The Role of Trusted Access Control and Identity Management

The diverse and dynamic campus environments of modern post-secondary institutions rely on multiple systems and processes to ensure campus security and operational efficiency.

A primary component of campus safety is often access control and identity management. However, without robust yet easy-to-manage systems, the massive number of facilities, cardholders, door rules, partitions, and temporary access requests can quickly become overwhelming for security teams.

Trusted identity technology is emerging as a pivotal solution to simplify and streamline many security and operational requirements. The latest advances in access control and identity management technologies help reduce workload and enhance operations. They can also improve the campus experience for students, visitors, faculty, and staff when combined within a unified platform.

Open, Friendly—and Secure
School campuses are designed to be open, welcoming, and friendly. However, this can also lead to security challenges. Common areas are often hard to secure and access control needs to maintain security while also allowing ease of movement.

Innovations in access control security technology enable a more holistic approach to security. Modern solutions can enhance security while reducing friction for students and staff while they go about their daily routines.

Keyless access control systems are an example of technology that improves security and the on-campus experience. Keys are a liability. They can be lost, copied, or stolen. When new locks are required for keyed entry locations, the doors need to be cored. In comparison, electronic access control credentials can be switched on or off remotely and managed quickly, if necessary.

Likewise, many colleges and universities have adopted single-card identification ID solutions. Students use one card to not only unlock their dorms but also as a picture ID, access to labs and classrooms, and payment for food or other items. This is a significant step forward from having physical keys or multiple cards to manage.

The next evolution in access control technology takes a single card a step further. Students can now use cardless credentials stored on mobile devices. Mobile credentials use Near-Frequency Communication (NFC) technology to link access control systems with secure NFC readers. The result is more secure than the old magstripe or barcode-based plastic cards and more intuitive to carry and use. NFC is enabled by default in many mobile payment applications, so most students today own a device with this capability.

Automating Permissions Enhances Staff Operations
With all of these new solutions, there’s the overall need to manage access permissions. Manually updating access rights is time-consuming for staff and prone to human error. To alleviate this workload, modern solutions can be linked to the database where student information is stored. When a student’s status changes in the database, permissions are dynamically updated.

For example, science majors may require access to lab areas, but a student who changes programs would no longer be able to open those doors. Likewise, when a student graduates or leaves, they no longer require access to select areas.

Automating these processes frees up time for operators and minimizes errors. Instead of manually enrolling new cardholders, the system automatically assigns access rights based on roles, attributes, departments, or specific school policies. If policies change, operators can simply update privileges. Changes are applied across all associated cardholders.

Here’s what to look for in a new access control and identity management solution:

Strong cybersecurity and privacy measures - Access control systems collect vast amounts of data daily. Thus, privacy and cybersecurity are top priorities and strong measures are needed to protect the privacy of individuals and their data from cybersecurity threats.

Look for manufacturers and partners who take a strong and committed stance on privacy and cybersecurity. Protecting sensitive data should be the default. Access to personal information is only on an as-needed basis and with the proper authorization. Systems can also provide an audit trail to show who has attempted access and those who have accessed the system and when.

On the cybersecurity side, your software manufacturer’s encryption should be up to the highest standard. Ask about procedures to ensure that passwords and IP addresses are changed frequently and review the cybersecurity best practices in their operations.

Scalability - As you consider an upgrade to your access control system, it’s important to choose a highly scalable solution. With an open architecture system, you can add new technologies as they’re introduced or convert one system, facility, or campus at a time. You can also pilot new solutions before full-scale deployment and have greater confidence in your system over the long term.

For example, if you want to introduce mobile credentials, consider rolling it out in phases. Some institutions have tested mobile credentials with just one cohort of students. It’s possible to implement the solution within one department or campus, and then expand.

Unified solutions – A unified platform brings all your security systems together seamlessly, improving situational awareness, and enabling a more proactive approach to security.

Such systems also reduce onboarding time since security personnel only need to learn one set of commands and one interface. You can support your staff by digitizing your standard operating procedures (SOPs) within the unified platform. Step-by-step instructions integrated within the system guide your team so they follow best practices. Configure your system to include prompts or reminders, send alerts, or trigger workflows when certain conditions are met.

For example, when a secured door is left open for more than 10 minutes, the system could sound an alarm, notify a security officer, or take another appropriate action. With digitized SOPs, your staff members don’t need to memorize what to do or search for an instruction manual. All steps are at their fingertips, programmed right into the system.

A Collaborative Approach
While modern access control and identity management systems are easily capable of coping with a multitude of unique challenges, they can’t prevent human error from introducing vulnerabilities.

If a student leaves the lab door open or a front desk associate buzzes in a visitor without proper vetting, it undermines the security measures in place. Likewise, if a staff member opens a suspicious email, it could open the door to a cyberattack.

Thus, in addition to implementing modern technology solutions, it’s important to foster a culture of security best practices with all students and faculty. Help them understand the security measures in place and the tools they can use. Encourage them to do their part to keep the campus secure and operating smoothly.

This article originally appeared in the May / June 2024 issue of Campus Security Today.

Featured

  • CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools

    The Cybersecurity and Infrastructure Security Agency (CISA) recently released the Anonymized Threat Response Guidance: A Toolkit for K-12 Schools, a new resource to help kindergarten through grade 12 (K-12) schools and their law enforcement and community partners create tailored approaches to addressing anonymous threats of violence, including those received on social media. The toolkit outlines steps school leaders can take to assess and respond to anonymous threats, better prepare for and prevent future threats, and work in coordination with law enforcement and other local partners when these threats arise. It is co-sealed with the Federal Bureau of Investigation (FBI), which provided expert feedback on the toolkit’s key principles and strategies. Read Now

  • How Hospitals are Using Modern Technology to Improve Security

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. According to the U.S. Bureau of Labor Statistics, workers in healthcare and social services experience the highest rates of injuries caused by workplace violence and are five times as likely to suffer a workplace violence injury than workers overall — and aggressive incidents are rising. Read Now

  • Father of Georgia School Shooting Suspect Charged in Connection With Attack

    Colin Gray, the father of the 14-year-old Georgia school shooting suspect, has also been charged in connection with the attack. The 54-year-old father was charged with four counts of involuntary manslaughter, two counts of second-degree murder and eight counts of cruelty to children. Read Now

  • Safeguarding Stony Brook University Hospital: HALO’S Commitment to Health & Safety

    The healthcare industry is experiencing an alarming escalation of violence, including an increase in threats against healthcare workers. As a result, it is looking for ways to be proactive and protect its staff and patients.  According to the Bureau of Labor Statistics,  the rate of injuries from violent attacks against medical professionals grew by 63% from 2011 to 2018 and hospital safety directors say that aggression against staff escalated as the COVID-19 pandemic intensified in 2020.      Read Now

Webinars