002, GDPR, PCI and NIST Cybersecurity Framework. Security is our license to operate!