Using the Cloud for Identity Protection

Using the Cloud for Identity Protection

Providing the means to open doors and access IT systems

The way ID cards are used in the enterprise and on college and university campuses has changed dramatically in recent years. Once a simple identification tool, corporate ID badges now provide the means to open doors and access IT systems, networks and data, and campus IDs are used to purchase meals, check out library books, enter dorm rooms and more.

The way cards were issued had not changed much for two decades, using one or more PCs that were each connected to a nearby printer. Now, enterprises and universities are making a shift to cloud-based solutions that enable a remote card issuance experience, transform ID card printers into edge devices within the Internet of Trusted Things (IoTT), and redefine the economics of card issuance by ushering in new service-based models.

Improved User Experience

Traditionally, ID cards were designed and printed from a PC that was connected to a nearby printer. Someone had to be physically present at the PC to design the card, use the student ID database to encode data on the card, and send the card to a printer.

Some suppliers added a piece of locally installed software that enabled web-based design and, in some cases, a certain level of encoding work. In contrast, today's true cloud-based platforms bring all the elements required for secure issuance into a centralized and integrated system that enables the entire process to be managed and executed remotely, from design and encoding to printing.

An administrator in a card office or any satellite facility or other remote location, for instance, can seamlessly create new cards, encode data on them, issue replacements and manage print queues. This can all be accomplished through one trusted system using a tablet, laptop or any device with a web interface.

This cloud-based model improves the user experience by enabling instant issuance at many different locations, rather than requiring a visit to the main card office in order to pick up an ID. Card printers can be installed anywhere, including remote offices and satellite campuses, and cards can be sent to any of these printers. Printers essentially become smart, secure, web-enabled edge devices in the IoTT that can leverage all of the platform's functionality.

Security and privacy protection are both improved with the cloud-based model. There is end-to-end encryption of all sensitive data both in transit and at rest, using banking-level encryption protocols. The use of digital certificates creates a trusted relationship between the cloud and the issuance console, and card data remains encrypted until it is printed, after which all personally identifiable information (PII) disappears.

All encryption keys are securely stored in tamper-proof hardware, and unique firmware ensures the printers cannot be hijacked, but will only work with the cloud-based issuance system software. The issuance console can also be used with a card reader so that print jobs are not released until an authorized card or credential has been physically presented for validation.

In addition to transforming security, privacy protection and the user experience, this cloud-based model also improves the administrator experience by simplifying high-volume card issuance management and delivery, while increasing control and security. It is no longer necessary to manage software and other IT resources typically required for card issuance.

Since there is no longer the need for printers to be locally connected to printers, the administrator is also saved the task of maintaining associated software updates and security patches across local computers connected to printers. Not only does this approach eliminate the problem of using legacy systems that limit the ability for IT or security personnel to track system activity, it also eliminates any capital expenditure requirements for deploying printers as part of a world-class card issuance implementation. Instead, this cloud-based model introduces new economics for card operations, providing the option for resources to be leased and their costs bundled into a cloud-based offering.

New Economics of Cloud-based Card Issuance

With a cloud-based platform, the entire ID card issuance process can be delivered through a service model billed on an annual or monthly-installment basis – hardware, software and service all in one offering. This approach cuts multiple layers of program costs while making it easier for administrators to scale the card office to accommodate future technology capabilities or changing volume demands. For instance, during periods of peak demand, large batches of cards can be produced and dispatched by commercial printing bureaus.

Cost savings can be substantial. This savings can include the typical annual cost for card stock, laminates and ribbons as well as the expense of service, maintenance and hardware and software updates. Not included are the costs of staff time required for issuance or reordering supplies, or IT resources to support the operation, or periodic replacement of obsolete equipment.

A service model enables administrators to convert their budget for ID card issuance into an operational expense that could amount to a service fee covering all ribbons, pre-printed cards and mag stripe encoding. This approach diminishes the previous unpredictable ancillary costs associated with owning and managing hardware and software by eliminating costs related to maintaining hardware, inventory, labor, and potentially the capital expenditure related to purchasing printers.

The cloud-based service model can include auto-replacement of cards and other consumables when needed, and delivers all the benefits associated with centralized control and visibility along with distributed or batch printing. Cloud-based solutions are aware of printer health and maintenance needs, as well as all activity down to the printer level, including the status of consumables. A service provider can, for instance, predict when a printer will run out of consumables, and drop-ship replacements to the customer when they need them.

Equally important, administrators who adopt a cloud-based model for their card office know that their operations will be compatible with today's and tomorrow's credential technology, including mobile IDs that enable users to carry ID cards on their smartphones. Solutions are generally also compatible with leading card systems.

An example is HID Global's HID FARGO Connect secure cloud-enabled card issuance system, which is compatible with systems including the CBORD solution for higher education and HID SAFE Enterprise software for managing identities and their access across physical access systems.

While the technology used by card production offices had largely remained static, the technology available to most other operations in the enterprise and a university campus has advanced considerably, improving how employees were onboarded and making it easier for university students to seamlessly register for classes online, pay fees and be ready for classes on the first day without waiting in physical lines.

The crucial task of printing and issuing student IDs has caught up with these advances, taking the inefficiency and inconvenience out of corporate ID badging while removing the fall crunch time for university card office administrators. Cloud-based card issuance solutions are giving back both time and money while re-envisioning the way card offices operate.

This article originally appeared in the April 2020 issue of Security Today.

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.