The convenience and availability of cloud services has seen a dramatic increase in business functionality being shifted from local servers to the cloud. Even our biometrics may be stored in the cloud. Assume your employer has signed up with a global authentication provider that stores user fingerprints in the users’ global identity accounts. Users can then use their biometric fingerprint from the cloud service to access websites rather than storing the fingerprint locally on their mobile device or computer.In theory, if an attacker gains access to your fingerprints (whether stored locally or in the cloud), they could compromise any of your online accounts that accept your fingerprints.Answer the following question(s):
Is the storage of biometric data safer locally or in the cloud? Why?
If an attacker has your fingerprints, could multifactor authentication (MFA) still prevent the attacker from gaining access to your accounts? Why or why not?
Full Answer Section
Another drawback of local storage is that it can be less secure than cloud storage if the device is not properly secured. If the device is lost or stolen, or if the device is infected with malware, the biometric data could be compromised.
Cloud storage
Cloud storage is a less secure option for biometric data, but it is more convenient. When biometric data is stored in the cloud, it can be accessed from any device with an internet connection. This makes it easy to use your biometric data to access accounts on multiple devices.
However, cloud storage also has some drawbacks. One drawback is that it is more vulnerable to cyberattacks. If a cloud storage provider is hacked, the biometric data of all of its users could be compromised.
Another drawback of cloud storage is that it may not be as secure as local storage if the device is properly secured. If the device is lost or stolen, or if the device is infected with malware, the biometric data could be compromised.
Multifactor authentication
Multifactor authentication (MFA) is a security measure that requires users to provide two or more pieces of evidence to authenticate themselves. This can include something they know (like a password), something they have (like a security token), or something they are (like a fingerprint).
MFA can help to protect your accounts even if an attacker has your biometric data. For example, if an attacker has your fingerprints, they could use them to log in to your account if you only use biometric authentication. However, if you also use MFA, the attacker would need to know your password or have access to your security token in order to log in.
Conclusion
There is no one-size-fits-all answer to the question of whether local or cloud storage is safer for biometric data. The best option for you will depend on your individual needs and preferences. If you are concerned about security, local storage may be the best option for you. However, if you are looking for convenience, cloud storage may be a better choice.
If you do choose to store your biometric data in the cloud, it is important to use a reputable cloud storage provider that has strong security measures in place. You should also enable MFA for all of your accounts that support it. This will help to protect your accounts even if an attacker has your biometric data.