How Integrated Systems Benefit Campuses
Solution providers need to use a consultative approach
- By Kim Rahfaldt
- April 14, 2020
Campus security requires a delicate balance of securing
critical components such as patients, students, intellectual
property or pharmaceuticals, yet provides an open and
welcoming environment to its numerous and diverse visitors.
Lobbies, gardens and public meeting spaces, for example,
must be available to the general public while a few feet away
behind an adjoining door a laboratory full of cancer research may
need protecting.
Campuses use internal security teams, contract outside officers
or employ police departments to implement security programs.
These teams use technology and rely on outside experts to help
make decisions and execute their security programs. They require a
lot of support.
Security directors need to work with solution providers who can
assist them through all phases of their process. The solution providers
need to use a consultative approach. Ideally, if the solutions provider,
integrator and any other parties involved can all work together—and
put the customer first in all situations—the end user will benefit and
achieve success.
Where Do You Start?
Company stakeholders must come together and perform an audit of
their current security system. When you gather all the stakeholders in
one room and perform a deep dive of the current security system,
operational gaps are uncovered. Silos between departments are
removed and collaboration begins. By thinking beyond security and
figuring out operational challenges, security directors can see the big
picture and determine next steps. Operational gaps will provide a
compelling reason to make a change and provide the important data
needed to develop a business case to upgrade a security system or add
new technologies to meet company needs.
Campus security directors need to look at everything from a risk,
cost and compliance perspective. What is at risk? How much are inefficiencies
costing the organization? In regulated industries, how is
compliance achieved? What happens if compliance is not achieved?
Answers to these questions will help determine what technologies
and programs are needed for the next several years
Open is the Only Choice
Security systems are not always kept up-todate
like technologies in other areas of our
lives. Can you imagine not updating your
phone or laptop with the latest software versions?
Updates automatically occur and we
don’t know about it until it’s done. Why
aren’t access control or video systems updated
as often? Why do organizations choose
not to invest in the latest solutions and operate
the most recent versions?
With DIY security solutions becoming
more affordable and millennials maturing
into leadership roles, the security industry is
going to see an uptick in organizations
upgrading their security solutions, particularly
their access control systems. End users
are going to need to run the most updated
software versions to keep their systems operating
at peak performance.
As campuses review their technologies,
identify operational gaps and understand
they need to upgrade, they will need to
install open solutions that will grow with
them. When they select their solution provider,
they need to ensure they offer open
solutions. Open solutions providers are willing
to share their Application Programming
Interface (API) with manufacturers to develop
integrated solutions.
For example, if a hospital uses access control
and video management in its parking
structure, but needs to upgrade and install a
license plate recognition (LPR) system, they
will want to install a LPR system that can
integrate with the access control and video
system. The result is the security team will be
able to view the LPR video via the access
control system, eliminating the need to open
a second program. This streamlines the process
in the Security Operations Center creating
a more efficient security program.
When a company invests in an open system,
they are future proofing their system.
Open systems are nimble. They can expand
easily, integrate with new technologies and
provide the opportunity for an end user to
expand when they are ready. There are virtually
no limits.
Proprietary systems have limited integrations
with third party technologies and
upgrades or expansions that are expensive. If
the proprietary system reaches end of life,
the customer will need to perform a complete
rip-and-replace which is expensive and
time consuming. Often companies that offer
proprietary systems sell direct to the end
user, which means the company is stuck.
Open systems are offered by integrators of all
sizes, boutique integrators or national integrators
who can provide alternative solutions
and expertise.
Identity Management Integration Helps
Campuses are overloaded with data and inefficient
processes that impact business operations
and continuity. They need better systems
and solutions in place to mitigate risk,
meet compliance and save money.
When processes get overcomplicated, or
there is pressure to meet rigorous compliance
requirements, the tendency is to hire
more people to resolve these challenges.
Implementing an identity management system
can help streamline processes to help
mitigate risk and meet compliance, which
saves money. An identity management system
can help with these six challenges on
any campus:
- On-boarding. Easily on-board new
employees by automating identity and access
rights. Assign the correct access levels every
time based on employee type.
- Change requests. Automate access
changes for employees, visitor or vendors.
- Off-boarding. Automatically remove
access when no longer needed.
- Recertification. In environments when
employees need to maintain certification, an
identity management system can help prove
and enforce compliance.
- Audit. Reduce manual errors, confusion
and delay when you implement a standard,
automated audit process.
- Compliance reporting. Ensure compliance
for HIPAA, SOX, NERC/CIP, etc. and
save money.
Your Biggest Threat
Visitors pose the biggest threat to campus
environments. Not only do we know nothing
about them, but navigating the challenge of
maintaining an open and welcoming, yet
secure environment is challenging. In a campus
environment, where there are many
points of entry, you need to determine what
risks a visitor brings versus the cost of a visitor
management system. At how many locations
do you need to manage visitors? Rather
than hire more people, use technology to
automate the visitor process.
First, determine the risk by measuring what you are protecting and the risk if a visitor slips through. In a university
setting, it may be laboratories, proprietary work or expensive equipment.
In hospitals, it might be pharmacies, birthing centers or psychiatric
wings. If an authorized person enters a pharmacy, what regulations
are you not adhering to? What money is lost if drugs are stolen?
A visitor management system enlists the help of employees and
engages visitors the moment their appointment is scheduled. The visitor
receives an email that includes an NDA they need to sign before
entering and information about where to park. Once in the lobby, they
can sign in using a kiosk or tablet, which automatically notifies the
visitor of their arrival. They can receive a guest access badge that only
allows access where they are authorized to be in the building, and will
terminate once their allotted appointment time is over.
All of the visitor information helps campuses meet audit requirements
by providing an audit trail. Visitor management systems save
money and help meet audit requirements.
Now Tie in Incidents
Universities, healthcare campuses and virtually any campus environment
needs to proactively investigate and manage incidents. Examples
of incidents needing investigation include theft, loitering, weather,
active shooters, injuries, inspections and poor processes. What are
the steps to dispatch an officer when an incident occurs? How do you
notify an officer and provide the details about the incident?
Data capture plays a big role in the effectiveness of managing an
incident. If you have officers writing notes at the scene, then returning
to the security operations center to re-input into a form, file or
Sharepoint site, the process is ineffective. When an incident occurs,
information needs to be collected, sorted and managed effectively.
How is that achieved?
After you review the incident and turn it into a case for investigation,
what steps are needed to pass the information to the right people
to share, collaborate and work the case? Using paper or a USB is
inefficient. You need to pass the information at the right time quickly
and easily.
Using an incident and case management system that integrates
with the rest of a security program can help manage the data, streamline
the process and resolve cases more quickly.
Once you have the data, what you do with it makes all the difference.
Understanding the data helps understand the likelihood of risk,
where it is and how to manage it. The data helps you analyze trends
and assign extra security when and where its needed.
What about Internal Threats?
Internal threats pose a high risk to campuses. People change their
behavior before they are about to do something different, such as
steal intellectual property. They attempt to enter areas at odd times,
or try a door they don’t normally use. Managing internal threats
using analytics identifies employee patterns to determine behavior
abnormalities. Campuses can use machine learning via their open
access control platform to perform threat analysis and add another
layer of security and save time, money and headaches by catching
someone before they commit an offense.
Implementing an open and integrated system provides the most
secure and easy-to-execute security program for campuses needing
to control access, manage identities and visitors and keep a tight rein
on incidents. Capturing the right data using automated systems will
help mitigate risk, meet compliance and save money.
This article originally appeared in the March April 2020 issue of Campus Security Today.