Streamline Your Security Process
How a PIAM system can help your campus enforce security policies while improving the flow of people within your facility
- By Sharon Jung
- June 01, 2021
Campus security has become more complex over the last
decade. This makes it challenging to respond effectively
when faced with new and unpredictable circumstances, like
a global pandemic.
In the past year, COVID-19 has upended many of the routines
and procedures we used to rely on, and campus administrators
have found themselves having to adjust to an ever-changing list of
requirements to meet new security needs.
It can be a time-consuming, bottleneck-prone process to change access
permissions for many users, especially in the event of temporary restrictions,
requiring administrators to change them all again soon afterward.
A simple solution to streamline this process is to upgrade to a
Physical Identity Access Management (PIAM) system, which automates
access rights. A PIAM system cuts through the complexity and
makes it easy to quickly adapt your corporate security policies on the
Thy, without getting bogged down in bureaucracy.
The key is attribute-based provisioning, which allows security
teams to define access based on a clear set of parameters, such as
employee or student status, location or role. It is easier than you
might think to implement, and can be done with off-the-shelf solutions
that sync with your existing policies, procedures, and databases.
Reduce Administrative Overhead
Many access control systems rely on supervisor or security personnel
to manually create and update cardholder groups. This isn’t a big deal
when you’re onboarding one employee or updating one person’s pro-
file. But when you’re onboarding hundreds of new students, restricting
access to many furloughed employees, or updating the location
profiles of a large cohort moving from one building to another, the process can be very time-consuming.
Manual updates can also introduce errors. Students or employees
may be accidentally assigned into the wrong cardholder groups, for
example, or the person making these changes may overlook revoking
access to restricted areas in response to a change in status.
With a PIAM system, approvals are defined by your corporate
policies. When temporary access requests are made via the portal,
users can be prompted to define what the request is, why it is necessary,
when they need it, and who it is for, so that the request goes
directly to a designated person who can make an informed decision
to grant or deny access.
You can link access control to the data set of your choice, which
becomes your “source of truth” to define who can access which areas
of your campus, and which stakeholders are empowered to change
those access rights.
Your source of truth could be your active directory, HR or payroll
system, a student database, or any other data set that reliably captures
who is who on campus. Because decision-makers are identified by
permission, when a supervisor changes roles or your organization is
restructured, the system can still accurately identify who is empowered
to approve or reject a new access request.
A More Efficient Way to Manage Temporary Access Requests
A PIAM system isn’t just an efficient way to manage access control
changes at scale — it is also a faster and more reliable way to manage
ad-hoc requests for visitors or when permissions change temporarily.
Requests and approvals are managed via a secure, web-based portal,
and administrators can establish parameters to limit the scope of
these requests based on the policy of the organization.
For example, on a school campus, student cardholders may need to
renew access rights on a yearly basis, in alignment with the school
calendar. With a PIAM system, administrators can switch off access
over summer break, adjust access to certain classrooms or labs when
students register (or drop) specific classes, or grant access to exchange
students only for the duration of their stay. When a staff member
changes jobs, or if a student changes majors, access rights will automatically
adjust to these changes so that everyone always has access
to the places and spaces where they need to be.
For an organization with campuses in different cities, a PIAM system
also makes it easy to grant temporary access to a visitor from the
other office for a few days or weeks, without having to pick up another
key or check-in at a reception desk. At the end of the speciThed
period, the access rights will revert automatically — no need for
sticky note reminders to switch it off.
How PIAM Systems are Addressing
Pandemic-related Changes on Campus
The pandemic-related lockdowns of the past year have created a surge
in the number of people working and learning from home, but it
hasn’t eliminated the need to be on campus. We have seen a shift from
organizations wanting to manage the flow of people on campus to
needing to have a much greater degree of control and awareness of
who is on-site and when.
In many places, lockdown restrictions have added new layers of complexity
to access control, for example limiting the number of people who
can be inside the building at any given time. In unusual circumstances
like these, the power and flexibility of a PIAM system shines.
To limit the spread of COVID-19 in pandemic hot spots, organizations
want to implement features that reduce physical contact within
buildings. This creates new requirements to combine physical access
control with logical access control. In this case, PIAM workflow automation
to grant or revoke access and physically limit the number of
people in a given area makes this much easier.
With a cloud-based system for access control requests, it’s easy for
off-campus stakeholders to submit a request for access via the web-based
portal. If the situation in your area requires strict limits on how
many people can be present within a building or zone to ensure physical
distancing, you can establish access rules that grant entry only
during specific hours. For example, certain groups may be able to
badge in only on Tuesday and Thursday afternoons, while others may
come on campus only Monday, Wednesday and Friday mornings.
You can also limit the number of people who can book office time to
a specific number per day or within another time you define.
If a person on campus tests positive for COVID-19, PIAM systems
also speed contact-tracing. In this scenario, security teams can verify
the security logs to see who badged in and out, and which areas of
campus they accessed at what time. Administrators can then notify
those who may have crossed paths with an infected person and let
them know they should get tested for the virus.
The ability to have this level of visibility of traffic patterns on campus
isn’t just relevant in these rare pandemic times. Whenever there is a
potential threat—cyberattacks, insider breaches, or a violent incident—
the ability to pinpoint who was on campus at that moment is essential.
Key Features to Look for in a PIAM System
When it comes to a PIAM system, look for a product that is unified
with the overall security solution. Rather than piecing together systems
that were never designed to work together into an “integrated”
system, a unified system can be deployed more quickly and easily.
Some other key features to look for include a self-service portal to
make it easier for stakeholders to request new access privileges, automated
workflows and notifications to manage permissions as roles
and needs change, and tracking and reports that include the context
behind each request or exception. Connectivity to third-party systems
is another important feature, so that you aren’t updating records
in more than one place.
If it’s an on-premises solution, additional hardware may be
required, including servers. Cloud-based solutions, on the other
hand, are compatible with most access control systems, and provide
continuous delivery means that all feature add-ons and updates are
handled without any interruption to the solution.
One thing many campus security teams appreciate is adding self check-in kiosks to further streamline visitor management. A popular
upgrade is a touchless visitor check-in system. In this case, visitors are
emailed a unique QR code, which they can use to gain access at one
or more specified entry points.
One final, but important point: the security of the PIAM system itself
is fundamental. Ensure your PIAM system’s servers, communications,
and data are secured and encrypted with the latest protocols so they are
protected against cyber threats. In the case of Genetec ClearID™, policies
are located centrally, but identity information is stored in separate
regional data centers, all data and files are encrypted. Customer data is
segmented over a series of micro-services with no central repository, this
ensures that in the unlikely event that someone was able to overcome
the various layers of security to access one data center, the information
they could access would be incomplete and essentially unusable.
Centralizing your onboarding and off-boarding procedures with a
PIAM system and automatically updating access rights based on
employee attributes allows campuses to focus on managing people,
not doors or cards. It minimizes delays, and reduces the likelihood of
security gaps, and ensures your security protocols are always in alignment
with campus policies.
This article originally appeared in the May / June 2021 issue of Campus Security Today.