Streamline Your Security Process

Streamline Your Security Process

How a PIAM system can help your campus enforce security policies while improving the flow of people within your facility

Campus security has become more complex over the last decade. This makes it challenging to respond effectively when faced with new and unpredictable circumstances, like a global pandemic.

In the past year, COVID-19 has upended many of the routines and procedures we used to rely on, and campus administrators have found themselves having to adjust to an ever-changing list of requirements to meet new security needs.

It can be a time-consuming, bottleneck-prone process to change access permissions for many users, especially in the event of temporary restrictions, requiring administrators to change them all again soon afterward.

A simple solution to streamline this process is to upgrade to a Physical Identity Access Management (PIAM) system, which automates access rights. A PIAM system cuts through the complexity and makes it easy to quickly adapt your corporate security policies on the Thy, without getting bogged down in bureaucracy.

The key is attribute-based provisioning, which allows security teams to define access based on a clear set of parameters, such as employee or student status, location or role. It is easier than you might think to implement, and can be done with off-the-shelf solutions that sync with your existing policies, procedures, and databases.

Reduce Administrative Overhead

Many access control systems rely on supervisor or security personnel to manually create and update cardholder groups. This isn’t a big deal when you’re onboarding one employee or updating one person’s pro- file. But when you’re onboarding hundreds of new students, restricting access to many furloughed employees, or updating the location profiles of a large cohort moving from one building to another, the process can be very time-consuming.

Manual updates can also introduce errors. Students or employees may be accidentally assigned into the wrong cardholder groups, for example, or the person making these changes may overlook revoking access to restricted areas in response to a change in status.

With a PIAM system, approvals are defined by your corporate policies. When temporary access requests are made via the portal, users can be prompted to define what the request is, why it is necessary, when they need it, and who it is for, so that the request goes directly to a designated person who can make an informed decision to grant or deny access.

You can link access control to the data set of your choice, which becomes your “source of truth” to define who can access which areas of your campus, and which stakeholders are empowered to change those access rights.

Your source of truth could be your active directory, HR or payroll system, a student database, or any other data set that reliably captures who is who on campus. Because decision-makers are identified by permission, when a supervisor changes roles or your organization is restructured, the system can still accurately identify who is empowered to approve or reject a new access request.

A More Efficient Way to Manage Temporary Access Requests

A PIAM system isn’t just an efficient way to manage access control changes at scale — it is also a faster and more reliable way to manage ad-hoc requests for visitors or when permissions change temporarily. Requests and approvals are managed via a secure, web-based portal, and administrators can establish parameters to limit the scope of these requests based on the policy of the organization.

For example, on a school campus, student cardholders may need to renew access rights on a yearly basis, in alignment with the school calendar. With a PIAM system, administrators can switch off access over summer break, adjust access to certain classrooms or labs when students register (or drop) specific classes, or grant access to exchange students only for the duration of their stay. When a staff member changes jobs, or if a student changes majors, access rights will automatically adjust to these changes so that everyone always has access to the places and spaces where they need to be.

For an organization with campuses in different cities, a PIAM system also makes it easy to grant temporary access to a visitor from the other office for a few days or weeks, without having to pick up another key or check-in at a reception desk. At the end of the speciThed period, the access rights will revert automatically — no need for sticky note reminders to switch it off.

How PIAM Systems are Addressing Pandemic-related Changes on Campus

The pandemic-related lockdowns of the past year have created a surge in the number of people working and learning from home, but it hasn’t eliminated the need to be on campus. We have seen a shift from organizations wanting to manage the flow of people on campus to needing to have a much greater degree of control and awareness of who is on-site and when.

In many places, lockdown restrictions have added new layers of complexity to access control, for example limiting the number of people who can be inside the building at any given time. In unusual circumstances like these, the power and flexibility of a PIAM system shines.

To limit the spread of COVID-19 in pandemic hot spots, organizations want to implement features that reduce physical contact within buildings. This creates new requirements to combine physical access control with logical access control. In this case, PIAM workflow automation to grant or revoke access and physically limit the number of people in a given area makes this much easier.

With a cloud-based system for access control requests, it’s easy for off-campus stakeholders to submit a request for access via the web-based portal. If the situation in your area requires strict limits on how many people can be present within a building or zone to ensure physical distancing, you can establish access rules that grant entry only during specific hours. For example, certain groups may be able to badge in only on Tuesday and Thursday afternoons, while others may come on campus only Monday, Wednesday and Friday mornings. You can also limit the number of people who can book office time to a specific number per day or within another time you define.

If a person on campus tests positive for COVID-19, PIAM systems also speed contact-tracing. In this scenario, security teams can verify the security logs to see who badged in and out, and which areas of campus they accessed at what time. Administrators can then notify those who may have crossed paths with an infected person and let them know they should get tested for the virus.

The ability to have this level of visibility of traffic patterns on campus isn’t just relevant in these rare pandemic times. Whenever there is a potential threat—cyberattacks, insider breaches, or a violent incident— the ability to pinpoint who was on campus at that moment is essential.

Key Features to Look for in a PIAM System

When it comes to a PIAM system, look for a product that is unified with the overall security solution. Rather than piecing together systems that were never designed to work together into an “integrated” system, a unified system can be deployed more quickly and easily.

Some other key features to look for include a self-service portal to make it easier for stakeholders to request new access privileges, automated workflows and notifications to manage permissions as roles and needs change, and tracking and reports that include the context behind each request or exception. Connectivity to third-party systems is another important feature, so that you aren’t updating records in more than one place.

If it’s an on-premises solution, additional hardware may be required, including servers. Cloud-based solutions, on the other hand, are compatible with most access control systems, and provide continuous delivery means that all feature add-ons and updates are handled without any interruption to the solution.

One thing many campus security teams appreciate is adding self check-in kiosks to further streamline visitor management. A popular upgrade is a touchless visitor check-in system. In this case, visitors are emailed a unique QR code, which they can use to gain access at one or more specified entry points.

One final, but important point: the security of the PIAM system itself is fundamental. Ensure your PIAM system’s servers, communications, and data are secured and encrypted with the latest protocols so they are protected against cyber threats. In the case of Genetec ClearID™, policies are located centrally, but identity information is stored in separate regional data centers, all data and files are encrypted. Customer data is segmented over a series of micro-services with no central repository, this ensures that in the unlikely event that someone was able to overcome the various layers of security to access one data center, the information they could access would be incomplete and essentially unusable.

Centralizing your onboarding and off-boarding procedures with a PIAM system and automatically updating access rights based on employee attributes allows campuses to focus on managing people, not doors or cards. It minimizes delays, and reduces the likelihood of security gaps, and ensures your security protocols are always in alignment with campus policies.

This article originally appeared in the May / June 2021 issue of Campus Security & Life Safety.

Digital Edition

  • Campus Security & Life Safety Magazine - May June 2021

    May / June 2021

    Featuring:

    • Reducing Response Time
    • The Classroom Advantage
    • Preparing Your Campus
    • Protecting Digital Data

    View This Issue