Despite the much-touted benefits of technologies such as fingerprint, voice, iris and facial recognition systems, private companies have been slow to deploy them mainly because of cost, reliability and standards concerns, according to a recent Burton Group report. "Over the next two to three years, biometrics will remain a niche solution in enterprises rather than a technology that is deployed to the masses," the report said.

Midvale, Utah-based Burton's assessment comes as the adoption of biometric technologies has been growing in the public sector thanks to programs such as the US-VISIT and Transport Workers Identity Card initiatives.

"There was a big bump in interest in these technologies after the terrorist attacks," said Gerry Gebel, author of the Burton report. But so far, that interest has failed to generate even half the predicted uptake of these technologies in the private sector, experts said.

Upfront costs of buying and integrating hardware, software and middleware has been a major reason for the slow adoption on the private-sector side, Gebel said. In fact, only about one-third of the biometric industry's $720 million in revenue for 2003 came from the private sector, according to International Biometric Group in New York.

Depending on the technology, per-user costs can exceed $200 on just the hardware and middleware technologies, according to analysts.

"While there are security concerns in the private sector, the funding is not there yet" for biometric products, said Donald Fisch, an analyst at IBG. "It will take proven success of the technologies before private sector businesses deploy."

Providence Health System in Seattle is one example of a private-sector company that has given biometrics a pass, at least for now.

The 33,000-employee group has looked at the technology "a bit in the past, somewhat casually," said David Rymal, system director of technology. Providence was looking at biometric products primarily as an alternative to the tokens used today for two-factor authentication for remote users. But "the largest barrier to us has been interoperability, especially since our users are faced with multiple applications, and we haven't made much progress with single sign-on," he said. 

More work needs to done in terms of interoperability with existing user-authentication technologies, analysts said. Biometric products also need to become more reliable for large-scale private-sector interest. Other barriers include concerns about privacy and misuse of biometric data, and resiliency against attacks and spoofing, the Burton report said.

The University of Wisconsin-Madison has done some "limited piloting" of biometric devices, but there are no immediate plans to implement them, said Kim Milford, information security manager at the university's Department of Information Technology. Some of the challenges were interoperability, cost and high error rates.

"In addition, there's the human challenge [in] helping users to understand the technology and to overcome their concerns about privacy," she said. "Biometric evaluation still seems to be too intrusive to many people."

"I think, in time, use of this technology in the private sector will grow," said David Stacy, global IT security director at St. Jude Medical Inc., a $1.9 billion maker of cardiovascular equipment in St. Paul, Minn. "I think a lot of companies are waiting for the prices to come down, and there is a sense among security professionals that these products have not been perfected yet."

"Because of the hype after 9/11, people's expectations of the technology far exceeded the reality," said Maxine Most, president of Acuity Market Intelligence in Boulder, Colo. "Biometrics got pulled into the public eye prematurely."

In the long term, though, stronger identity assurance and user convenience will drive increased enterprise use of biometric technologies, said Tarvinder Sembhi, director of product management at Iridian Technologies Inc., a vendor of iris recognition technologies in Moorestown, N.J.

Though a major portion of Iridian's business comes from the public sector, there has been growing demand from health care companies recently, Sembhi said. "We are seeing some early adopters that have deployed iris recognition to ensure that only the right people have the right access" to protected health information, Sembhi said.