Controlling Credentials, Identity and Access on Campus
Security has increasingly become a core facility operations priority in campus environments across the education and corporate/industrial markets. Security management at these facilities needs to know who is on campus and tightly control their access to various areas within what are often sprawling facilities. While conventional credentials such as visitor passes and access devices enable physical access, the underlying issue is to verify, validate and track the individuals holding these credentials. The ability to effectively manage identities campus-wide improves security to best protect people, property and assets.
The Challenge: No Centralized Management
Non-integrated access control, timekeeping and visitor management systems typically require individuals to be enrolled separately into each system. Such scenarios are inefficient and time-consuming to administer as there are too many manual processes related to identity management in the campus environment. Manual processes most often require completion of paperwork to issue an access control device or data entry to enroll a new hire into multiple systems. These processes must happen before a card is activated, and another set of manual processes must occur to de-activate a card and deny access, for example, in the case of a terminated employee. The corresponding delays, whether because of slow processes or heavy workload, can compromise security.
De-provisioning has inherent risks if it is not managed in a timely way. A delay in updating the status of a terminated employee or an expelled student could put student safety at risk and create serious liability for the institution. When an access device is stolen or lost, there is also potential for unauthorized individuals to enter various areas on campus.
The Solution: Physical Identity and Access Management (PIAM) Software
Identity Management (IdM) or Access and Identity Management (AIM) systems are used in the IT world to manage individual’s identities, their authentication, authorization, roles and privileges across systems and networks. A similar type of software system, Physical Identity Access Management (PIAM) systems, can be used to manage identities in the physical security environment. These systems operate like IdM systems to manage all aspects of identity and access across multiple systems, including physical access control systems. Like IdM systems, PIAM solutions can base decisions and enable workflows according to the identities of users.
Software systems interface with existing physical access control systems to verify identities and grant access based on consideration of campus-wide policies and an individualized profile of where an identity has access. Software systems also automate the manual processes that have previously undermined campus-wide security. PIAM software streamlines time-consuming and inefficient processes in the campus security environment, from issuing ID badges to managing databases to assigning access privileges across multiple physical access control systems.
Centralized identity management software can also address the risk of campus visitors or vendors who might work for several days or weeks on a campus. Software systems can automatically provide access during a specified time span and immediately revoke access privileges when the time elapses. Vendors may need both physical and logical access, and software automation can provide and manage both. Access and identity can all be linked to the length of a contract.
Full and complete reporting of a data mine of transactions and approvals is another benefit of PIAM software. Any activity, event or status at any point in the identity lifecycle is reportable and auditable.
When vetting employees, students or visitors, real-time access to watch lists or criminal history databases is another valuable tool. Software identity management systems can provide instant access to cross-check identities against any list. Institutions should be attentive to and compliant with any state requirements to notify the subject of a background check.
Role-Based Assignment of Access
Managing identity requires addressing three categories of identities in the campus environment – trusted identities (faculty and staff), semi-trusted identities (students) and untrusted identities (visitors, vendors, etc.). Anyone tasked with improving campus security and safety should recognize the complexities involved in managing all three. For example, a student's identity might include when and where he or she has access based on class requirements and schedule. Any changes in class schedule or housing would need to be updated in real-time to ensure security. Managing identities effectively requires role-based assignment of access to restricted areas and physical assets for all three categories of trust. Centralized and automated PIAM software does just that.