16 Tips for Managing Identity and Physical Access on Campus
Creating single identities that are used campus wide, automating manual tasks and cross-checking databases will help to protect students, staff, visitors and campus property.
Effective campus security depends on knowing who is on campus and where they have access. While credentials such as visitor passes and access cards enable physical access, the true issue is the identities of individuals holding those cards.
Higher education environments present many challenges to physical identity and access management. Issues including multiple campuses and buildings, research laboratories and other restricted areas, higher levels of security integration in dormitories, and a wide variety of personnel can create significant hurdles to efficient identify management and related physical access.
Managing identity in the campus environment is a challenge, but new software systems help to meet the challenge. These 16 best practices can maximize effective management of identities and physical access in the campus environment, including some that take advantage of off-the-shelf software.
1. Manage identities based on levels of trust. There are three categories of identities in the educational campus environment: trusted identities (faculty and staff), semi-trusted identities (students) and untrusted identities (visitors, vendors, etc.). Anyone tasked with improving campus security and safety should recognize the complexities involved in managing all three. For example, a student’s identity might include when and where he or she has access based on class requirements and schedule. Any changes in class schedule or housing would need to be updated in real-time to ensure security. Managing identities effectively enables role-based assignment of access to restricted areas and physical assets for all three categories of trust. Managing untrusted identities, in particular, requires dependable processes to be in place and precise attention to detail.
2. Apply the principles of logical identity management to the physical world. Identity management (IdM) or access and identity management (AIM) systems are used in the IT world to manage the individual identities, their authentication, authorization, roles, and privileges within or across systems and networks. A similar type of software system, physical identity access management (PIAM) systems, can be used to manage identities in the physical security environment. These operate like IdM systems to manage all aspects of identity and access across multiple systems, including physical access control systems. Also like IdM systems, PIAM solutions can base decisions and enable workflows according to the identities of users. Software systems interface with existing physical access control systems to verify identities and grant access based on consideration of campus-wide policies and an individualized profile of where an identity has access.
Related Article: Survey: Campuses Struggling to Manage Their Guests
3. Create a single identity to be used in multiple systems campus-wide. Non-integrated access control, timekeeping or even computer systems that serve various campus areas may require a person to be enrolled separately into each system. Such a scenario is inefficient and time-consuming to administer. If someone is terminated, their status has to be updated separately in each system, and delays in doing so can compromise security. A unified software system can manage a single identity campus-wide and can be updated anytime the status of an identity changes. One identity is managed independently of each system and can interface with all the systems to provide efficiency while ensuring security. PIAM systems work with existing physical security infrastructure, so there is no need to rip and replace existing systems.
4. Automate manual operations to improve efficiency and accuracy. Too many processes related to identity management in the campus environment are still handled manually, from data entry to paperwork approvals. Manual processes might require completion of paperwork to issue an access control card or data entry to enroll a new hire into multiple systems. Manual processes must happen before a card is activated, and another set of manual processes must occur to de-activate a card and deny access, for example, in the case of a terminated employee. The corresponding delays, whether because of slow processes or heavy work load, can compromise security. Automating these processes solves the problems.
5. Leverage real-time updates of access rights and privileges. De-provisioning has inherent risks if it is not managed in a timely way. Student safety depends on timely updates regarding who has access to various campus locations or student housing. A delay in updating the status of a terminated employee or an expelled student could put student safety at risk and create serious liability for the institution. An automated approach can link real-time updates of access rights to any updates in the HR system or registrar’s enrollment system. PIAM systems can be integrated with existing LDAP/Active Directory/HR/campus registrar databases (Banner, Blackboard, Datatel, etc.) to manage all changes and modifications to physical and logical access.
6. Avoid bottlenecks. Student provisioning can be a huge job, especially between semesters when each student’s access privileges must be changed to reflect a new class schedule and/or access needs. Efficiency comes from synchronizing all possible changes (termination, semester changes, registration, etc.) for all personnel and students. Each individual identity reflects the department code, the courses enrolled, the current status, etc., to ensure fast and efficient provisioning.
7. Respond rapidly to stolen cards or credentials. When an access card is stolen or lost, there is potential for an interloper to enter various areas on campus. Again, de-provisioning in a timely manner is critical. Automated processes and centralized management of identities provide the best strategies to ensure rapid response and maximum security.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!