license plate, for example, as a form of cre- dential. In this case, access can be granted to a visitor as soon as their license plate is read. This can improve the flow of visitors through a facility while ensuring safety and security.
Simplifying the Auditing Process
When it comes to managing access policies, a PIAM allows organizations to develop their own security protocols and adjust them as needs and regulations change. In the past, security operators were the ones responsible for managing security across campuses. Now, area owners are also involved in determining who can access their environments.
Working together, security operators and area managers implement access policies within the PIAM. These policies indicate which attributes are required for access to a given area. If anything changes, they simply update the system and the new policy can be applied across the entire organization.
The ability to update access policies can be especially important in heavily regulated industries, like hydro, oil and gas, and other utilities, since they can receive heavy fines for failing to keep access rights up to date.
This includes anything from not revoking a visitor’s access after they have left the facil- ity to not accurately tracking a contractor’s movements.
The North American Electric Reliability Corporation (NERC) oversees the utility industry. They audit facilities regularly and fine those whose access rights are not up to date. This means that the ability to perform access audits is vital.
When an access audit is done manually, a security operator must run a report and provide an Excel spreadsheet to the area owner who must then go through the sheet line by line to see who must be removed and who needs to have their access rights updat- ed. The spreadsheet is then sent back to the security operator who implements the changes. Then, these changes have to be approved by the owner. Needless to say, the manual process is time consuming and can take months to perform.
With a PIAM, an area owner can check to verify access rights and perform changes or make updates as necessary. For example, if an individual has changed departments or been promoted to a new position, the area owner can immediately and automatically
increase or remove their access rights directly in the system.
Today, some PIAMs also allow organiza- tions to schedule access audits according to their own needs. If an organization is audit- ed each quarter, for example, the system can be programmed to perform them every 3 months. Since generating audits is simply a matter of area owners going into the system and approving or denying access rights, it becomes easy to provide auditors with a completed report when they arrive on site.
The increasing complexity of individual campuses as well as the expanding network of distributed facilities means that the chal- lenges around access management will con- tinue to grow. We know that addressing these challenges today as well as in the future is key. Effective employee and visitor management increases security, facilitates compliance, and leads to a better flow of people through places. A PIAM can play an important role in achieving the safe, seam- less movement of individuals through our environments.
Despina Stamatelos is a product marketing manager, Access Control at Genetec Inc.
JANUARY/FEBRUARY 2021 campuslifesecurity.com 21
Jirsak/Shutterstock.com