At AWS re:Invent, Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company, announced Amazon One Enterprise, a palm-based identity service for comprehensive and easy-to-use authentication that improves organizational security and helps prevent costly security breaches. The new service enables organizations to provide a fast, convenient, and contactless experience for employees and other authorized users to gain access to physical locations (e.g., data centers, office and residential buildings, airports, hotels and resorts, and educational institutions), as well as digital assets such as restricted software resources (e.g., financial data and HR records). Amazon One Enterprise eliminates operational overhead associated with the management of traditional enterprise authentication methods, like badges and PINs. IT and security administrators can easily install the Amazon One devices and manage users, devices, and software updates in the AWS Management Console.
Today, organizations authenticate employees and other authorized individuals to access buildings and software resources through physical means like badges and fobs, or digital methods like PINs and passwords. However, these traditional methods share common security vulnerabilities. Badges and fobs can be lost, shared, cloned, or stolen, while PINs and passwords are easily forgotten, guessable, or shared. Many traditional forms of authentication also require manual verification and time-intensive credential management, along with the cost of producing physical IDs. For employees, forgetting or replacing badges, PINs, and passwords can lead to frustration, wasted time, and lower productivity. Organizations have tried to solve these challenges through biometric-based solutions like iris scanning and fingerprint recognition, but these solutions are not always accurate. Customers also want solutions that help break silos in the implementation and management of user authentication. For example, an organization might use badges to access buildings, but passwords to access software resources and digital assets. This requires administrators to manage multiple authentication methods without full visibility into all authorized access across the organization. IT and security administrators want an easy and centralized view of authentications (e.g., who accesses a location or software resource at what time), and to easily monitor device usage and manage software updates.
Amazon One Enterprise is a new, fully managed service that provides highly accurate and secure enterprise access control through an easy-to-use biometric identification device. Security is built into every stage of the service, from multi-layered security controls in the Amazon One device to protection of data in transit and in the cloud. Amazon One Enterprise combines palm and vein imagery for biometric matching and delivers an accuracy rate of 99.9999%, which exceeds the accuracy of other biometric alternatives—even more accurate than scanning two irises. The new service’s palm-recognition technology uses advanced artificial intelligence and machine learning to create a palm signature that is associated with identification credentials like a badge, employee ID, or PIN. The palm signature is a unique numerical vector created from the user’s palm image that cannot be replicated or used for impersonation. To implement Amazon One Enterprise, IT and security administrators can easily install Amazon One devices on-site and activate them in the AWS Management Console. Administrators can also manage all aspects of user authentications in the console, including monitoring the status of installed devices, managing software updates, and getting analytics on user enrollment and usage, while reducing the amount of time and overhead involved in the manual verification of credentials. Additionally, with employees using their palms for authentication, customers eliminate much of the cost associated with buying fobs, and printing, issuing, and managing badges and other IDs. Amazon One Enterprise supports industry standard access-control protocols such as Open Supervised Device Protocol (OSDP) and Wiegand.
“Amazon One Enterprise’s palm recognition technology is designed to deliver a highly accurate identification service that increases an organization’s overall security, while offering seamless authentication management with lower operational overhead,” said Dilip Kumar, vice president of AWS Applications. “With Amazon One Enterprise, security administrators also have a centralized view of all user authentications across the organization, taking the stress out of managing multiple access control solutions. Businesses appreciate the privacy and convenience for their users, who can access physical locations and software assets with just a hover of their palm.”
Amazon One Enterprise delivers new levels of convenience for employees. It replaces the need for multiple authentication methods, and employees can use their palm to access physical spaces and digital assets. To begin, a user can enroll by hovering their palm over an Amazon One enrollment device and associating their palm with their organization’s preferred ID—such as badges, PINs, and passwords—and this can be done in less than a minute. After enrollment, users access physical locations simply by hovering their palm over an Amazon One device attached to common physical access control systems for uses such as unlocking doors, entry gates, and other barriers. When connected to computers or other enterprise systems, Amazon One Enterprise authenticates users for access to web applications and software. Protecting the privacy of these users is one of the foundational elements of Amazon One Enterprise. The new service is designed to ensure palm images, user credentials, and other metadata are immediately encrypted, using industry leading encryption technology, and sent to a dedicated Amazon One Enterprise service account in the AWS Cloud, with all of the security and isolation features of AWS. To further enhance privacy, each user’s palm data is encrypted using a unique key. When employees leave the organization or decide to unenroll, they can conveniently delete their palm data by choosing the Unenrolloption on the Amazon One device, or an IT administrator can unenroll them through the AWS Management Console.
Amazon One Enterprise is available in preview in the U.S.
Boon Edam is a leading manufacturer of revolving doors, security doors, and security turnstiles for customers across the globe. “Our mission at Boon Edam is to protect what matters most to our customers by creating an ideal secured entry solution,” said Patrick Nora, president, Boon Edam Americas. “With Amazon One Enterprise, we can offer authorized entrances using innovative palm biometric technology that raises our security bar and delivers a convenient workplace experience. Our customers can prevent unauthorized entry, reduce the time spent monitoring access, and keep traffic moving smoothly.”
IHG Hotels & Resorts is a global hospitality company with over 6,000 hotels in more than 100 countries. “We are excited to work with Amazon One Enterprise for a more secure, efficient way to manage authentication and access our systems,” said Nick Krieble, global head of Identity and Access Management, IHG. “With Amazon One Enterprise, our goal is to offer employees a new and convenient way to identify themselves and gain access to our software systems by hovering their palm over the Amazon One device. This approach will streamline the way we authenticate, give staff access to the tools they need, and make access easier than ever for them.”
Paznic is a security company that specializes in technology that simplifies and modernizes the way financial institutions manage access control and safety deposit boxes. “Our goal at Paznic is to deliver solutions to meet the demands of financial institutions and high security environments that hold important and valuable assets,“ said Jonathan Curelar, CEO, Paznic. “Amazon One Enterprise will help us ensure only authorized individuals can gain room entry and safety deposit box access without the use of pins and passcodes. We look forward to launching Amazon One Enterprise across our locations to improve our safety deposit box experience and deliver the highest level of security and satisfaction to our customers.”
AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud, offering more than 240 fully featured services from data centers in 102 Availability Zones within 32 geographic regions. “Amazon One Enterprise raises our security bar while delivering a convenient experience for our workforce,” said Kevin Harris, director of Global Security for AWS Data Centers. “Legacy radio frequency identification systems have inherent vulnerabilities and require additional manual verifications at checkpoints. With Amazon One Enterprise, we can provide secure access to authorized personnel without extra verification, while simplifying the authentication process and reducing the risk of physical breaches. We look forward to expanding Amazon One Enterprise across all our locations.”
KONE is a leading provider of elevators and escalators, making people’s journeys safe, convenient, and reliable in taller, smarter buildings. “We are integrating Amazon One Enterprise into our People Flow Solutions, so we can offer customers a more secure and reliable option for building entry and access,” said Steve Gonzalez, senior vice president, New Building Solutions, Americas. “We are excited to work with Amazon One Enterprise to deliver cutting-edge solutions designed to ensure smooth, efficient, and secure flows of people into, through, and out of all types of buildings.”