process can be very time-consuming.
Manual updates can also introduce errors. Students or employees
may be accidentally assigned into the wrong cardholder groups, for example, or the person making these changes may overlook revoking access to restricted areas in response to a change in status.
With a PIAM system, approvals are defined by your corporate policies. When temporary access requests are made via the portal, users can be prompted to define what the request is, why it is neces- sary, when they need it, and who it is for, so that the request goes directly to a designated person who can make an informed decision to grant or deny access.
You can link access control to the data set of your choice, which becomes your “source of truth” to define who can access which areas of your campus, and which stakeholders are empowered to change those access rights.
Your source of truth could be your active directory, HR or payroll system, a student database, or any other data set that reliably captures who is who on campus. Because decision-makers are identified by permission, when a supervisor changes roles or your organization is restructured, the system can still accurately identify who is empow- ered to approve or reject a new access request.
A More Efficient Way to Manage Temporary Access Requests
A PIAM system isn’t just an efficient way to manage access control changes at scale — it is also a faster and more reliable way to manage ad-hoc requests for visitors or when permissions change temporarily. Requests and approvals are managed via a secure, web-based portal, and administrators can establish parameters to limit the scope of these requests based on the policy of the organization.
For example, on a school campus, student cardholders may need to renew access rights on a yearly basis, in alignment with the school calendar. With a PIAM system, administrators can switch off access over summer break, adjust access to certain classrooms or labs when students register (or drop) specific classes, or grant access to exchange students only for the duration of their stay. When a staff member changes jobs, or if a student changes majors, access rights will auto- matically adjust to these changes so that everyone always has access to the places and spaces where they need to be.
For an organization with campuses in different cities, a PIAM sys- tem also makes it easy to grant temporary access to a visitor from the other office for a few days or weeks, without having to pick up anoth- er key or check-in at a reception desk. At the end of the specified period, the access rights will revert automatically — no need for sticky note reminders to switch it off.
How PIAM Systems are Addressing Pandemic-related Changes on Campus
The pandemic-related lockdowns of the past year have created a surge in the number of people working and learning from home, but it hasn’t eliminated the need to be on campus. We have seen a shift from organizations wanting to manage the flow of people on campus to needing to have a much greater degree of control and awareness of who is on-site and when.
In many places, lockdown restrictions have added new layers of com- plexity to access control, for example limiting the number of people who can be inside the building at any given time. In unusual circumstances like these, the power and flexibility of a PIAM system shines.
To limit the spread of COVID-19 in pandemic hot spots, organiza- tions want to implement features that reduce physical contact within buildings. This creates new requirements to combine physical access control with logical access control. In this case, PIAM workflow auto- mation to grant or revoke access and physically limit the number of
people in a given area makes this much easier.
With a cloud-based system for access control requests, it’s easy for
off-campus stakeholders to submit a request for access via the web- based portal. If the situation in your area requires strict limits on how many people can be present within a building or zone to ensure phys- ical distancing, you can establish access rules that grant entry only during specific hours. For example, certain groups may be able to badge in only on Tuesday and Thursday afternoons, while others may come on campus only Monday, Wednesday and Friday mornings. You can also limit the number of people who can book office time to a specific number per day or within another time you define.
If a person on campus tests positive for COVID-19, PIAM systems also speed contact-tracing. In this scenario, security teams can verify the security logs to see who badged in and out, and which areas of campus they accessed at what time. Administrators can then notify those who may have crossed paths with an infected person and let them know they should get tested for the virus.
The ability to have this level of visibility of traffic patterns on campus isn’t just relevant in these rare pandemic times. Whenever there is a potential threat—cyberattacks, insider breaches, or a violent incident— the ability to pinpoint who was on campus at that moment is essential.
Key Features to Look for in a PIAM System
When it comes to a PIAM system, look for a product that is unified with the overall security solution. Rather than piecing together sys- tems that were never designed to work together into an “integrated” system, a unified system can be deployed more quickly and easily.
Some other key features to look for include a self-service portal to make it easier for stakeholders to request new access privileges, auto- mated workflows and notifications to manage permissions as roles and needs change, and tracking and reports that include the context behind each request or exception. Connectivity to third-party sys- tems is another important feature, so that you aren’t updating records in more than one place.
If it’s an on-premises solution, additional hardware may be required, including servers. Cloud-based solutions, on the other hand, are compatible with most access control systems, and provide continuous delivery means that all feature add-ons and updates are handled without any interruption to the solution.
One thing many campus security teams appreciate is adding self- check-in kiosks to further streamline visitor management. A popular upgrade is a touchless visitor check-in system. In this case, visitors are emailed a unique QR code, which they can use to gain access at one or more specified entry points.
One final, but important point: the security of the PIAM system itself is fundamental. Ensure your PIAM system’s servers, communications, and data are secured and encrypted with the latest protocols so they are protected against cyber threats. In the case of Genetec ClearIDTM, poli- cies are located centrally, but identity information is stored in separate regional data centers, all data and files are encrypted. Customer data is segmented over a series of microservices with no central repository, this ensures that in the unlikely event that someone was able to overcome the various layers of security to access one data center, the information they could access would be incomplete and essentially unusable.
Centralizing your onboarding and off-boarding procedures with a PIAM system and automatically updating access rights based on employee attributes allows campuses to focus on managing people, not doors or cards. It minimizes delays, and reduces the likelihood of security gaps, and ensures your security protocols are always in align- ment with campus policies.
Sharon Jung – Commercial Lead, Genetec ClearIDTM
Trusted Identity
28 campuslifesecurity.com | MAY/JUNE 2021