Card, mobile credential, payment and security
By Tom Bell, Vice President, Commerce Industry Relations, Blackboard
At a recent seminar, campus executives were asked how they planned their card system and if their plan was strategic. All referred to the planning as “detailed;” and said it involved partner research, equipment evaluation, software testing and a variety of other important steps. As much as they wanted it to be, however, none considered it strategic, let alone ongoing.
I think we may all have known that feeling. Planning is often detailed but rarely strategic. In fact, many campus transaction systems result from reactionary decisions. These reactions are driven by immediate needs, such as updating point-of-sale equipment, adding access control or controlling some kind of campus crisis.
Scheme, Scope and Scale
A transaction project, like any enterprise system, should not end with deployment. In fact, that may just be the beginning. As campuses tend to discover, innovative ideas and applications will bubble up the longer the system operates on campus and as more departments become familiar with its capabilities.
Ideally, a rolling three to five-year plan should blend system objectives with a campus’s mission and strategic plans. That may be ambitious given the challenges of a modern university environment; still, an ongoing process that tackles both current challenges and long term direction will go a long way toward increasing the value of your investment.
Imagine any of the following situations. (If you’re campus is typical, it won’t be difficult.)
Any or all of these can be the starting point, a milestone or distant outlier for a strategic planning effort. Even in its most limited implementations, the transaction system will touch almost every department and division of the university in some way, and very often the surrounding community as well. For that reason, it is essential that campus decision-makers recognize that transaction system planning is an institution-wide project, not a departmental one.
Teams Make The Difference
How well your transaction system strategy is aligned with the mission and strategies of the university may do more to determine its return-on-investment than almost anything else. These systems must be capable of adapting, integrating, and expanding as mission, strategies and constituencies change, so maintaining that alignment should be an ongoing process. Trying to deal with those situations listed above individually, as each arises, under short deadlines and shrinking budgets is a prescription for “sub-optimizing” (at least!). Unfortunately, this is where many campuses find themselves when they fail to look at the larger and long-term picture?
A better solution is to create planning committees from representative campus groups. These groups should set objectives based upon the larger organizational vision, and they should provide direction to a campus implementation task force, whose job it is to keep the project on schedule.
Very important: Comprehensive education should be provided to everyone on these teams so that old and outdated technology doesn’t contaminate the final product.
Once implemented, a transaction solution will present a new way of doing business and a new method for providing services to the university community. Forming cross-campus strategy teams will help ensure that key decisions satisfy and will be embraced by all (or at least most) constituencies. For example, one important consideration will be how to access the systems—card, PDA, website or a combination. You’ll want to find the right fit for everyone, both for today and tomorrow. The end result is a true Networked Transaction Environment where all members of the campus community are able to access information, services and facilities using a single account.
The Game Plan: X’s And O’s
What should be covered in a strategic plan? Among other specific considerations it should:
In addition to aligning with the university’s mission, systems planning must be consistent with—if not driven by—campus-wide operational plans and strategies, at least for near- and mid-term objectives. For example, business goals for a given year might call for improvements in efficiency. Technology will certainly play a key role in any such effort, therefore aspects of the transaction system plan might focus on issues such as its use as a systems integration platform, automating reporting or speeding services.
The Ongoing Value of Strategic Planning
The transaction system is a unifying platform for so much campus activity that in perhaps no other area will ongoing planning provide greater return on the effort. As more and more users experience the advantages of the transaction system platform, campuses that have made the change inevitably see new ideas rising up from across campus. Experience shows that this change will happen gradually, but it will happen, and that’s exactly the kind of situation that can benefit most from good strategic planning.
In 2006 a great new feature section will appear in each and every issue of CR80News. Our new Physical Security Corner will explore key issues related to the changing security landscape. Physical security is no longer a standalone “silo” within a campus … it is a vibrant, essential component with enterprise-wide implications.
Key themes running through this recurring feature article will be identity and convergence. That is because these are among the most significant defining features of the modern security landscape. Thus it seems fitting that we explore these two concepts for this inaugural installment of our Physical Security Corner.
Identity and physical security …
The concept of physical security assumes adequate identity management, but unfortunately this has not been the case. To explain this idea, an understanding of the identity management process is necessary.
Identity management can be thought of as a set of processes used to identify an individual within an organization and grant access to a defined set of privileges based on that individual’s unique status. Certainly from the traditional concept of physical security, identity management seemed obvious … we create a badge and the badge holder swipes or presents it to a card reader and is granted or denied access.
True this is a form of identity management, but is it “adequate identity management?” Most agree it is not. There are far too many weak points in the chain. Was the individual’s identity vetted prior to badge issuance? Was authentication conducted at the reader to ensure that the badge’s user is the person it was issued to? Is an effective system in place to revoke access rights for former users, lost cards, etc.?
Questions such as these indicate why adequate identity management must be a fundamental component of any security system. Though identity management has become a cross-industry buzzword and countless definitions are kicked about, key concepts or steps are common. Identity management consists of:
Verification
“Verification,” according to the OpenGroup, a standards and interoperability-focused consortium, “is the process of establishing identity prior to the creation of an account that can later be used as an assertion of identity.” It is the background check that ensures that the individual you are about to enroll in the system or provide a credential to access the system is indeed the person they claim to be. Verification can be lenient (e.g. “I am John Doe because I say I am”) or strict (e.g. fingerprint checks, interviews with past associates). The first requirements of HSPD-12, the new U.S. government mandate for standardized secure credentials across agencies, focus on verification of new and existing employees through extensive background checks. Interestingly, a source tells us that a number of existing employees using fake identities have already been uncovered via the process.
Authentication
The OpenGroup defines authentication as “the process of gaining confidence in a claimed identity.” It is the means by which the person claiming to be “John Doe” is tested to determine that he is indeed “John Doe.” In traditional security architectures, authentication was limited to visual checks of the credential by a guard (e.g. flash pass) or simple possession and presentment to a reader of the issued credential.
In modern identity systems, multi-factor authentication (possession of the credential combined with some combination of passwords and biometrics) is desired. Validation of the credential’s authenticity is also key.
Revocation
The other core step in the management process is the revocation of issued credentials and the subsequent notification of that revocation to impacted systems. Obviously, the days of former employees possessing still-valid credentials are past. Immediate revocation must be enabled to avoid potentially disastrous security breaches. In addition to this obvious need for revocation, many systems are purposefully revoking or suspending privileges of valid identities as a means to cyclically return to the first phase of the identity management process, Verfication. In so doing, the individual is subject to some form of re-verification, such as an updated check of criminal history files or suspected terrorist lists.
While there are many other important aspects to identity management – trust, provisioning, federation – these three cornerstones form the core of the concept. These and other concepts will underlie many of the future discussion in this Physical Security Corner.
Convergence and physical security …
As the importance of identity management was being recognized, so too was the concept that a single individual has many identities within and across an organization. At the core, many individuals have both physical access and logical (or network/data) access needs. Converging aspects of the identity management for physical and logical security affords great benefits in terms of user convenience, process redundancy, and enterprise-wide security.
The melding of the verification, authentication, and revocation processes for physical and logical security has become a major goal and challenge of modern organizations. Previously separate management and organizational structures (e.g. facilities and IT) are striving (sometimes struggling) to share this common ground.
Looking ahead to 2006 …
With these fundamental concepts in hand, we will move forward throughout the next year in our exploration of this new world of physical security. We will investigate core concepts of security systems, delve into specific issues such as maintaining databases for converging systems, and keep a constant eye on the impacts that initiatives such as HSPD-12 and global standardization efforts may have on your campus.
The editorial team at CR80News would like to thank security leader, Lenel Systems International, for the sponsorship that will enable us to bring you this dedicated feature throughout the New Year. Stay tuned.
Compare FIPS 201 ProductsVersion 4.16 of Onity’s Integra3 software solution enables campuses to support online doors via ethernet rather than modem or RS485. The solution from Onity is used by more than 200 colleges and universities in North America for online and offline door control.
ONITY UNLEASHES INNOVATIVE SOFTWARE ON INDUSTRY TO MEET EVOLVING NEEDS
OF HIGHER EDUCATION FACILITIES
As the first electronic locking software to fully comply with Ontario, Canada, Building Code provisions, the Integra3 Version 4.16 improves campus safety and efficiency
ATLANTA (J, 2005) — Onity, the leading provider of electronic facility control solutions, recently announced the availability of its newly enhanced Integra3 software—a popular electronic locking system used by nearly 200 North American colleges and universities to improve control and security.
Now supporting online doors via Ethernet, Version 4.16 replaces previous connections to software through either modems or hard-wired RS485 networks.
With a new Alternative Fire Code (AFC) mode, the Integra3 software is the first in the electronic locking industry to meet all the provisions of the Ontario, Canada, Building Code, Section 3.3.4.5., which requires that doors not automatically lock when a person exits the room—instead of relying on the key holder to relock the door themselves.
“Not only does the AFC mode open the doors for Ontario universities seeking more control over facility access, but it also offers a revolutionary safety feature for schools in case of fire or disaster–when students’ rooms may require easy re-entry,” said Onity’s Vice President of Business Development Adam Yapkowitz.
Helping to eliminate recoding work for housing staff and improve security, Onity’s Version 4.16 is also the first software to allow for individual expiration of access to various doors for each user to happen on different dates. For example, if a campus maintenance worker will be repairing heaters in several rooms, but only will need access to one floor a day, that can be pre-coded instead of him having to return to the Housing Office daily for recoding.
Additional features of the Integra3 Version 4.16 include: Enhanced operator password security; enhanced system administration tools, such as the ability to see which machines and users are running the software; and enhanced interface engine support.
“Our latest software is ideal for institutions that require a combination of online and offline access integrated within a single, easy-to-use software package, and for any colleges or universities looking to improve the system for access currently in place,” Yapkowitz said.
ABOUT ONITY, INC.
Since 1941, Onity has become the world leader in delivering the finest electronic locks backed by legendary service, and has a sales and service network that spans more than 115 countries. With stand-alone electronic locks installed on more than 3 million doors globally, Onity’s ever-expanding family of electronic solutions today includes Electronic locking systems, Electronic in-room safes, and Energy management solutions.
Syracuse University has inked a five-year agreement with Mac-Gray Corp. for the company’s LaundryView system that allows students to monitor the status of the washers and dryers in their campus laundry rooms from any device with a web browser, such as cell phones or computers.
First Installation Where Campus Laundry Facilities are Managed by the University
WALTHAM, Mass.– Mac-Gray Corporation, the nation’s premier provider of laundry facilities management services to college and university residence halls, announced a five- year licensing agreement for its LaundryView system with Syracuse University, which operates and manages its own laundry facilities, serving 7,600 resident students.
The LaundryView system enables students to monitor the status of the washers and dryers in their campus laundry rooms from any device that has a web browser. LaundryView provides students with real-time information about the availability of machines and alerts them through their cell phones or computers to any change in status or completion of a laundry cycle. Since its introduction in late 2003, LaundryView continues to generate increasing interest among colleges and universities and is now installed in approximately 10% of Mac-Gray’s academic accounts. Syracuse University is the first school managing its own laundry facilities to install the web- based monitoring system.
“We are pleased with Syracuse University’s decision to install LaundryView throughout its campus,” said Bob Tuttle, Chief Technology Officer. “It exemplifies their commitment to offering their students the highest level of campus amenities. This licensing agreement is also significant because Syracuse manages its own facilities and the installation will demonstrate to other schools that do not outsource their laundry equipment program that this technology is available to their students through a similar arrangement. The installation at Syracuse further validates the technology and contributes to the momentum that we believe is quickly establishing our LaundryView brand as the standard for online access to laundry rooms on college campuses, from coast to coast.”
“LaundryView is changing the way that students do laundry,” said David Kohr, Director of Housing for Syracuse University. “Students here at Syracuse are now able to monitor their washing cycles through their personal computer, cell phones or PDAs. This makes for better use of their time, improves their campus experience and keeps our laundry facilities less congested. The LaundryView system has received an enthusiastic response from our student population and we are impressed with the initial results.”
At Syracuse University, LaundryView was installed campus wide for the start of the September semester in 17 laundry rooms located throughout Syracuse’s student centers and residence halls. “Syracuse University has the single largest laundry room where the LaundryView system is currently installed,” said Taylor Doggett, Mac-Gray’s Director of Field Technology. “In the Goldstein Student Center, LaundryView is connected to 80 machines in a single laundry room, which is located next to a computer lab. It’s extremely convenient as students can be working at one of the computers and get an email notification when their laundry is done.” Comprised of approximately 430 washer and dryers, this represents one of Mac-Gray’s larger LaundryView installations.
About Mac-Gray Corporation
Founded in 1927, Mac-Gray derives its revenue principally through the contracting of debit-card- and coin-operated laundry facilities in multi-unit housing facilities such as apartment buildings, college and university residence halls, condominiums and public housing complexes. Mac-Gray contracts its laundry rooms under long-term leases. These leases typically grant Mac-Gray exclusive contract rights to laundry rooms on the lessor’s premises for a fixed term, which is generally seven to 10 years, in exchange for a negotiated portion of the revenue collected. Mac-Gray manages approximately 63,000 laundry rooms located in 40 states and the District of Columbia.
Mac-Gray also sells, services and leases commercial laundry equipment to commercial laundromats and institutions through its product sales division. This division also includes Mac-Gray’s MicroFridge business, where Mac-Gray sells its proprietary MicroFridge line of products, which are combination refrigerators/freezers/microwave ovens utilizing patented Safe Plug circuitry. The products are marketed throughout the United States to colleges, the federal government for military housing, hotels and motels, and assisted living facilities. MicroFridge also has entered into agreements with Maytag Corporation to market Maytag’s Magic Chef, Amana and Maytag lines of home appliances under its MaytagDirect program throughout the United States. MicroFridge and Maytag products bear the ENERGY STAR designation. To learn more about Mac-Gray, visit the Company’s website at www.macgray.com.
