Physical Identity and Access Management
A better way to manage physical access and keep your campus secure
- By Sharon Jung
- February 01, 2022
Whether you’re responsible for the security of an office campus, college campus or office complex, one thing is for sure: Ensuring employees, students and visitors can move through the building without unnecessary barriers or delay is a must.
Yet, traditional access control systems aren’t designed for the flexibility that organizations require today. Changes in access (and temporary access) requests to sensitive areas can consume valuable operator time and impact the movement of employees, students, and visitors. Every time there’s a request to add, remove or change privileges based on an employee’s role, requirements or status, someone needs to handle it.
In the majority of access control systems, operators must make changes like these manually. They may also require a formal change request, which could in turn need authorization from someone else. Between the red tape and the workload, even simple requests can take a while to process, which can be frustrating for the people affected.
Unfortunately, when security protocols feel too time-consuming or burdensome, people take shortcuts. It may seem like no big deal to some people if they prop a door open or lend someone a key card, or to put off finishing the paperwork to change access rights after an employee moves to another department. While their intentions may be innocent, even small security breaches like these can open your organization to devastating consequences should someone with bad intentions take advantage.
But how do you assign and manage access rights to protect that flow and make sure it isn’t interrupted? With access control systems being static in nature, operators don’t always have clear policies to follow. Over time, compliance needs, new processes, and external regulations can slow things down even more—and introduce new gaps in security.
Thankfully, there’s a more intelligent way to manage physical access: A Physical Identity and Access Management (PIAM) solution.
A PIAM solution makes it easier to manage the variety of individuals, such as employees and contractors, that may temporarily or regularly enter a facility. It can also quickly modify access rights for both individuals and groups, improve regulatory compliance and reduce time spent preparing for security audits. Employees can easily schedule visitor appointments and use a self-service kiosk for guests so they can skip the reception desk and obtain a visitor badge upon arrival.
Why PIAM is the key to keeping your campuses secure
When you extend your access control system with a PIAM, you will reduce staff workload; ensure access control processes fully implement corporate policies; improve the protection of your sensitive spaces; and gain additional benefits, like ensuring your access rights are always up to date.
No matter how big or small your organization may be, a PIAM solution can standardize and improve access control security policies. Instead of manually managing individual cardholders or changing access to specific doors, a PIAM system allows you to control decision-making to assign rights based on roles, attributes, departments or other conditions—as well as change which groups can access which areas quickly and easily.
A workflow-based approach
Leveraging a workflow-based approach can reduce frustration and delay when approving access requests by allowing employees to make access requests or invite visitors. Doing this reduces both security team workloads and the likelihood of delays due to bottlenecked requests.
With a PIAM system, you can choose to empower managers or other important decision-makers to approve or deny access requests from certain groups of people, rather than centralizing access control requests within the security department.
Rather than going through several layers of approvals to remove a cardholder’s access should they leave the company, move desks to another campus, or change positions, the relevant decision-maker can use the PIAM system to switch off access rights immediately.
You can also define different workflows within the software to define under what conditions access can be temporarily or permanently changed, partially or fully automating the access-request process. By automating access rights management, you can help improve operator and front desk staff efficiency, leading to a greater return on your investment.
Continuously update access rights
When new hires are onboarded or employees change jobs, there are provisioning policies that can be configured to ensure an automatic provisioning of access rights based on their department, location, job title, seniority and more.
For example, let’s say that Valeria in marketing works in the New York office, but she accepts a new position in the communications department in Boston. Based on the provisioning policy, her employee lifecycle changes will automatically put her into a new role, where she will inherit a new set of access rights. When Valeria walks into the Boston office for the first time, she’ll be able to badge in without having to hassle someone at the security office.
A PIAM system helps you automate some of these processes so that these kinds of transitions happen more smoothly. It can enhance security by making sure there is a clear record of access control changes.
Automation rules within the PIAM are defined based on your corporate security policies. Because the system makes it much easier and more efficient to align with security policies, it reduces the risk of workarounds. When policies change, you can easily adjust the access rights within the software, too. The changes won’t apply only to new cardholders, but also to all existing cardholders whose roles are affected by the new policy.
Simplify audit processes
When audit time rolls around, an admin usually needs to log into the access control software to pull reports and review which employees have access to which areas and flag any profiles that need to be adjusted. When access control systems are paired with a PIAM system, this process can be made much faster and more accurate.
Within some PIAM systems, there are access review features that can help your team prepare when an audit is required. During an access review, area approvers or role managers can be prompted to view all the roles or areas that they are responsible for. With a couple of clicks, they can easily confirm, edit or deny access to ensure that all permissions are up to date in the access control system.
When approvers are responsible for reviewing access lists, it reduces errors and omissions due to miscommunication or transcription mistakes. The right people to decide who should have access to certain areas are the people who know their teams best.
Improve operational efficiency
Facilities managers have enough on their plates these days. With a PIAM system, security managers can ensure that proper, auditable processes are followed and tracked—as well as when requests were made and who granted or removed access—while allowing the people responsible for requesting and approving to take ownership.
Make better decisions about access control
A PIAM system is simply a smarter way to manage identities and cardholders. Whether you manage one local campus, several regional sites or operate in hundreds of locations around the globe, PIAM can help you connect the dots to standardize while also improving access control security policies.
A cloud-based PIAM solution is quickly deployed and can also be unified with some access control systems, so the user interface is familiar and there are fewer integrations to maintain. A unified solution can also leverage the information gathered across different systems to improve the management of identities and enforce your security. A PIAM system like Genetec ClearID, for example, can be connected to your internal HR system or Microsoft Active Directory to manage the entire lifecycle of an employee’s identity in one place.
PIAM system data is encrypted and stored securely in the cloud, so you can invest your team’s resources in doing your most important work, not maintaining servers. Look for a service provider that offers multiple levels of monitoring, logging and reporting; tight access controls that include mandatory two-factor identification; automatic security patches; and a proactive approach to security that can identify and mitigate potential threats.
This article originally appeared in the January / February 2022 issue of Campus Security & Life Safety.