Process driven access control

June 2010 Access Control & Identity Management

Integrated access control solutions deliver impressive functionality, yet there is a significant requirement for seamless integration and the application of intelligent framework solutions that empower educational institutions to unlock considerable value by integrating disparate systems. Detailed blueprint design, including business process mapping and detail technical and functional requirements definition is key for successful delivery to the various stakeholders.

In addition to schools, educational institutions such as universities and colleges present a unique challenge with regards to application of security technologies.

Campus architecture and design has historically been towards open facilities for learning. The increasing need to provide a secure environment for students has placed significant pressure onus on academic institutions as has the global trend towards smart campuses where technology ­innovation allows for a secure environment without creating an impression of locked down facilities.

Challenges in educational institutions

Implementing a seamlessly integrated access and security solution in a corporate or manufacturing environment is often a significant challenge. In a dynamic and ever changing environment such as universities/colleges where change is not only limited to student turnover the challenge is significantly increased.

Typically, installed security systems are secure at the time of installation, but over time the database accuracy is degraded as access rights that should be managed by group policy are allocated to individuals based on urgent needs or physical location and actual changes are not configured on the system. Processes such as terminations, course changes, location changes for lectures and classes are not automatically applied and the recording of attendance to these classes by students (sometimes a statutory requirement) is reduced to a manual paper trail with no consolidated reporting benefit.

With a global focus on corporate governance and specifically governance, risk, and compliance (GRC), all aspects of an organisation are directly or indirectly impacted by heightened security policies and procedures. These new business requirements demand that non-security functions (HR/IT/finance/facility/wellness and even logistics, etc,) become directly accountable for identity management and policy enforcement.

In educational environments, the various inputs required to allow access or record attendance can become extremely complex.

Ownership of source data input, for example, has effectively transferred accountability from the security function to whoever is accountable for the relevant business process and mandated for the correct capture of the source data.

If one applies basic real-life processes and scenarios to this data, it could mean that a student’s access to site or a specific area is dependent on multiple people in an organisation providing an holistic framework for a process driven solution:

* His/her master data being valid (Student Admin) – data might even reside in disparate systems,

* Payment of accounts being valid (Finance),

* Course content allowing usage of computer labs (IT) and

* If driving a university vehicle that their driver’s licence is valid (Safety).

Legacy options

Common practice is to isolate an organisation’s people data into numerous applications such as payroll, time and attendance (T&A), HR, access control, enterprise resource planning (ERP), user access (IT) and many other systems. This gives great flexibility to the organisation in allowing the use of best-of-breed solutions, each addressing specific needs.

The problems created with this approach when applying physical and logical security policies and systems is:

* No single system has a true (single version of the truth) view of all the people data and relationships within the organisation (students/employees/contractors/service providers/visitors etc).

* Due to the disparate nature of these applications, sharing of data is often dependent on specialist interfacing skills or manual processes such as e-mails containing report extracts to spreadsheets and labour intensive importing of files and/or interfaces. The systems can be subject to a high level of erroneous data – for example, names are spelt incorrectly, identification data is mistyped for the same person across the different applications.

* Data is often out of date. Administration or HR terminates a person in its system, but they remain active on the other systems.

* Each system has segmented data specific to a functional need. For example, HR is only interested in employees and contractors, IT is only interested in users and security wants to know about everybody including visitors.

* Security risks are increased when systems are not seamlessly integrated and linked according to process.

When these issues are combined, the problem becomes exponentially more complex. Systems integration can solve some of these issues, but often lacks the flexibility to change in line with the organisation or is vendor specific.

Annual churn of student data and allocation of access rights to students based on course selection etc. would possibly be manageable by interfacing an authoritative system (such as a student management or accounting system) to a new access control solution. However, when an holistic view of the requirements is taken it is clear that no single system will cater for all the stakeholder needs. Figure 1 is an example of an application architecture landscape of an integration framework that applies process driven access control solutions at an academic institution.

Figure 1
Figure 1

For more information contact innoVIZION Business Solutions, +27 (0)11 463 0123, [email protected], www.innovizion.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

A platform for access and identity at Securex 2025
Securex South Africa Access Control & Identity Management Facilities & Building Management
South African companies involved in supplying access control technology, security services, and data management are well-positioned to tap into the expanding access control market at Securex 2025.

Read more...
Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
Insurance provider uses Net2 For access management
Paxton Access Control & Identity Management Integrated Solutions Healthcare (Industry)
BestMed selected Paxton Net2 for its access control requirements because of its simplicity of installation and ease of navigation for end users, as well as the 5-year warranty.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Embracing contactless access solutions
HID Global Access Control & Identity Management
There has long been a discussion of the perils and virtues of authentication factors. Is it more secure to use something we have (a key card), something we know (a password), or something we are (biometrics)?

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions Commercial (Industry)
Suprema has released its BioEntry W3 facial authentication access control device with multiple authentication options, including RFID cards as well as mobile credentials, designed for durability and resilience.

Read more...
The power of knowing your client
Ideco Biometrics Access Control & Identity Management Integrated Solutions
One of the most effective ways to combat the threat of fraud, identity theft, and financial crime threats is through a robust Know Your Client (KYC) process, which safeguards both businesses and clients.

Read more...
Smarter ways to secure your space
Elvey Security Technologies Access Control & Identity Management Products & Solutions
Ensuring the safety of people and assets has become more crucial than ever, and access control systems provide essential tools to regulate and monitor who can enter specific areas or access sensitive resources.

Read more...
Facial recognition in national security
Access Control & Identity Management Government and Parastatal (Industry)
As global security challenges evolve, facial recognition technology provides a vital edge by turning our unique identities into powerful assets for national defence and changing a sea of anonymity into a line of defence.

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...