HID logo and microphone

HID Connects Podcast Episode 8: Security in Higher Education … Pass or Fail?

Three experts from HID’s Higher Education team join Matt in the studio for the season one finale of the HID Connects Podcast! The higher education space is a complex environment, with a lot going on. Campuses of all sizes have different needs and stakeholders, and with security technology constantly evolving, the answer isn’t always obvious. Join the team as they discuss the security landscape in higher education, and how everyone can strive for an A+.

 

Matt Winn:
Hello everyone. Good morning. Good afternoon. Good evening. Wherever in the world you are and whatever time it may be, my name is Matt Winn, your secure identities nerd, and welcome to the season finale of the HID Connects podcast. Now, if you've been joining us for the last two episodes, I've been pretty sad here in the studio because I've been all by myself.

But, we are changing things up and in the spirit of our season finale, I am joined by three of my favorite people at HID, our higher education experts who we’ll have introduce themselves in just a second. So, if you are listening in, please continue to do so. But if you have the chance, check us out on YouTube as well, because with all of us here in the studio, it will make for a good visual experience for you.

So as I mentioned, I have higher ed experts in the room with me and I am looking forward to picking their brains on the topic of security in higher education… pass or fail? So in the spirit of us being all together, I'll have my guests introduce themselves and I will start with an HID OG, Brett St. Pierre, thanks for joining us — tell us about yourself.

Brett St. Pierre:
Yeah, thanks, Matt. Really appreciate it. I've been fortunate to celebrate my 25th year anniversary last month. And, you know, it's been pretty cool to see HID grow from just a card reader manufacturer. But what excites me even more is how focused we are on end users and understanding their business. So I’m happy to be here, and thanks for the invite.

Matt:
Amazing. And congrats on the 25 years. And just a quick special shout out to Brett. So, I've been at HID for a little over seven and a half now and Brett was absolutely instrumental in teaching me about the industry, what our end users want, all about our technology. So it's super special. Thank you for that. I would not be sitting here today without you, so thank you so much.

Brett:
Love what I do.

Matt:
Awesome. All right. Next up, Dave, tell us about yourself. Welcome.

David O’Driscoll:
Yeah, thanks. I thought I was an OG, but I'm only 23 years with the crew here, so Brett's got me beat by a while. I'm the token Canadian on the panel here today, so I'm based out of Ottawa, Ontario, Canada, and currently I'm a senior director of Strategic Initiatives for Security Assurance, which is really focusing on the software and the printing of the credentials that we provide. And Brett is also near and dear to me because him and I have collaborated for many, many years. And I think that's one of the things that allows our group to be special and provide the solutions that we do to our end users because we do collaborate and we do want to understand the nuances of each other's business. So really happy to be here and excited to do this.

Matt:
Amazing Dave, and 23 is no small feat, so congratulations on that too, and we'll get you to 25 here. You get, like a watch or something? Not so much? Not yet. We'll put one in the mail now. All right. And rounding out our dream team of higher ed experts, Tim, introduce yourself. Tell us about yourself. Thanks for joining.

Tim:
Thanks for having me, Matt. Really excited to be here. I have not been at HID as long as the OGs over here, but I have actually worked with them in this industry now for the last eighteen years. So, you know, we've done a lot of work together. I look after the higher education under our physical access control.

I love talking to our customers, figuring out what to do, where they're where they're trying to go. And, you know, we do a lot of collaboration between our teams and just really excited to be here and talk through it.

Matt:
Excellent. Well, thank you all for joining me in the studio. Thanks for joining for the season finale. And on that, let's get started. So as we discussed, the burning question for today is security in higher education… pass or fail? But before we kind of get into the nitty gritty, I want to set up the landscape for those who may not be in the higher ed vertical or in that industry or in that space.

It's a complex environment. There is a lot going on. I mean, campuses of all sizes have different needs and stakeholders. But Brett, let's start with you. Tell me a little bit more. Set the setting here. Like what are the access points, who's involved, what are their needs? Explain the lay of the land for our listeners, please.

Brett:
Yeah, higher education’s evolved quite a bit over the years and you know, there's no cookie cutter approach. You have the large Arizona State Universities and then you have the smaller schools like St. John's and what have you. So the needs are a little bit different, but conceptually they're a city — they house, they support, they feed the students that go there to learn.

And security is very, very important because these kids are growing up in the bad experiences that they've seen and felt within the K-12 space. So security is very, very important to them. Security is one of the larger trends that we're seeing more today. And then also convenience. So these universities cater to the students to make sure that they have a great experience on campus.

So when you think of higher ed, you got to think of those two aspects of, you know, how we fit within the mix and how the customers (being the students) are taken care of. So our approach is not only to the university, but it's catering to the student needs as well.

Matt:
Very good. And Dave, same question to you, and I know that your expertise lies very closely with card printing, card personalization. Tell me about that, the larger landscape, but also tell me about the card printing office, because that's an entity in above itself, right?

David:
Yeah, 100%. Right. And you know, Brett mentioned experience, but we've seen a lot over the last few years. The higher ed school industry is very competitive. And so they want to make sure that they're providing best-in-class and the best experience they can to their students. Specific to the card management side of things and the issuance, it has peaks and valleys, right?

You have orientation. You need to issue a bunch of credentials in a very short amount of time as efficiently as possible and ensuring that those students are queuing up, that they can have access to all the places that they need to have access to immediately. And so their slight nuances, how can they be really efficient? How can we ensure that we are providing the proper credential, proper printing metrics, as quick as possible?

And so what we see is, I'm looking to be more cloud based, more flexible, being able to go to the students a little bit more and maybe have students capture photos remotely. So that dynamic has changed quite a bit over the last couple of years. And I think maybe as we go through here, we’ll delve into that a little bit differently. But they are hyper focused at certain points of time and they need to ensure that they have that flexibility and trust in what they're going to issue and how quickly they're going to get to issue it.

Matt:
Absolutely. Very nice. You said orientation, little known fact: when I was 19, I was an orientation advisor at the University of Texas, shuttling kids to get their ID printed at the card office. So near and dear to my heart indeed.

David:
Shuttling, having to go shuttle to go get it.

Matt:
It was an adventure, to say the least.

Brett:
I don't need that anymore.

Matt:
Tim, good segue. So what's your take on this? Let's set the stage for everybody. What's the setting? Who are the stakeholders? What are the use cases? What's your perspective on this?

Tim:
Yeah, the big thing with universities, I'll go back to what Bret said around cities, is they've kind of, they just expand and have done their own things. Buildings go up, they use their own systems. They've always been traditionally siloed for a majority of campuses. So you know, everybody's attending their own conferences, everybody's putting in systems that, you know, work for them, work for their particular business area.

You'll have physical access control, public safety, HR, IT. Housing now is is a big stakeholder. All these different business areas are doing different things in this world. And when we focus and laser in on the actual credential and physical security, it is not as easy as everyone would like it to be. There are, you know, decisions being made at one particular department that affect another department.

And they're not talking to each other or they don't even realize that it's affecting them as they think about credentials. They think about trying to modernize and transform a campus, whether it's card printing, whether it's looking at mobile credentials, whether it's actual physical plastic getting in and out of buildings in a secure location. What are they doing? Why are they doing it? And do they realize the type of technology that they're using in it? It really is what we spend all our time on is educating these folks. What does this piece of plastic do? How vulnerable is it or not, and how to make it better? How do we secure our buildings better? And then, how do we tie it all back to user convenience? How do we make it more streamlined?

Matt:
It sounds quite complex. And on that note, Dave, over to you. We have kind of gone through the different stakeholders — which there are a lot of — it's a city, there are different buildings and offices and stakeholders. More thematically, however, what are some of the key pain points that you see in higher ed as it relates to card printing, access control technology, security as a whole? What are some of those common threads that you see, and the key issues that these folks who are trying to make these decisions and support their audience and their stakeholders, what problems are they running into?

David:
There's a litany of issues that you can have. As these guys alluded to, it's kind of a little city, but I would say that it's sort of organized chaos in the card facility for these peaks and valleys. So you have to take into consideration that they have seasonal employees. A lot of times students are actually in there trying to run these printers, manage the software. They might not have had a lot of exposure to that. So how do we make it easy for them to be able to fix something — a card jam or ribbon that breaks — some of these things that a lot of times we might take for granted, these people have never seen before. How do we make sure that we're adjusting that?

How do we make sure that we're giving them the right information or that they're pulling the right information? We see a lot that the applications are siloed. So you might have your access control system, you might have a student information system, you might have an HR system. And now you're trying to put information into three of those things and hope that it's right and hope that it comes back together. And that single source of truth versus being able to have one main access point. So you'll see more and more sorry, my head is slipping here. We have the ability now or they have ability to have a single source where you can go and you can have that single pane. You don't have to go between multiple applications, and you can manage that throughout your entire campus and even remote campus.

So speaking of that, you see a lot of times you have one main area and certainly that's an easy spot to have a student go in, stop, have a good experience, get that credential. But we have many remote locations. How do we efficiently ensure that they get those credentials? In the past, it was going to have to print at one location costly shipping time and effort to get it, maybe a shuttle to be able to get someone their credential versus now with cloud, they have visibility, they can run these printers remotely from anywhere, from any device. Through COVID, of course, you looked at how were they managing with providing social distancing. You could now have facilities that are essentially empty and have a secure location where students can go in and almost on demand, get their credential, they can capture their photo remotely. So the entire ecosystem has evolved to help support and streamline the entire process while giving, again, that much better experience to the students.

So there's a variety of issues, whether it's from data, whether it's how quickly I can get the credential. If there's an issue with our printer, how are we addressing it? And the cloud-based systems are really allowing them to overcome that really efficiently. And most importantly, cost effectively. When we think of budgets, schools can be relatively tight, particularly card offices. A lot of times they have to run their own budget and try and create revenue on their own. So if we can help with that, that's a big win for them.

Matt:
Absolutely. So cost efficiency, user experience, sounds similar to other episodes we have filmed thus far, makes a lot of sense.

David:
And I'll just add this last part, really the size of the school doesn't matter. They face the exact same challenges in the card office or the remote card offices. So that theme is pretty consistent, whether you're, you know, a smaller school or a large full state school. That pain exists. And the nice thing is we'll talk to users to help address it.

Matt:
Yeah, not to mention I probably lost my ID card at least 14 times while I was in school. No problem. Brett, what's your take? What are some of the key issues and pain points that you're seeing from your perspective?

Brett:
Yeah, I mean the budgets and the silos I think are kind of the two major pain points with the universities because the card office is looking at identity and how is that identity used on campus. What's the user experience. Right. So they're trying to base a decision based on a card technology or a mobile access solution. When you look at residential, they're looking at student life and housing.

And security is different in student life because you're virtually protecting their home, right? On campus. And then you have the main group, which is facilities and law enforcement, which is the third pillar or main pillar, and they're focused on security of the facilities in the buildings. They want an open campus, but they want the ability to lock down. They want a secure sites, bio labs, you know, the high secure areas. So there's different layers of security. The three different pillars typically have a different view on what they want to do on campus and there are there is a trend where they are coming more together and basing their decisions long term and where they want to be in the future. Because at the end of the day, all three divisions want to give the best student experience possible. So those students will come back the following year, tell their friends, tuition increases. And, you know, it's a pleasant experience.

Matt:
And it sounds like it could be a hard needle to thread because you have different expectations and desired outcomes from different stakeholders, all with that student experience in mind. Not to mention you have parents at home who are worried about the safety of their kids. So lots of different stakeholders you have to keep happy, really.

Brett:
Yeah. They are able to go both in two different directions — convenience, security. So more security, less convenience — or convenience, a little bit less security. So as technology evolves, it does fill some of those gaps, some of the things that each idea is doing with identity positioning and what have you is is a big value to a university.

Matt:
Yeah, that balance is hard, Dave?

David:
I was just going to add, I mean, you bring up a good point and it's interesting the types of conversations and the stakeholders that are involved in these conversations now. IT is at almost every conversation that we have because it has to be tied back in. And so while they can still be siloed, I think we're seeing more and more that they're unified internally.

It used to be almost like a different fiefdom back and forth where they would fight. Now, with the convergence of digital, physical, we're starting to see a lot more that they're getting along or they’re understanding that they have to work with one another. So the dynamic has shifted a little bit that way too, which to both parties, I think, helps because they get a little bit better budget perhaps, and they get a better vision of what they want to do. And it helps us when we're having our conversations of saying, yeah, here's what's possible now, but here's what's coming in the future. And they can agree and they can have a different level of plan rather than coming at it with two different ways. So I see the market in that vertical changing for the better in that side of it as well.

Brett:
And one thing just add to the collaboration between SI and PACS and EAT, and it is pretty strong within higher education because you take a look at 100% use case for so many devices and touch points and badging and what have you. So when a higher education looks at HID, they look at it holistically, not just siloed, how we are within the business areas. So even with ASSA ABLOY as well. So it's a very collaborative market to fulfill the needs at the universities.

Matt:
And just to clarify, quick acronym check for those who are not within HID, those are different Secure Issuance, Physical Access Control, and our Extended Access Technologies divisions, who all work very hand-in-hand to provide that integrated experience. Tim, I want to make sure you have a chance to hop in on this. Any reflections on what was stated or of course, the question itself: what are some of the pain points that you see and some of the core issues that are driving stakeholders to stay up at night? What's your take?

Tim:
Yeah, piggybacking off what these guys said is, you know we refer to it in as like stakeholder meetings. Right. They're actually now forming their own committees. They're trying to understand each other in a sense and actually communicate. We've been in rooms before where people haven't even met, you know, on the physical access control side or the card office, you know, the one card office or housing. Right? They've communicated before, but they've never actually met in person or maybe it's been two or three years type of thing, and it's just opening the dialog. What are you trying to do for security and convenience on campus? And one of the biggest things right now I'm sure we're going to talk more on it is mobile credentials. You know, mobile is such a big focal point now.

People are like, well, what about cards? Are cards going away? Is it going to be all mobile? You know, how do we balance this? What should we do and how do we get there? So it's starting to bring more folks together, which is really good just to get people talking. But now it's understanding what the technology is, how you can put certain things in certain locations to support those goals. And, you know, just realizing what's in the best interests of your campus, trying to arm them with as much information as possible so they can make an informed decision to really transform the campus.

Matt:
Very nice. I want to come back to what you mentioned around buzzwords like convergence, mobile, because that's very now in future. But let's go back into the time machine. We unearth the time capsule. I'm going to start with our OG, Brett. I would like for you to quickly kind of walk us through how have you seen the security threat landscape evolve in higher ed over the years and how have you kind of seen technology adjust to that? Huge question, but what's your summary of that?

Brett:
Yeah, I mean, mag stripe probably has been the most prevalent technology 20 years ago, and it's sad that the majority today, it's probably a little over 50% mag stripe usage on campus. Proximity came and it was seen more of a key replacement in housing and that's kind of where that grew, where you didn't have to put all the locks on a table and thousands of locks and reissue keys to, you know, thousands of students.

So it was a pretty good ROI. And the investments were made in proximity technology. And then the next class came out and people started the migration process. So they saw the value in using a combination high frequency, low frequency technology platform and starting the migration slowly. And we still see that today from mag stripe to SEOS, from mag stripe class C, from mag stripe or prox to those two technologies as well.

And the infrastructure, when you talk about a university, they could have 5000 readers, in some cases 14,000 readers, and then that could be several thousand locks, hundreds of point-of -ale terminals that still use the mag stripe technology. So it's very, very difficult for a university to migrate to a smart card technology without housing, some sort of legacy in the reader where the card and what mobile is doing today is actually driving the funding — by student pressure or just competitiveness within universities, you know, or, you know, school next to us deployed mobile, so I want to do the same thing. So as long as there's investment from a leadership perspective, there is capital money to find to make that migration to mobile. There are a couple of universities that have a choice today of either a mobile phone or a prox card, but not many have gotten to that point yet and it's due to the infrastructure and the legacy technology that's worked for years.

Tim:
I like it.

Brett:
I still see readers sitting on walls 20 years that are HID Prox. I mean, they're, you know, they're tanks.

Tim:
And I like to make the analogies to bring it full circle when you think about physical access control and credentials from a high level and then you narrow it down to higher education. Specifically, you look at the way the world has changed from a digital transformation, just how everything has gotten better, and to what Brett said, everybody, people are still using mag stripe and prox credentials, right?

Are you, as an individual, still using Windows 95? Are you still using a cassette tape player? Are you still, you know, using a Discman? Are you still using a Gameboy like these type of things? The technology that folks are using now to secure buildings and interact with security are our stuff that was made 20, 30 years ago.

It's when you take a step back and look at it. It's like it's one of the only industries that really hasn't, you know, caught up with everything else. It works. The stuff works, right? Mag stripe works, you know, with your credit cards, you know, the prox works. It's been there for so long and that stuff has stayed on the doors.

But when you look at it, everything else has evolved — and the physical access control and the credential really hasn't. And all this stuff, all this infrastructure, all the legacy hardware that Brett just mentioned too has just built up over time. And now with the mobile conversation and trying to figure out how to do it on campus, you have to address all the stuff that's been in there for so long and it becomes challenging.

Brett:
Just one thing to add real quick, if I can, you got to take into consideration that these are 18, 19 year olds. Their first phone was a smartphone. And, you know, they've been able to use that in many different aspects. I mean, even on college campuses, a student can sit in their res hall and order lunch and have it delivered by robots.

I mean, the technology is evolving and these are the kids that are going to be moving into the corporate space and they're going to be driving a lot of technology there and advancements and making sure that the end user is focused on their customers and their customers needs and getting them to a point where they'll have a successful experience, whether it be university or employment.

Matt:
We're talking mobile. Dave, what's your take on this? And then I want to add the next question into the mix too, as this ecosystem is rapidly evolving, we're getting more and more digital. There's still a big demand for that physical credential. So your take on this conversation, but also that component, what's the balance going to look like?

David:
Yeah, so at first I think if we take a step back, it's not limited to the higher education space. We see a lot in the enterprise space. Health care, they still have mag, they still have proximity, going back to the whole convenience thing. So I think and maybe even one further back is what are the challenges, what is keeping people up at night is understanding how can we make this a seamless move, how can we move forward with technology? Maybe in some cases skip a few technologies and get to where we need to be, but legacy systems are there because they work, and if they're not following along, you're stuck. You're going to keep that legacy system. We see in a lot of cases, new facilities are acquired and they're using an old legacy system. Well, can we rip and replace that immediately or do we have to work?

In some cases, it's still maybe you're leasing and it's owned by a landlord. So there's a lot of cases where there might be a will to try and move forward, but the limitations are very real that are preventing people from making that. So I think in some cases we just have to be mindful of that too, and understand that people are going to move at their own time.

That said, we understand and we have to make it easy for people to make that transition and there are ways to do that. So if you look at I mean, I'm the cloud guy, so I guess I'll echo that moving to a cloud application that allows you to manage all of your remote locations. You can now start to see that there's integrations that are in place that can allow you to not only press, print and have that card come out of a printer, but it could now be issued to a wearable.

It can start the process for your mobile phone. We'll get the HID PACS application and it can take that data and feed it back to that core application. So we have to understand that people are stuck. The cards have a good value. We're also visual creatures. We see a lot of the time now having conversations where people say we're going to be comfortable moving our technology to the phone eventually, but we still need to have some sort of identifier that shows that person belongs here and we're not going to ask them to show us their phone. So we're probably going to see that in a lot of cases there'll be a visual that's non technology that still has your image, still has some sort of marking on it that indicates, yes, I do belong here and then maneuvering around the facility, logging onto your PC, whatever will probably happen on the phone.

And from our perspective, again, thinking of how well we work in the higher education space, and I'll say a lot of credit goes to the users in the higher education space. There's not a community that is out there that is more open to discussion and understanding, sharing information among institutions that help us provide that right. They're always open to be a proof of concept or a test site.

And so we learn a lot from them. We take it back. We have conversations internally within HID and some of the things that I just mentioned, like having a system that allows you to print both at the same time is going to become more commonplace. And I think that's a real nice step that compliments addressing the issues that they have today and setting them up to be able to move forward with mobile in the future when the time is right without maybe trying to marginalize them.

Matt:
Totally. So Tim, I want to take it to you because we have almost two opposing ideas here in that we have a large number of higher education institutions who are leveraging legacy credential technologies, which frankly are easily clonable like prox, right? Security risk, but also are going to have that user convenience, which seems to be very highly achieved through mobile issued credentials and managing things through the cloud, Dave, to your point. So Tim, if all of the benefit is here and we agree that institutions are very open to these conversations, what's the holdup?

Tim:
What to choose? A lot of times the consolidation of systems, it goes back to some of the original points is getting people to talk together, to truly understand in upgrading legacy infrastructure on campus to make that happen. I think cards and mobile will coexist for the foreseeable future. Even folks that have gone mobile, you know, they have students coming in that are actually requesting cards, more like a vanity card. They're actually willing to pay for the card. They want to have that piece just to show ownership that I went to this university. And to Dave's point, you know, it might just be a plastic card instead of a contactless or a technology card at that point. But universities have all types of different programs, summer conferences. They house high school students that come in, camps, all these different things, contractors, like they still have exceptions where they know they're going to always print cards.

So it comes back to the balance of getting the right infrastructure on the wall that can support both the legacy stuff, whether it is still a prox card where they migrate to a more secure physical credential and then the mobile piece. It's getting the infrastructure on the wall to support their goals, whether that's one year, three or five years.

There are steps now that, you know, bringing these people together to talk through what their ultimate goals are as an institution. They can really do some, you know, really powerful things now to prep and get them ready for when they're ready to take those leaps.

Matt:
So it's a journey. It's a complex animal. It's not as easy as, you know, pushing a button, so to speak. And it's there. And you do make a good point as it relates to keeping your card as a memento. I still have mine. I'm wearing a puka necklace on it. The early 2000s were not cute for anybody.

But with that in mind, Dave, I want to get you in on this, but I want to focus on if you had advice for those who are looking to upgrade and are looking to make that move to more modern technology, perhaps mobile or digitally focused. Brett, I'll start with you. What are some of those core pieces or best practices or words of wisdom you would offer to accelerate that journey that Tim was talking through and some of the issues that they may face?

Brett:
That would be the upgrade, right? You know, how do you leverage from a time and attendance terminal to a Coke machine, to a Pepsi machine, to every use case on campus? The different departments have different budgets, and they also have different leadership. You know, some may see a vision in security from the housing side because they want to protect students. Mobile is more secure. But from the time and attendance, the football side, you know, maybe they want biometrics, maybe they don't want to deal with mobile because of that particular use case. So universities, what they have to do is they have to understand the direction that they went ahead. To Tim's point, you know, get a group together or a committee to talk and a quarterly or maybe even an annual basis, something to kind of give the visions of the different groups on campus and where they want to be, and then basically build the infrastructure around technology and supporting the direction that you went ahead, making sure that you know, anything new deployed has that visionary idea behind it and making sure that it's compatible with the future.

Matt:
Yeah. Dave, Same question.

David:
Yeah, similar, but maybe slightly different. I would say challenge, challenge your vendors, challenge your manufacturers, right? Let them understand what it is that you're looking to do. I feel that in a lot of conversations that we have, particularly in higher education, people may feel that they are stuck in a proprietary solution and it may not have even had that intent to begin with. But because it's been fairly siloed, they've been running, you know, updates individually. It's kind of been held together with duct tape and bubble gum. How do they start to break free? They need to put pressure back on the people that are providing them with these applications and these pieces of hardware. And we see a lot of legacy systems where they're doing it one way just because that's how they've always done it.

And that's not speaking to the actual facility folks. It's really the design that they've been given. So that would be some of my advice is to actually push the envelope, go back. You're a powerful entity, you know, that you provide a lot of business, you provide a lot of really good feedback. So become a partner with your vendor and your technology partner and let them know what you need.

And I think they'll start to see that the trend is there. But if there's a little bit more mass push, then that adoption will start to happen quicker.

Matt:
Don't settle. That's good advice for life too. I like that. Tim, same question to you. What advice would you give to help get there faster?

Tim:
Yeah, one of the things we continue to educate on is what is on your campus and we go back to some of the comments we've already made, siloed departments. They're buying all these things. What is actually on the wall is actually taking a step back and figuring out doing inventory of what we have on campus — what type of manufacturers, what type of hardware, what type of software, where are we using our card today?

You know, are we using it at the rec center or is anyone just walking through the door? Are we using it at a point of sale terminal? Are we using at the library? You know, where is this card actually being used on campus? And I think that will also identify the departments that you have to bring together to form some type of stakeholder committee meeting to get folks talking.

But then truly understanding like, okay, maybe this isn't as big a lift as we thought it was. Or maybe it is — it's actually going to be bigger than we thought. But now this gives us the ability to start gathering information, actually putting a business case together to go talk to leadership on campus, to say, hey, this is extremely important, this is what XYZ schools are doing.

You know, again, digital transformation. Back to Brett's point, these students have grown up with phones. They're used to living in their phones, working with apps. You know, how can we support this? We're really laser focused on our students, right. And their students are laser focused on user convenience. They just want things that work. So how can we as an institution take all we're learning here and really, you know, really help the students.

Matt:
So know where you are today, plot that course for the future. And of course like we talked about all episode keeping that balance of security and convenience in mind. Very good. All right. I've got one more question before our final, final question, and that is, let's look into the future. Right. So we kind of took a trip down memory lane on the evolution of security technology and access control and everything in between.

But Brett, starting with you, let's go to July 2033. What will the higher ed landscape look like when it comes to security and credential management?

Brett:
I mean, college campuses like the open environment, right? They want the use case on campus outside of the residential halls, locked down but open everywhere else. And knowing who's on campus I think is going to be important. So I think identity positioning will be strong because you can identify users coming and going flow of traffic. You can identify the cafeteria experience.

You know, is everybody going right, not buying from the pizza place? Maybe we need to reorganize some things to have an even flow space utilization — student going up to the cafeteria, looking at a monitor and having it automatically have a little window pop open and say, this is your dietary, you know, menu list, right? For those students that need or are allergic or what have you.

So broadening the user experience through mobile phones I think is where it's going to be now. It could still be tap because you don't want to be walking through unlocking doors, you know, as you're going through the halls and things like that. So it'd be a combination of both. But it's that openness, it's that lack of security view, even though you may have cameras and what have you, but secure it with knowing who's where and how they're flowing on campus, is going to be important.

Matt:
And think about all the data insights that you have for that. And with sustainability is a big push. Opportunity seems endless there.

Brett:
You know, the biggest thing when you look at a university is student retention. How can we retain these students, have them come back, you know, next generation, best experience ever. They want their kids to go there too. So that is what universities’ — at their core — interest is: student retention.

Matt:
100 percent. Dave, same question. Crystal ball 2033, what do you see on the horizon?

David:
Well, I'll do a quick divergence. First, as you mentioned, pizza, and I'll say that, you know, as we see a lot in this system, a phone is never going to be used to cut your pizza, so a card will still be around. And yes, as a northerner, being able to scrape your windshield. But if I look strictly by the numbers of research that's been out there, it's showing that card adoption will continue to increase until roughly 2045, and then it'll start to take a dip after.

So while there's no question we're going to continue to see the rate of mobile adoption increase, I don't think it's going to be fundamentally too much different in ten years. I mean, we've all been through this for a long time. New technologies emerge. They generally don't get adopted as quickly as we would like, but I think we're still going to go back to that convergence.

We're going to see more adopt, maybe dip their toe in. There might be certain areas on campus, certain levels of students or faculty that will use it. There’s still going to be a significant portion that'll use credentials. The biggest change that I'm going to see is how are we going to make it easier and easier for people to adopt, address the issues that they have now with the hardware that they have, give them the ability to seamlessly move forward, have that plan in place and have that structure to help them move when the time is right.

So I still see a ton of cards being used in 2035, but certainly there'll be significant increase on the mobile side. But maybe you will be surprised with how many have both.

Matt:
Yeah, living in good harmony, it sounds like.

David:
That's right.

Matt:
Very good. Tim, 2033. What do you see?

Tim:
So, you know, I echo some of the same comments. I do think that there will be, you know, a lot more mobile going on. And then at that time — and I'll bring it back to you, you touched on it — but we're still going through a digital transformation again in the world, but actually in the physical access control industry. And it's more focusing on the value that mobile can bring to your business or your institution. Right. Your city, as we referred to it earlier, you know, when you think about what mobile can do, you brought up sustainability, right? We've heard from schools that actually have gone to mobile — one of the last checkboxes was the sustainability angle.

They were printing 30,000 cards a year, right. Every university now has some type of sustainability goal. Can reducing the amount of plastic actually help you as an institution meet that goal? You talk about the actual value everyone's it's not about just putting oh, I have a mobile credential on my phone. It's not about that.

It's actually about what is it actually doing behind the scenes. Now, every system is integrated on campus. You get a mobile credential issued to you. You walk to this building, you have immediate access, you have the dining hall. All the systems are now communicating. If you revoke a credential, you pull it, you pull out of the system.

Right. For security practices, you are not going to hand a card to, you know, to your buddy, to your girlfriend, to your boyfriend. You're less likely to hand off your phone. If you lose your phone, it's going to be reported immediately. Right. There's, you know, there's additional costs and stuff like that. So when you actually start thinking about it from now and if you're asking like you did for ten years, I just think it's going to slowly start to snowball.

We are already seeing it. Other institutions are going to see their, you know, other campuses do the same thing. And I think it's more about the value of how mobile can transform that campus. And I've continued to say this, when I speak with folks, is it kind of gets lost in the shuffle. But when you think about the credential, whether it is a plastic card or a mobile credential on the phone, is that is the core thing that holds the campus together?

You know, sometimes card offices are in basements. They're just thought after or thought as an afterthought, like that credential powers everything you do on campus when you're there, getting into buildings, how you eat, who you interact with, where you go, what access levels you have. Right. And if a student doesn't have their card, they can't eat, you know, in most cases.

Right. If a student has a proxy card that's cloneable you know, some type of security risk. Right. When you think about that credential and how mobile can actually provide both security and convenience, you know, you're going to start to see it snowball. Into Dave's point, I don't think cards are going away anytime soon. I just think they're going to be used in different, different means in different areas, depending on the campus and depending on their ultimate goals.

David:
Yeah, and I loved your point about, you know, the backend systems. I think interoperability is going to be the biggest push, right? We talked about legacy systems. How are we going to make sure that all these pieces will interact? My identity is one thing to a certain application. It's something else to something else. That's going to be really important for us.

And I think you'll see that will be a huge push and a significant change. But I think we'd be remiss if we didn't say as far as carbon footprint and sustainability, that HID is also moving towards moving away from plastic, being able to provide alternatives to that plastic card that are sustainable, whether it's wood, whether it's something else that comes out in the future.

So there's still a push to be able to do that, and that's going to be important. I just didn't want that to get lost in the mix, that there's a significant push and we're aware that we need to be able to do that and provide that to our users.

Matt:
Absolutely. Yeah. We have continued complexity in the campus space ten years from now with new challenges coming in. But hopefully with the technology, we have a more connected viewpoint across that. So that sounds good. Okay. Final question, Tim, I'm going to start with you. All right. This is an unfair question. I'll just be completely honest.

But if you look at the world today, security in higher education, would you give a pass or fail?

Tim:
I would probably give a fail for if you're asking about physical security, you know, go back to earlier points. When you look at the credential, most doors today are still being secured with mag stripe or prox. You know, those are two extremely vulnerable credentials. If you're focused strictly on the security and asking on that question, when you look at how many universities are in North America, you know, there's over 4000 plus universities.

And we're not even talking about, you know, maybe community colleges and other private institutions or smaller private colleges, you know, that that's a massive, massive number that are still using legacy vunerable technology. So, you know, in a sense, I would have to or I would answer fail.

Matt:
Dave, same.

David:
That's a very loaded question.

Matt:
Yes, sorry.

David:
And I think we could actually expand it. I know this is a focus on higher education, but if we look outside of it, they're not alone in this in having to adopt and increase the security that they have. So I guess I'd be on the fence a little bit as I consider, you know, more. The card offices, I'd say, is a pass.

They seem like they're understanding at least the nuance of anti-counterfeiting, right. So there's things that you can apply to your credential to ensure that if it's cloned, if someone asks you, is the picture right? Do you have the right hologram that's on there? Is there something that I can read under blacklight? Right. There's a lot of different things that they're doing really right, I think in that situation and trying to do really well by their students.

But I think to be fair, if we look anywhere, security can always be improved. There's best practices, but I wouldn't say it's strictly based on the credentials and the access piece. It's, you know, human awareness. How often do we hear that that person got in there because the door was left open with a rock, because it was just a pain to try and get in and out of it?

So there's a lot of elements to it. But I guess I'll be a fence sitter and say there's lots of areas for improvement, but I think that everyone is pretty much doing the best that they can under the circumstances and the dynamic change that we're seeing.

Tim:
I didn't know you could answer as a politician. I would have had answers from both sides.

David:
You're just like, they're all bad.

Matt:
I had you go first. So Dave's answer is a C plus. Very good.

David:
B-minus.

Matt:
There you go. And last word to our OG, Brett. No pass or fail.

Brett:
No comment. Yeah, can't plead the Fifth because we're focused on higher education and it's part of our job to make more secure for access, right? I mean, Tim's got a lot of valid points as far as why it should be a fail, right? With the security, the legacy technology, the money, the budgets that they don't have. But to Dave's point, we very rarely have universities ordering proxies, only readers, even though they have proxy only cards.

So they're making the investments to get to where they need to be in the future. And they're adding security, the ability to transition in the future. So they have a vision, they know where they want to be. They just can't get there yet, for whatever reason it may be. And, you know, we talked to some universities. If they have a cloning issue, they look at the CCTV cameras.

When the university told us they caught them within 24 hours because the person cloned the security guard’s badge and the security guard was off that day. Right. So not only physical access control, but they have the camera systems, they have the reporting to catch the people that are a little bit devious on campus in addition to the vision for the future.

So I would give them a low passing grade. So I would say, you know, maybe a C plus or maybe a B.

Matt:
I like it.

David:
We use the bell curve. Tim is just flat.

Tim:
Well, and I will say, you know, everything there is valid. And, you know, I guess my initial focus, see he did say it was an unfair question. I was focused more on the hardware and the credential side. But yeah, when you look at it as a whole, to echo what Brett said, you know, these type of systems that they're putting in now for security, like, you know, visual and camera systems and I mean, these things are top notch.

You know, your institutions, they're doing a lot of work and investment, you know, on the security side to protect students. So, I think it's important to comment on that side, like yes, that is really happening. They're doing really good stuff there. But when you think it, when you bring it back to the actual credential and the readers on the door, you know, there's a whole lot that can be improved.

Matt:
And as we said at the top of the podcast, it's a complex environment, right? Things are changing very rapidly. And in the spirit of why we do this podcast — and that's to help bring the industry together — which is in our best interests, our end users, best interests, our students best interests to help get that to an A-plus, which is more to come in the future.

So with that, Bret, Dave, Tim, thank you very much for joining me in the studio. This has been a lot of fun. And thank you, of course, for joining us for the season one finale of HID Connects. We've had a blast putting this podcast together. I really want to give a special shout out to the crew that you don't see on camera, the producers, the behind-the-scenes folks who really put a lot of time and effort and energy to bringing this to you.

We are really looking forward to season two, which will drop here in the fall. But in the meantime, if you missed any previous episodes, check them out. Find us on YouTube, subscribe when you get the chance, and as always, in the spirit of connection, please drop me a line with any questions, comments, ideas or future episodes. Hit me up at [email protected].

So with this as we come to an end of our very first season, thank you for listening and may your identities forever be secure.