Challenging Temporary Access

Challenging Temporary Access

Solutions that withstand uninvited guests

When it comes to safeguarding any educational facility, restricting access—particularly to secured areas—is vital. Regardless of size, every campus must be able to keep unauthorized entities out. But managing access is more complex than that. Increasingly, campuses are having to provide permanent employees with limited access to secure facilities as well as temporary or sustained access rights to visitors.

In the past, providing temporary access to any part of a campus required a series of manual steps that lacked clear oversight and traceability. Security operators were frequently tasked with tracking down the appropriate department heads to get permission and then manually changing access rights in the system.

When it came time to revoke this permission— at the end of a contract, for example— the process relied on memory or post-it notes. Additionally, there was no way to accurately track who had access to which secure facilities and when.

The reality is that many of today’s access control systems were not designed with this functionality in mind. fiey are incredibly effective at controlling access to a particular facility. But, because they are static in nature, they are not as efficient at managing access rights or enforcing security policies. fiis can present significant challenges, particularly when dealing with an increasingly temporary workforce.

Meeting these challenges can be made much easier when campuses implement a solution that focuses on Physical Identity and Access Management (PIAM). The question is to figure out what you really need and which solution can work best for your institution.

What Do You Really Need?

When thinking about your procedures surrounding access management, there are some basic things to consider. First, you need to know what, if any, additional resources are required to run your current system. This includes the time security operators and front desk staff spend tracking down the approval and manually inputting access rights.

Next, you need to know if your system is secure. Are you sure, for example, that only currently authorized individuals have access to secured areas? After all, if you’re not confident that access has been revoked in the appropriate timeframe or if you’re not entirely aware at all times of who has access to secured areas, can your system be working for you?

If, after taking these issues into consideration, you discover that your access management procedures are not meeting the needs of your campus, then it might be time to consider other options. For many, a PIAM solution offers a better approach to managing access for employees and visitors.

Going Beyond Simply Managing Visitor Access

From IT and equipment rooms to research labs and conference areas, today’s campuses have a wide variety of facilities that require controlled access. At the operational, administrative and compliance levels, you need to know who is accessing secured areas at all times.

While visitor management options may be sufficient for some, for an increasing number of campuses they fall short as they capture only part of a much larger picture. In these cases, a broader, more effective approach is a PIAM solution that manages access for anyone—including employees and visitors—who needs to interact with secured areas for a particular amount of time.

With a PIAM, a campus can manage physical individual access for everyone by validating identity attributes in relation to its policies. A PIAM ensures that only those individuals who have the right to access a secured area can do so by managing and, in many cases, automating the process.

What is a PIAM?

A PIAM helps manage access requests based on an individual’s identity and an organization’s security policies. An identity-based system recognizes that each individual is more than simply a card holder.

An identity includes all the ways an individual interacts with an organization as well as their own particular attributes, which can change over time. For example, an employee can have an HR profile, computer passwords, years of experience, a department, and a workgroup. And all of these are subject to change.

Consider a new employee. When they’re hired, HR sets up a file and informs the IT department that they should be given access to certain systems and facilities. As the employee advances, they may change positions, and, as a result, their access rights may also change. Rather than going through the process of having various departments notify one another in order to have access privileges changed manually, a PIAM solution can automatically update access rights as the individual assumes new roles.

A PIAM solution uses a person’s identity as well as an organization’s security policy in order to grant access to a particular secured location. In this way, the solution simplifies the process of granting and revoking temporary access to ensure that an organization’s system and facilities are secure.

An Affordable Solution

While PIAM systems are not new, what is new is the wide variety of organizations, including educational campuses, that can benefit from them. The reality used to be that PIAM systems were complicated, customizable, on-premises tools that were extremely costly and took years to develop. This meant that only those organizations that could afford to invest significant time and capital on in-house development had them.

But, as the market has evolved, vendors are now providing more affordable tools, which means that PIAM solutions are becoming a viable option for organizations of all sizes. They are no longer just for giant, multinational conglomerates struggling with requests or managing the flow of thousands of people through their facilities. Any organization or campus where managing access rights for individuals is required can benefit from the functionality offered by a PIAM solution.

This growing shift-toward PIAM solutions makes sense as the pain points associated with managing access rights to secured facilities are not limited to giant corporations. A wide variety of organizations have this issue, but they just lacked the capital to develop their own tools. Fortunately, the market is opening up to these organizations. We’re now seeing the arrival of affordable, out-of-the-box, cloud-based solutions that are meant for everyone.

Leave the Old Processes Behind

One of the main challenges for any organization managing access rights using an ACS was that it frequently required direct and continued human interaction. In addition to getting approval and updating the system, security operators also had to manually revoke access once the specified timeframe was up.

Further, security operators were required to keep track of any and all updates to security policies or regulations. These policies and regulations were often kept in folders without oversight or any guarantee that personnel were up-to-speed. Under these conditions, it was difficult to know if an organization was complying with regulations.

By unifying a PIAM solution with their ACS, a campus can effectively address these challenges and improve operations around access management. Because a unified solution eliminates the need to move between systems, it streamlines the process and reduces the amount of time security personnel need to spend training or keeping up to date with different ways of working.

With a PIAM, the entire system is updated directly. This helps ensure that every access request is approved through the same process and that any policy changes are applied across the entire campus.

If a campus deploys a self-service, cloud-based PIAM solution, then employees and visitors can all play an active role in gaining access to facilities. Rather than have people track down and email the person responsible for approval rights—and hoping that they read their email within the necessary timeframe—they simply submit a request for approval through their portal. Then, based on existing policies, the system can grant access or can notify the appropriate person who can update access through their own portal.

By using a PIAM solution, a campus can help facilitate the movement of employees and visitors through its facilities. It automates both the approval and revoking processes while staying current with security policies. In addition, the solution provides clear traceability for every organization wanting to track access to secured areas.

Ultimately, it allows security personnel and administrators to focus on the core functions of their positions because they know that their system is ensuring that only the right people have the right access at the right time.

This article originally appeared in the May June 2020 issue of Campus Security Today.

Featured

  • CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools

    The Cybersecurity and Infrastructure Security Agency (CISA) recently released the Anonymized Threat Response Guidance: A Toolkit for K-12 Schools, a new resource to help kindergarten through grade 12 (K-12) schools and their law enforcement and community partners create tailored approaches to addressing anonymous threats of violence, including those received on social media. The toolkit outlines steps school leaders can take to assess and respond to anonymous threats, better prepare for and prevent future threats, and work in coordination with law enforcement and other local partners when these threats arise. It is co-sealed with the Federal Bureau of Investigation (FBI), which provided expert feedback on the toolkit’s key principles and strategies. Read Now

  • How Hospitals are Using Modern Technology to Improve Security

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. According to the U.S. Bureau of Labor Statistics, workers in healthcare and social services experience the highest rates of injuries caused by workplace violence and are five times as likely to suffer a workplace violence injury than workers overall — and aggressive incidents are rising. Read Now

  • Father of Georgia School Shooting Suspect Charged in Connection With Attack

    Colin Gray, the father of the 14-year-old Georgia school shooting suspect, has also been charged in connection with the attack. The 54-year-old father was charged with four counts of involuntary manslaughter, two counts of second-degree murder and eight counts of cruelty to children. Read Now

  • Safeguarding Stony Brook University Hospital: HALO’S Commitment to Health & Safety

    The healthcare industry is experiencing an alarming escalation of violence, including an increase in threats against healthcare workers. As a result, it is looking for ways to be proactive and protect its staff and patients.  According to the Bureau of Labor Statistics,  the rate of injuries from violent attacks against medical professionals grew by 63% from 2011 to 2018 and hospital safety directors say that aggression against staff escalated as the COVID-19 pandemic intensified in 2020.      Read Now

Webinars