Colleges and universities face many challenges related to the physical access and management of identities across multiple disparate systems that may be deployed across a campus. Among these challenges, the management of a large number of identities requiring differing levels of physical access to campus facilities, classrooms, services (i.e. bookstore, library, cafeteria, etc.), as well as ensuring safe and secure dormitory access.
Schools’ security and/or IT departments typically develop a number of teams, systems and internal policies to manage these identities, badging and access privileges. The business processes involved tend to be partly managed through loosely connected systems and are often dependent on manual steps of the IT department and administrative teams to process, record and periodically audit.
Because of the intricacies involved – and also because of the inherent security concerns – many schools are looking for a better way to manage these increasingly complex procedures using policy-based automation tools. In today’s education environment these tools can increase consistency, reduce manpower related costs, provide better assurance of compliance and ultimately provide a more streamlined process along with an enhanced security environment.
The question then becomes: is it more advantageous for the school to build or buy the physical identity and access management (PIAM) software?
Establishing the Framework
The appeal of building an in-house custom application is often founded on the belief that processes, challenges and unique needs of the school are better understood within the organization than by an outside vendor and that the solution can be developed more accurately and less expensively internally. However, many identity management issues and requirements in an educational application are similar in nature and it will save time, and potentially costs, to purchase a COTS package developed specifically for schools by a more specialized software developer. In either case, a well-designed solution should include the following:
- Easy Central Management – Web based platform to centrally manage all physical identities, their access details, results of security checks and access history. Automates the on/off boarding of identities with rules based access provisioning, and allows for the creation of virtual access zones and access profiles.
- Reporting – Capability for out-of-the-box and custom tabular and graphical reports, including options for sorting, grouping and filtering of data. Scheduling report delivery via automated email or file upload should be allowed.
- Watch Lists – Development and management of watch lists of physical identities that are potential threats to the school, complete with associated risk profiles and historical details.
- Badging – Automated process that is independent of locations or physical access control systems (PACS). Allows rule-based production and assignment of one or more badges to a cardholder; enables printing and encoding into different card types as a single process.
- Audits – Automates periodic reviews/audits of identities and their access by the area owners. Enables users to define and configure audits and allows automatic creation of access audit tasks for area owner’s review.
- Visitor Identity Management – Web-based control for visitor/event pre-registration, security check against watch lists, visitor check-in/check-out, badge printing and centralized reporting functions.
- Asset Management – Allows central management, issuance and audit of one or more physical security assets (i.e. vehicles, cell phones, etc.) that are provisioned to identities managed within PIAM.
In addition to the above PIAM system functionalities, there are three key areas that should be considered when making the choice between an in-house developed solution and a COTS package – cost, customization and convenience.