With a future-safe PACS infrastructure, administrators can stay ahead of security threats without worrying about a rip-and-replace hardware upgrade

How to block school security threats now–and in the future

With a future-safe PACS infrastructure, administrators can stay ahead of security threats without worrying about a rip-and-replace hardware upgrade

Readers need to support the widest possible range of credential technologies, plus Near Field Communications (NFC) and Bluetooth Low Energy (BLE) to enable the use of mobile credentials. It is important to evaluate a reader’s range, mobile performance, and administration capabilities, and ensure it supports the Open Supervised Device Protocol (OSDP) so technicians with iOS and Android devices can reconfigure and update them in the field. OSDP also enables technologies to be added and turned on and off without visiting each reader.

All readers are connected to PACS panels that make all decisions about whether to unlock a door for someone presenting their credential. They communicate with access control software to monitor events, allow cardholders to be added and removed, make changes to access rights, and store and provide event audit trails, among other tasks. These panels should be based on an open platform and support OSDP for remote reader management.

Together, these future-safe PACS building blocks enable security administrators to choose whatever access control software works best for current and future needs. They can upgrade their PACS as required, including moving to a trusted ecosystem of cloud-connected access control devices, applications and mobile identities.

Adding Security and Functionality

During the pandemic, campuses with a future-safe PACS infrastructure demonstrated how important it is to quickly add capabilities that improve resilience and adaptability. Two examples are Bay State College, which implemented location-based physical-distancing and contact-tracing solutions to identify and mitigate COVID-19 outbreaks, and Vanderbilt University, where mobile IDs for “touchless” access control eliminated badge and ID card issuance touchpoints and contact with cards, readers or keypads.

More recently, Vanderbilt leveraged HID Mobile Access® to deploy campus IDs on iPhone and Apple Watch through Apple Wallet. Firmware on the university’s PACS readers was upgraded using HID Reader Manager to extend support for NFC-based credentials in Apple Wallet. The university uses the HID Origo™ Mobile Identities API integrated with CS Gold®, a higher education transaction system from CBORD, for credential lifecycle management.

These and other advanced capabilities such as location-based emergency mustering are not just for higher education. K-12 students became much more digitally savvy during a year of remote learning and may now be ready to embrace college ID experiences that have gone beyond security and convenience to become a digital lifestyle. Enabling high schoolers to use these IDs to check out books or pay for meals has the potential to not only improve security but also better prepare them for a safer college experience. Even with the university security infrastructure to protect them, co-eds are only safe if they want to be. Teaching them to embrace security protocols in high school, in an environment whose PACS infrastructure is much like what they will experience in college, will pay off in the future.

In the meantime, basic K-12 security hardening can also include adding elements like intrusion detection, video intercoms, and authenticating visitors outside the vestibule. Many districts are integrating metal detectors, gunshot detection and license plate recognition at the parking entrance (see Fig. 1). Location-based technology such as that used for university contact tracing is also being evaluated by schools that, for instance, seek to comply Florida’s panic-button mandate – it only works if law enforcement and first responders know where people are when they push the button.

Figure 1: The building blocks and expansion capabilities of a successful K-12 PACS.

Ensuring a smooth migration to a future-safe PACS generally requires working with a security integrator that understands how to leverage readers that are backward-compatible with older card technologies. This ensures old hardware can be replaced over time prior to a campus-wide cut-over to the latest secure high-frequency cards at the beginning of a new school year.

In addition to PACS readers, security administrators may also need to integrate other types of readers into their future-safe platform, such as those used in Point of Sale (POS) applications, at the library or vending machine, and in the recreation center. They also will likely continue to need secure issuance functionality, even if they also adopt mobile IDs. Cloud-based issuance platforms enable remote management of all card design, encoding to printing.  An administrator in a card office or any remote location can seamlessly create and encode new cards, issue replacements, and manage print queues through one trusted system using a tablet, laptop, or any device with a web interface.  Users can pick up their cards at many different locations rather than the main card office.   

A Journey – Not a Destination

Optimizing security is a journey toward a destination that can never be reached in today’s ever-changing threat environment. With a future-safe PACS infrastructure, administrators can stay ahead of these threats without worrying about a rip-and-replace hardware upgrade. All improvements can be implemented incrementally when budget permits. K12 administrators can focus on replacing decades-old security technologies with a future-safe PACS foundation to which they can add capabilities over time. University administrators can unify what is so often a hodge-podge of security systems so that, as they continue to strengthen security while improving the campus experience, they have centralized management and an end-to-end chain of trust.

Want to share a great resource? Let us know at submissions@eschoolmedia.com.