Using the Cloud for Identity Protection

Using the Cloud for Identity Protection

Providing the means to open doors and access IT systems

The way ID cards are used in the enterprise and on college and university campuses has changed dramatically in recent years. Once a simple identification tool, corporate ID badges now provide the means to open doors and access IT systems, networks and data, and campus IDs are used to purchase meals, check out library books, enter dorm rooms and more.

The way cards were issued had not changed much for two decades, using one or more PCs that were each connected to a nearby printer. Now, enterprises and universities are making a shift to cloud-based solutions that enable a remote card issuance experience, transform ID card printers into edge devices within the Internet of Trusted Things (IoTT), and redefine the economics of card issuance by ushering in new service-based models.

Improved User Experience

Traditionally, ID cards were designed and printed from a PC that was connected to a nearby printer. Someone had to be physically present at the PC to design the card, use the student ID database to encode data on the card, and send the card to a printer.

Some suppliers added a piece of locally installed software that enabled web-based design and, in some cases, a certain level of encoding work. In contrast, today's true cloud-based platforms bring all the elements required for secure issuance into a centralized and integrated system that enables the entire process to be managed and executed remotely, from design and encoding to printing.

An administrator in a card office or any satellite facility or other remote location, for instance, can seamlessly create new cards, encode data on them, issue replacements and manage print queues. This can all be accomplished through one trusted system using a tablet, laptop or any device with a web interface.

This cloud-based model improves the user experience by enabling instant issuance at many different locations, rather than requiring a visit to the main card office in order to pick up an ID. Card printers can be installed anywhere, including remote offices and satellite campuses, and cards can be sent to any of these printers. Printers essentially become smart, secure, web-enabled edge devices in the IoTT that can leverage all of the platform's functionality.

Security and privacy protection are both improved with the cloud-based model. There is end-to-end encryption of all sensitive data both in transit and at rest, using banking-level encryption protocols. The use of digital certificates creates a trusted relationship between the cloud and the issuance console, and card data remains encrypted until it is printed, after which all personally identifiable information (PII) disappears.

All encryption keys are securely stored in tamper-proof hardware, and unique firmware ensures the printers cannot be hijacked, but will only work with the cloud-based issuance system software. The issuance console can also be used with a card reader so that print jobs are not released until an authorized card or credential has been physically presented for validation.

In addition to transforming security, privacy protection and the user experience, this cloud-based model also improves the administrator experience by simplifying high-volume card issuance management and delivery, while increasing control and security. It is no longer necessary to manage software and other IT resources typically required for card issuance.

Since there is no longer the need for printers to be locally connected to printers, the administrator is also saved the task of maintaining associated software updates and security patches across local computers connected to printers. Not only does this approach eliminate the problem of using legacy systems that limit the ability for IT or security personnel to track system activity, it also eliminates any capital expenditure requirements for deploying printers as part of a world-class card issuance implementation. Instead, this cloud-based model introduces new economics for card operations, providing the option for resources to be leased and their costs bundled into a cloud-based offering.

New Economics of Cloud-based Card Issuance

With a cloud-based platform, the entire ID card issuance process can be delivered through a service model billed on an annual or monthly-installment basis – hardware, software and service all in one offering. This approach cuts multiple layers of program costs while making it easier for administrators to scale the card office to accommodate future technology capabilities or changing volume demands. For instance, during periods of peak demand, large batches of cards can be produced and dispatched by commercial printing bureaus.

Cost savings can be substantial. This savings can include the typical annual cost for card stock, laminates and ribbons as well as the expense of service, maintenance and hardware and software updates. Not included are the costs of staff time required for issuance or reordering supplies, or IT resources to support the operation, or periodic replacement of obsolete equipment.

A service model enables administrators to convert their budget for ID card issuance into an operational expense that could amount to a service fee covering all ribbons, pre-printed cards and mag stripe encoding. This approach diminishes the previous unpredictable ancillary costs associated with owning and managing hardware and software by eliminating costs related to maintaining hardware, inventory, labor, and potentially the capital expenditure related to purchasing printers.

The cloud-based service model can include auto-replacement of cards and other consumables when needed, and delivers all the benefits associated with centralized control and visibility along with distributed or batch printing. Cloud-based solutions are aware of printer health and maintenance needs, as well as all activity down to the printer level, including the status of consumables. A service provider can, for instance, predict when a printer will run out of consumables, and drop-ship replacements to the customer when they need them.

Equally important, administrators who adopt a cloud-based model for their card office know that their operations will be compatible with today's and tomorrow's credential technology, including mobile IDs that enable users to carry ID cards on their smartphones. Solutions are generally also compatible with leading card systems.

An example is HID Global's HID FARGO Connect secure cloud-enabled card issuance system, which is compatible with systems including the CBORD solution for higher education and HID SAFE Enterprise software for managing identities and their access across physical access systems.

While the technology used by card production offices had largely remained static, the technology available to most other operations in the enterprise and a university campus has advanced considerably, improving how employees were onboarded and making it easier for university students to seamlessly register for classes online, pay fees and be ready for classes on the first day without waiting in physical lines.

The crucial task of printing and issuing student IDs has caught up with these advances, taking the inefficiency and inconvenience out of corporate ID badging while removing the fall crunch time for university card office administrators. Cloud-based card issuance solutions are giving back both time and money while re-envisioning the way card offices operate.

This article originally appeared in the April 2020 issue of Security Today.

Featured

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.