Using the Cloud for Identity Protection

Using the Cloud for Identity Protection

Providing the means to open doors and access IT systems

The way ID cards are used in the enterprise and on college and university campuses has changed dramatically in recent years. Once a simple identification tool, corporate ID badges now provide the means to open doors and access IT systems, networks and data, and campus IDs are used to purchase meals, check out library books, enter dorm rooms and more.

The way cards were issued had not changed much for two decades, using one or more PCs that were each connected to a nearby printer. Now, enterprises and universities are making a shift to cloud-based solutions that enable a remote card issuance experience, transform ID card printers into edge devices within the Internet of Trusted Things (IoTT), and redefine the economics of card issuance by ushering in new service-based models.

Improved User Experience

Traditionally, ID cards were designed and printed from a PC that was connected to a nearby printer. Someone had to be physically present at the PC to design the card, use the student ID database to encode data on the card, and send the card to a printer.

Some suppliers added a piece of locally installed software that enabled web-based design and, in some cases, a certain level of encoding work. In contrast, today's true cloud-based platforms bring all the elements required for secure issuance into a centralized and integrated system that enables the entire process to be managed and executed remotely, from design and encoding to printing.

An administrator in a card office or any satellite facility or other remote location, for instance, can seamlessly create new cards, encode data on them, issue replacements and manage print queues. This can all be accomplished through one trusted system using a tablet, laptop or any device with a web interface.

This cloud-based model improves the user experience by enabling instant issuance at many different locations, rather than requiring a visit to the main card office in order to pick up an ID. Card printers can be installed anywhere, including remote offices and satellite campuses, and cards can be sent to any of these printers. Printers essentially become smart, secure, web-enabled edge devices in the IoTT that can leverage all of the platform's functionality.

Security and privacy protection are both improved with the cloud-based model. There is end-to-end encryption of all sensitive data both in transit and at rest, using banking-level encryption protocols. The use of digital certificates creates a trusted relationship between the cloud and the issuance console, and card data remains encrypted until it is printed, after which all personally identifiable information (PII) disappears.

All encryption keys are securely stored in tamper-proof hardware, and unique firmware ensures the printers cannot be hijacked, but will only work with the cloud-based issuance system software. The issuance console can also be used with a card reader so that print jobs are not released until an authorized card or credential has been physically presented for validation.

In addition to transforming security, privacy protection and the user experience, this cloud-based model also improves the administrator experience by simplifying high-volume card issuance management and delivery, while increasing control and security. It is no longer necessary to manage software and other IT resources typically required for card issuance.

Since there is no longer the need for printers to be locally connected to printers, the administrator is also saved the task of maintaining associated software updates and security patches across local computers connected to printers. Not only does this approach eliminate the problem of using legacy systems that limit the ability for IT or security personnel to track system activity, it also eliminates any capital expenditure requirements for deploying printers as part of a world-class card issuance implementation. Instead, this cloud-based model introduces new economics for card operations, providing the option for resources to be leased and their costs bundled into a cloud-based offering.

New Economics of Cloud-based Card Issuance

With a cloud-based platform, the entire ID card issuance process can be delivered through a service model billed on an annual or monthly-installment basis – hardware, software and service all in one offering. This approach cuts multiple layers of program costs while making it easier for administrators to scale the card office to accommodate future technology capabilities or changing volume demands. For instance, during periods of peak demand, large batches of cards can be produced and dispatched by commercial printing bureaus.

Cost savings can be substantial. This savings can include the typical annual cost for card stock, laminates and ribbons as well as the expense of service, maintenance and hardware and software updates. Not included are the costs of staff time required for issuance or reordering supplies, or IT resources to support the operation, or periodic replacement of obsolete equipment.

A service model enables administrators to convert their budget for ID card issuance into an operational expense that could amount to a service fee covering all ribbons, pre-printed cards and mag stripe encoding. This approach diminishes the previous unpredictable ancillary costs associated with owning and managing hardware and software by eliminating costs related to maintaining hardware, inventory, labor, and potentially the capital expenditure related to purchasing printers.

The cloud-based service model can include auto-replacement of cards and other consumables when needed, and delivers all the benefits associated with centralized control and visibility along with distributed or batch printing. Cloud-based solutions are aware of printer health and maintenance needs, as well as all activity down to the printer level, including the status of consumables. A service provider can, for instance, predict when a printer will run out of consumables, and drop-ship replacements to the customer when they need them.

Equally important, administrators who adopt a cloud-based model for their card office know that their operations will be compatible with today's and tomorrow's credential technology, including mobile IDs that enable users to carry ID cards on their smartphones. Solutions are generally also compatible with leading card systems.

An example is HID Global's HID FARGO Connect secure cloud-enabled card issuance system, which is compatible with systems including the CBORD solution for higher education and HID SAFE Enterprise software for managing identities and their access across physical access systems.

While the technology used by card production offices had largely remained static, the technology available to most other operations in the enterprise and a university campus has advanced considerably, improving how employees were onboarded and making it easier for university students to seamlessly register for classes online, pay fees and be ready for classes on the first day without waiting in physical lines.

The crucial task of printing and issuing student IDs has caught up with these advances, taking the inefficiency and inconvenience out of corporate ID badging while removing the fall crunch time for university card office administrators. Cloud-based card issuance solutions are giving back both time and money while re-envisioning the way card offices operate.

This article originally appeared in the April 2020 issue of Security Today.


  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

  • ISC West Announces Keynote Lineup

    ISC West, in collaboration with premier sponsor the Security Industry Association (SIA), announced this year’s dynamic trio of speakers that will headline the Keynote Series at ISC West 2024. Read Now

    • Industry Events
  • Government is Top Targeted Industry for DDoS Attacks in Q4 2023

    The government sector experienced a surge of DDoS attacks in Q4 according to Lumen Technologies (NYSE: LUMN), a global leader in integrated network and cybersecurity solutions. The Lumen Quarterly DDoS & Application Threat Report for Q4 2023 analyzes data from its DDoS mitigation platform and application protection partner, ThreatX, to provide an overview of the DDoS and application-layer attacks that targeted organizations in the last quarter of 2023. Read Now

Featured Cybersecurity


New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3