In summer 2013, The University of Colorado at Boulder, commonly referred to as CU-Boulder, completed its project to install 5,700 SALTO RFID locks, replacing their previous magnetic stripe locks throughout all of the University’s residence halls. SALTO Systems’ use of RFID technology (Mifare, NFC, Desfire EV1), its robust architecture, and its ease of use all combined to make SALTO the clear choice for the future of CU-Boulder’s residence halls.

Increased security awareness, aging infrastructure and pressure to cut operating costs are just some of the many reasons why schools, colleges and universities look to find new ways to enhance campus security.

Multi-purpose access control system

Student housing in particular is often a key area for upgrade. While each campus housing program is tailored to its individual location, many of the tasks it is required to perform are common across the country. These include assigning rooms, distributing keys, retrieving old keys and issuing new ones, and this can be a time consuming task that can involve large numbers of staff and lengthy waits for students. Then, there is the matter of lost keys and their associated costs which only adds to the workload.

Add to this, that older systems used a card that was just a standard key. Today that same card is now almost certainly going to be a student ID card as well as a room key, campus key, and be used for managing in-room energy usage, purchasing food, study supplies, bookstore supplies and riding the bus to class.

Being required to handle all this, plus providing facility management (remote lock/unlock, scheduling, access rights) requires a more modern approach to security. It needs an increasingly multi-layered approach that can maximize overall security now, while providing flexible future proof technology that will deliver lasting dollar value for the years ahead.

An example of such a multi-purpose access control system installation can now be seen at the University of Colorado Boulder, which has just completed installation of some 3,900 SALTO RFID XS4 keypad locks and 1,800 non- keypad locks.

Time to upgrade technology

CU-Boulder is the flagship of the four-campus University of Colorado System, which also includes the University of Colorado Denver, University of Colorado Anschutz Medical Campus and University of Colorado Springs. Situated on one of the most spectacular campuses in the country, it offers approximately 3,600 courses in 150 fields of study in arts and sciences, business, education, engineering, environmental design, journalism, law and music.

There are currently 26 residence halls on campus at CU- Boulder. The residence hall room types range from singles to four person rooms and others with apartment style amenities. Along with that, there are some rooms that have more amenities than others, including a full bathroom and/or a kitchen. The majority of the students living in the residence halls are freshmen, but any year student can live on campus. There are several communities of residence halls located throughout the campus and in a separate area called Williams Village, which is connected to the main campus via the local bus transit service.

SALTO XS4 keypad locks can handle up to 64,000 doors and 4,000,000 users on a single system
SALTO Systems were selected for its use of RFID technology, robust architecture, and ease of use

With this in mind, CU-Boulder’s existing magnetic stripe door access system used in the student residence halls was aging and the university wanted to move their locking systems to newer, more secure RFID card technology. A program was initiated by HDS Information Technology Department to evaluate alternative solutions that could offer them both the higher levels of security that they wanted as well as the encrypted RFID technology that could be leveraged for their transit system and other uses on campus.

Challenges

Larry Drees, Assistant Director HDS Information Technology at CU-Boulder says, “Having used a mix of magnetic stripe door access systems as well as keypad and PIN enabled locks as a part of our residence room standard for many years; we wanted to upgrade our technology, but still have something that was easy to manage.  

“Our residence halls are busy places with high traffic areas, so any replacement locking system would have to be robust. Encrypted RFID technology was an important requirement for us, but we also wanted something that was reliable and easy to install. Also, we wanted our new system to be capable of integration with our Ecopass transit system and our campus Software House's C-Cure 9000 access control system within the next 12-24 months. In addition, we were impressed with the variety of locking hardware options giving us additional levels of security on a case by case basis while still being capable of management within a single system.

After many months of reviewing the options currently on the market, we settled on SALTO’s XS4 solution as the locking system that could give us the functionality and technology options we wanted, at a standalone off-line locking system price point. The ability to transfer information to and from the lock via an RFID card is also something we think will be helpful in managing these locks over the long term.”

Planning and installation

“Ensuring the safety of students and their assets in residence accommodation is always a high priority,” confirms Tim Moreno, Western Region Sales Manager for SALTO Systems. “Looking at the layout of the campus and the position of the various residence halls, we assessed usage and the level of security required and then worked with Larry and his team to design and subsequently install a highly secure and flexible networked access control system to meet all the needs of the university.”

The solution chosen was the SALTO XS4 keypad lock which is designed to provide increased levels of security and control for doors where extra security may be required. It offers users a choice of multiple security authentication methods to control access including RFID smart cards (DESFire EV1 smart cards at CU-Boulder), combined use of a PIN (Personal Identification Number) code + smart card or a separate keypad code.

The lock can be operated in 3 modes; smart card only, pin code + smart card or keypad code only. With standard smart card mode, the lock is locked at all times until opened with the student’s key card that has access rights to that room.

"Controlling access and securing our residence buildings is crucial. We now have 26 residence halls and 3 administrative support buildings using SALTO locks", says Larry Drees, Assistant Director HDS Information Technology at CU-Boulder

When using pin code + card mode, each student has their own personal code. Typically, this is used where extra security and dual authentication (presenting both a card and typing in the pin code) are needed, and students can have up to an 8-digit pin code.

In keypad code only mode, the lock itself has an access code that is used for student authentication. Every student that goes through that door knows the keypad code. When two students share the same residence room, they are the only ones that know the keypad code of that room, and again, students can have up to an 8-digit keypad code.

“The university also plans to install the SALTO solution into the lobbies controlling the private secure areas of the halls,” Moreno says, “and from a management point of view the XS4 keypad locks can handle up to 64,000 doors and 4,000,000 users on a single system, with each individual lock recording the last 1,000 audit trail events at that door in its memory.”

Benefits

Larry Drees summarizes, “Controlling access and securing our residence buildings is crucial. We now have 26 residence halls and 3 administrative support buildings using SALTO locks. At this point, we are keeping our system setup pretty simple. Most doors are student rooms which are locked 24/7, and we do not use the calendar features of the system to any great extent at this time. We also plan to work with SALTO to improve the user interface so we can restrict functionality at a more granular level.

Now that the system has been implemented, we’re pretty satisfied with the quality and efficiency of the product. Besides helping us move closer to the university’s vision for utilizing RFID technology, the new system also leverages this technology while helping us meet our goal to provide a safe and secure environment for our students.”

Download PDF version

In case you missed it

Has The Gap Closed Between Security Fiction And Security Reality?
Has The Gap Closed Between Security Fiction And Security Reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

The Five Questions Bank Security And IT Leaders Need To Answer About Cybersecurity
The Five Questions Bank Security And IT Leaders Need To Answer About Cybersecurity

Organizations across the world face a new risk paradigm: one that encompasses cyber and physical threats. We’ve heard the stories associated with ATM skimming, identity theft, data breaches, scams, and phishing. Large financial services organizations are often the victim of hackers looking to steal corporate information and transactional data or funds, and criminals continue to become more sophisticated in their approach. Growth In Cyber-Attacks Additionally, cyber-threats have taken a front seat in the line-up of primary risks facing financial institutions today. And it is no surprise why: according to Cybersecurity Ventures, the amount of money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion overall for 2015, and this substantial amount is expected to double by 2021. Cyber-attacks are becoming more prevalent, more complex and harder to address The fact that cyber-attacks are becoming more prevalent isn't the only issue; they're also becoming more complex and therefore harder to address. And although the convenient interconnectivity of the Internet of Things (IoT) creates many advantages for financial institutions, with that also comes an increased risk to dangerous threats. In today’s environment, banks, credit unions, and financial organizations of all types are primary targets for hackers. But it’s not just the monetary loss that these businesses need to be concerned about — there is also a threat to the brand, customer trust, and employee safety. All of these challenges and complexities open the door to new conversations and risks. Here are the top five critical questions today’s bank leaders need to be ready to answer. Should We Collaborate To Mitigate These Threats Effectively? Over the last decade, the emergence of the Internet of Things (IoT) and a demand for more mobile capabilities has changed the way people and businesses connect. But as the need for connectivity increases, so too does the need for increased security for physical assets, networks, and valuable corporate data. As a result, a dialog between IT and physical security is necessary to help leaders gain a greater knowledge of how to best collaborate to ensure complete protection. Leaders must communicate closely to drive strategies that help identify vulnerabilities in a more proactive manner. The result of these conversations: a truly comprehensive approach to security intelligence. It’s not just the monetary loss that banks need to be concerned about – there is also a threat to customer trust and employee safety How Can I Pinpoint The Important Data For Addressing Cyber Threats? To maintain a high level of security and ensure business continuity around the globe, companies seek solutions that help predict and identify threats in real time. But often, there are too many alerts generated by too many systems, and none of this raw data is actionable. Linking cyber and physical security together transforms alerts into actionable intelligence, which helps users connect the pieces of any situation and present a unified risk scenario to the appropriate analysts and operators. By capturing and analyzing data in real time, enterprise organizations gain a visual representation of risks across the business while accessing information related to the most critical events happening at any given time. Not only does this unified process enable a higher and more proactive level of protection, but it also helps facilitate a plan of action based within a common, unified security operations center. How Can I Inform Of The Importance Of Cybersecurity? Security leaders in banks need to feel prepared by staying updated, looking at common vulnerabilities, understanding the malware and challenges, and testing the environment. And collaboration is key to mitigation: Traditional security and fraud teams must work in conjunction with cyber teams to effectively handle all aspects of a cyber-attack. Additionally, CISOs need to “sell” cybersecurity to CEOs and the board by outlining the importance of protection through emphasising the impact of a potential cyber-attack on the business. Ensure you can verbally address the most critical risks to your senior leadership, including recent botnets, scams, and cyber gangs, to receive the support, and budget you need to address these threats head on. Is My System Secure? It is critical that you are knowledgeable about the steps you can take to protect your security and network infrastructure from cyber-attacks. A firewall is useful to prevent hackers from accessing critical data on internal networks and computers Changing default passwords should be a first step, as some scams target devices with hard-coded factory defaults. Ensure software and firmware is up to date because updates often include fixes for potential vulnerabilities. These updates keep your devices and network more secure and increase overall system uptime. A firewall is useful to prevent hackers and unauthorized programs from accessing the critical business information and resources on internal networks and computers. Also, minimize potential risk by closing network ports and disabling services you don’t need. With all of these instances, it is best to work closely with your integrator partner and chosen vendor to ensure that your system is as secure as it can possibly be. What Solutions Are Best To Help Mitigate Risks? Technology is a great force multiplier. Security — both cyber and physical solutions — helps secure an entire branch footprint, alleviates risk, ensures operational compliance, and improves fraud investigations. Video surveillance systems, analytics, threat management platforms and more can provide organizations with intelligence and unprecedented protection from fraud, all while enhancing the customer experience. Overall, there are significant benefits to collaborating to gain comprehensive risk intelligence. By bringing various leaders, departments, technologies and strategies together, we can more effectively identify threats, develop trends and quickly access important data to ensure security and safety goals are realized.

BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage
BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SecurityInformed.com to discuss the reasoning behind the deal, and how the program will benefit partners, integrators, and end-users alike. Expanding BCDVideo's Product Offering For BCDVideo, the HPE OEM program has been widely acknowledged as a success, allowing the company to leverage a globally recognized brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support For Integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting Surveillance Market Demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating For Growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.