Higher education facilities address challenges with PIAM software

Colleges and universities face many challenges related to the physical access and management of identities across multiple disparate systems that may be deployed across a campus. Among these challenges, the management of a large number of identities requiring differing levels of physical access to campus facilities, classrooms, services (i.e. bookstore, library, cafeteria, etc.), as well as ensuring safe and secure dormitory access.

Schools’ security and/or IT departments typically develop a number of teams, systems and internal policies to manage these identities, badging and access privileges. The business processes involved tend to be partly managed through loosely connected systems and are often dependent on manual steps of the IT department and administrative teams to process, record and periodically audit.

Because of the intricacies involved – and also because of the inherent security concerns – many schools are looking for a better way to manage these increasingly complex procedures using policy-based automation tools. In today’s education environment these tools can increase consistency, reduce manpower related costs, provide better assurance of compliance and ultimately provide a more streamlined process along with an enhanced security environment.

The question then becomes: is it more advantageous for the school to build or buy the physical identity and access management (PIAM) software?

 

Establishing the Framework

The appeal of building an in-house custom application is often founded on the belief that processes, challenges and unique needs of the school are better understood within the organization than by an outside vendor and that the solution can be developed more accurately and less expensively internally. However, many identity management issues and requirements in an educational application are similar in nature and it will save time, and potentially costs, to purchase a COTS package developed specifically for schools by a more specialized software developer. In either case, a well-designed solution should include the following:

  • Easy Central Management – Web based platform to centrally manage all physical identities, their access details, results of security checks and access history. Automates the on/off boarding of identities with rules based access provisioning, and allows for the creation of virtual access zones and access profiles.
  • Reporting – Capability for out-of-the-box and custom tabular and graphical reports, including options for sorting, grouping and filtering of data. Scheduling report delivery via automated email or file upload should be allowed.
  • Watch Lists – Development and management of watch lists of physical identities that are potential threats to the school, complete with associated risk profiles and historical details.
  • Badging – Automated process that is independent of locations or physical access control systems (PACS). Allows rule-based production and assignment of one or more badges to a cardholder; enables printing and encoding into different card types as a single process.
  • Audits – Automates periodic reviews/audits of identities and their access by the area owners. Enables users to define and configure audits and allows automatic creation of access audit tasks for area owner’s review.
  • Visitor Identity Management – Web-based control for visitor/event pre-registration, security check against watch lists, visitor check-in/check-out, badge printing and centralized reporting functions.
  • Asset Management – Allows central management, issuance and audit of one or more physical security assets (i.e. vehicles, cell phones, etc.) that are provisioned to identities managed within PIAM.

In addition to the above PIAM system functionalities, there are three key areas that should be considered when making the choice between an in-house developed solution and a COTS package – cost, customization and convenience.

 

Cost

If considering an in-house developed solution, costs must include the time-intensive process of developing the outline/application, assigning personnel and determining charge-back costs for development, testing and support. Because of the nature and complexity of the PIAM application, the development must take into consideration workflow that integrates a variety of business system processes as well as the integration between existing hardware and/or software systems. For example, when one set of privileges changes, whether physical or logical, that alteration must trigger automatic, complementary revisions in other sets.

What makes a COTS system an effective alternative and ultimately more attractive for a higher education institution is its capacity for centralized administration. It’s as simple as logging into the browser which immediately triggers the PIAM backend system chain of events. By automating the various processes, the user reduces the risk of manual errors and potential security breaches, and minimizes operational costs. For example, when a student or faculty/staff member is enrolled in the system, their identity is automatically tied into several campus systems such as PACS, HR, debit systems, library systems, parking and so on. With this single identity, they can use their one badge all across campus for any of the services mentioned. And, in the instance of a threat situation, access can instantly be revoked or access can be denied.

 

Customized Solutions

PIAM solutions that are in compliance with federal, state and agency regulations as well as any donor or school-imposed policies are more readily available from vendors who understand the requirements both from the business/regulation side and from the technical side. The work is done and built into the application and in most instances the software program will meet the customer’s requirements out of the box for complying with the Family Educational Rights and Privacy Act (FERPA) or HIPAA if it is a teaching school affiliated with a hospital/medical facility.

Vendor-based solutions also feature quick and efficient enforcement and reporting of compliance issues with options for pulling reports. These real time reports and executive dashboards allow the school to streamline card lifecycle and compliance management as it pertains to FERPA and HIPAA.

 

Convenience

The operation and use of COTS software typically includes the capability to easily and readily manage all types of identities including students, faculty and staff as well as temporary employees, contractors, service providers and vendors. Physical identity details such as biographic and biometric information as well as results of security checks and historical usage need to be accessed and provisioned correctly and de-provisioned accordingly in a timely and efficient manner. In addition to aggregating access level information from various systems, PIAM software should encompass details such as risk level, area owner, multiple approvers and prerequisites for access. The system must also provide audit trails of all transactions.

 

Meeting Objectives

For educational institutions, the ideal COTS solution will take cost, customization and convenience into account, as Quantum Secure did when we created our policy-driven SAFE software suite. This solution was designed to standardize and automate physical identify lifecycle management; integrate with disparate systems; and provide seamless processes for on-boarding, off-boarding and managing identities as well as providing increased visibility and reporting and analytics functions.

With this solution, operational cost reductions can be seen in the elimination of duplicate work efforts across multiple systems; reduced number of manual processes and data entry points; cost reduction benefits in operational training and better use of resources; streamlined management and access request processes via one centralized solution; and the cost reductions are sustainable and repeatable year over year.

 

Ajay Jain is president and CEO of Quantum Secure.

Loading