Access Convergences on Campuses
Although common knowledge it’s worthwhile to focus on how K-12 schools, especially universities, consist of a set of interconnected physical environments. These include classrooms, athletic facilities, common areas, dining areas, libraries and dormitories. Overlaying these physical spaces is a parallel set of virtual environments, such as library management systems, laboratory equipment checkout software, laundry payment systems and many others.
For years, these physical and virtual environments operated more or less in silos, particularly regarding security and access control. A student might have a key for her dorm room, an ID badge to let her sign a book out of the library, a stored value card for doing the laundry and so forth. This is starting to change.
Security and access control in educational institutions is now converging. The people who manage these different areas of campus life are interested in bringing the silos under a unified access control mechanism. Some want this convergence. Others feel pressure to make it happen due to budget pressures and demands from students and other stakeholders.
The convergence in access control also stems from a recognition that the institution will be better off if it has integrated awareness and control over the access privileges of students, visitors, employees and vendors. It’s costly and complex to oversee access control for these different groups, each of which has its own access requirements and time horizons. For example, a vendor making a delivery needs access for a few hours. A professor might have continuous access for a decade.
End users find it inconvenient to have to keep track of badges, keys, fobs and ID cards. It’s also easy for administrators to make mistakes that affect security, such as by neglecting to switch off access rights to a former employee — resulting in potential safety and theft risks.
The IT department is part of the convergence story, too. As most, if not all, access and security-related systems now run on standard computer hardware and operating systems, connecting via common campus networks, it’s only natural that IT would need to play a role in their operation. In addition, many stakeholders across security, IT and the school’s administration want interoperation among access control systems and nonphysical systems.
For example, admins might want access control privileges to be defined by user roles as set out in an identity and access management (IAM) platform like Microsoft Active directory. Or, they might want a single ID card to allow a student to sign out a library book, pay for laundry and park her car. This is a matter of software and data integration. A related expectation is that stakeholders will have access to comprehensive data about access control and end user behavior — with the capacity for data analytics, data visualization, reporting and alerting.
Cost, Compliance, Physical Security Mix
Technology and convenience are not the only drivers of convergence in access control. One issue is cost. Educational institutions are always trying to trim budgets, and the silo approach can be expensive to run. Consider the people and facilities required to run badge production offices. Badges, fobs and keycards cost money, too. If they get lost or stolen, there’s an administrative process to replace them that comes with a cost. Unified, integrated systems tend to be less costly to manage.
Compliance is a new factor in this situation. Federal and state laws intended to halt the spread of the coronavirus have created mandates for educational institutions to limit the number of people gathering in any one place. Schools must document that they are complying with these regulations. And, these rules may not go away for some time.
Schools are now subject to laws governing consumer data privacy, such as the California Consumer Privacy Act (CCPA). While the educational institution itself may not be bound by the regulations, their vendors typically are — so the institution may feel compelled to stay on top of any personally identifiable information (PII) that is going from the school’s systems into that of a vendor.
Physical security also matters in this context. Educational institutions are growing more sensitive to student and employee concerns about their physical safety. Incidents ranging from assaults to shootings and violent protests have made schools aware that they need to get better at tracking who is coming and going — and where people are in the event that something dangerous happens.
Breaking Through to Differentiate
How can a systems integrator present itself as a problem-solver that can address the needs of access control convergence and related requirements? A new approach, based on mobile identity management and access control, offers a clean solution. Known as dynamic identity issuance, it creates a core system that generates access credentials that work across virtually any physical or digital system on campus. Being mobile, it’s readily adopted by students and staff alike.
Here’s how it works: Administrators use a centralized identity issuance solution to create unique user identities. These identities allow selective access based on rules that depend on the user’s role, e.g., student, vendor or employee. The system leverages existing access control infrastructure, such as door readers, to detect the user’s identity on his or her mobile device. Typically, the door reader can be fitted with a sensor that detects the user’s smartphone identity credential while retaining its ability to work with its legacy card format. It’s a contactless approach. There is no production of a badge or card. Access privileges, and revocation of privileges, occur over the air.
The mobile approach enables the user to have one device, which she likely already owns, to serve as a universal means of access control. One’s smartphone opens the doors to dorms, classrooms, laboratories, gyms and cafeteria. It delivers freedom of movement. However, it’s also trackable. The system can optionally keep track of when people come and go from physical spaces. This is a big advance over legacy access control systems, which generally can’t tell when or if someone has left a space.
The use of standards is one of the keys to success for dynamic identity issuance. With standards, such as REST and IEEE 802.11.15, the many siloed access control systems, as well as other digital systems, can all communicate and inter-operate. This opens opportunities for taking payments and other types of transactions that add to convenience and revenue for the constitution. For example, the same identity credential that opens the library can buy a soda at a vending machine, charging it back to the student’s account automatically.
In addition to potential revenue generation, the dynamic identity issuance approach should result in a financial savings for the institution. Fewer siloed access control systems mean fewer administrators. It is also possible to eliminate the badge office, with its personnel and equipment. There are no cards or fobs to buy, nor administrative billing procedures for lost or stolen cards.
Dynamic identity issuance represents an opportunity for systems integrators that want to engage with educational customers and offer a solution that solves many current access control problems. The integrator becomes an agent of moneysaving change at the same time. It enables the convergence in access control that schools want, as well as the improved security they need.
The ability for the technology to leverage existing infrastructure is definitely a selling point. There is no “rip and replace.” It can be deployed incrementally. Armed with the right solution, a systems integrator can make a compelling case for dynamic identity issuance in the educational market and thrive in this new world of security and access control convergence.