Using the Cloud for Identity Protection
Providing the means to open doors and access IT systems
- By Robin Tandon
- Apr 09, 2020
The way ID cards are used in the enterprise and on college
and university campuses has changed dramatically in recent
years. Once a simple identification tool, corporate
ID badges now provide the means to open doors and access
IT systems, networks and data, and campus IDs are used to purchase
meals, check out library books, enter dorm rooms and more.
The way cards were issued had not changed much for two
decades, using one or more PCs that were each connected to a
nearby printer. Now, enterprises and universities are making a
shift to cloud-based solutions that enable a remote card issuance
experience, transform ID card printers into edge devices within
the Internet of Trusted Things (IoTT), and redefine the economics
of card issuance by ushering in new service-based models.
Improved User Experience
Traditionally, ID cards were designed and printed from a PC that
was connected to a nearby printer. Someone had to be physically
present at the PC to design the card, use the student ID database
to encode data on the card, and send the card to a printer.
Some suppliers added a piece of locally installed software that
enabled web-based design and, in some cases, a certain level of encoding
work. In contrast, today's true cloud-based platforms bring
all the elements required for secure issuance into a centralized and
integrated system that enables the entire process to be managed
and executed remotely, from design and encoding to printing.
An administrator in a card office or any satellite facility or
other remote location, for instance, can seamlessly create new
cards, encode data on them, issue replacements and manage print
queues. This can all be accomplished through one trusted system
using a tablet, laptop or any device with a web interface.
This cloud-based model improves the user experience by enabling
instant issuance at many different locations, rather than requiring a
visit to the main card office in order to pick up an ID. Card printers
can be installed anywhere, including remote offices and satellite
campuses, and cards can be sent to any of these printers. Printers
essentially become smart, secure, web-enabled edge devices in the
IoTT that can leverage all of the platform's functionality.
Security and privacy protection are both improved with the cloud-based model. There is end-to-end encryption of all sensitive
data both in transit and at rest, using banking-level encryption
protocols. The use of digital certificates creates a trusted relationship
between the cloud and the issuance console, and card
data remains encrypted until it is printed, after which all personally
identifiable information (PII) disappears.
All encryption keys are securely stored in tamper-proof
hardware, and unique firmware ensures the printers cannot be
hijacked, but will only work with the cloud-based issuance system
software. The issuance console can also be used with a card
reader so that print jobs are not released until an authorized card
or credential has been physically presented for validation.
In addition to transforming security, privacy protection and
the user experience, this cloud-based model also improves the administrator
experience by simplifying high-volume card issuance
management and delivery, while increasing control and security.
It is no longer necessary to manage software and other IT resources
typically required for card issuance.
Since there is no longer the need for printers to be locally
connected to printers, the administrator is also saved the task
of maintaining associated software updates and security patches
across local computers connected to printers. Not only does this
approach eliminate the problem of using legacy systems that
limit the ability for IT or security personnel to track system activity,
it also eliminates any capital expenditure requirements for
deploying printers as part of a world-class card issuance implementation.
Instead, this cloud-based model introduces new economics
for card operations, providing the option for resources
to be leased and their costs bundled into a cloud-based offering.
New Economics of Cloud-based
Card Issuance
With a cloud-based platform, the entire ID card issuance process
can be delivered through a service model billed on an annual or
monthly-installment basis – hardware, software and service all
in one offering. This approach cuts multiple layers of program
costs while making it easier for administrators to scale the card
office to accommodate future technology capabilities or changing
volume demands. For instance, during periods of peak demand,
large batches of cards can be produced and dispatched by commercial
printing bureaus.
Cost savings can be substantial. This savings can include the
typical annual cost for card stock, laminates and ribbons as well
as the expense of service, maintenance and hardware and software
updates. Not included are the costs of staff time required
for issuance or reordering supplies, or IT resources to support the
operation, or periodic replacement of obsolete equipment.
A service model enables administrators to convert their budget
for ID card issuance into an operational expense that could
amount to a service fee covering all ribbons, pre-printed cards
and mag stripe encoding. This approach diminishes the previous
unpredictable ancillary costs associated with owning and managing hardware and software by eliminating costs related to maintaining
hardware, inventory, labor, and potentially the capital expenditure
related to purchasing printers.
The cloud-based service model can include auto-replacement
of cards and other consumables when needed, and delivers all
the benefits associated with centralized control and visibility
along with distributed or batch printing. Cloud-based solutions
are aware of printer health and maintenance needs, as well as all
activity down to the printer level, including the status of consumables. A service provider can, for instance, predict when a printer
will run out of consumables, and drop-ship replacements to the
customer when they need them.
Equally important, administrators who adopt a cloud-based
model for their card office know that their operations will be
compatible with today's and tomorrow's credential technology,
including mobile IDs that enable users to carry ID cards on their
smartphones. Solutions are generally also compatible with leading
card systems.
An example is HID Global's HID FARGO Connect secure
cloud-enabled card issuance system, which is compatible with
systems including the CBORD solution for higher education and
HID SAFE Enterprise software for managing identities and their
access across physical access systems.
While the technology used by card production offices had
largely remained static, the technology available to most other
operations in the enterprise and a university campus has advanced
considerably, improving how employees were onboarded
and making it easier for university students to seamlessly register
for classes online, pay fees and be ready for classes on the first day
without waiting in physical lines.
The crucial task of printing and issuing student IDs has caught
up with these advances, taking the inefficiency and inconvenience
out of corporate ID badging while removing the fall crunch
time for university card office administrators.
Cloud-based card issuance solutions are giving
back both time and money while re-envisioning
the way card offices operate.
This article originally appeared in the April 2020 issue of Security Today.