The relentless consumerization of enterprise IT policies and practices will extend to mobile device security over the next few years as more and more companies turn to biometric authentication technologies to lock down corporate data and devices.
A new Gartner report predicts that at least 30 percent of organizations will use technology similar to the Touch ID feature on the latest iteration of the iPhone to efficiently and effectively secure and manage mobile devices connected to their networks without irritating users in the process.
"Mobile users staunchly resist authentication methods that were tolerable on PCs and are still needed to bolster secure access on mobile devices," Ant Allan, a Gartner research vice president, said in the report. "Security leaders must manage users' expectations and take into account the user experience without comprising security."
Users who have become accustomed to using their mobile devices to securely make purchases – something Apple CEO Tim Cook identified as a key differentiator driving demand for the company's iPhone 5S – expect nothing less when they bring those devices to work or use company-issued smartphones and tablets.
In fact, as usual, the enterprise is already playing catch-up.
A recent Ericsson survey of more than 100,000 mobile users worldwide revealed that 74 percent of respondents expect biometric smartphones to become mainstream this year.
And it's not like BYOD or CYOD (choose your own device) is a passing fad. Forrester Research estimates that 70 percent of organizations already have a BYOD program and that 62 percent of smartphone users and 56 percent of tablet users brought their own devices into the workplace.
In its report, Gartner recommends that IT security leaders implement and evaluate biometric authentication methods where "higher-assurance" authentication is required and that they should be used in conjunction with passwords. Voice recognition, face topography, interface interactivity and iris structure are among the authentication modes companies should explore to improve security without significantly impacting user behavior.