JUly 2021

Security eMagazines

By Brooke Grigsby, Contibruting Writer

Integrated Solutions


Identity and access management within a multi-tenant setting can be time-consuming, costly and risk-intensive without the right tools.

Identity Management for Multi-Tenant Buildings

Font, Rectangle

sl-f / iStock / Getty Images Plus via Getty Images

Land lot, Urban design, Tower block, Plant, Sky, Building, Cloud, Daytime, Window, Fixture

Multi-tenant buildings present a range of challenges for security managers, particularly in the area of identity management. In contrast to corporate security, where identity and access management (IAM) often deal with employee and contractor access to a defined set of networks and applications, in a multi-tenant building, the IAM workload is broad and disjointed. With more than one identity system at work, identity and access management at a multi-tenant building has to contend with tenants, guests, visiting service providers, employees and more.

Thus, instead of worrying that an employee may be improperly accessing a database, in a multi-tenant building, an identity incident could involve Mrs. Smith complaining that Mrs. Jones’ suspicious-looking guest got into the laundry room and stole her soap. In all seriousness, identity management for apartment buildings can be time-consuming, costly and risk-intensive without the right tools.

In addition, trends in the industry are making identity management requirements in apartment and multi-tenant facilities all the more demanding. A new generation of solutions that offer dynamic identity provisioning on mobile devices offer a way forward — enabling universal, trackable access to all spaces for all users coming and going.

The Status Quo

Today’s apartment buildings rely on a disconnected set of identity management and access control systems. Solutions range from keyless smart locks on individual doors to full-on electronic access control (EAC) systems that are connected to locks on buildings and shared-access rooms such as laundry, storage and fitness centers.

A tenant or owner might carry a traditional key for his or her unit, a radio frequency parking gate opener and an EAC keycard for the building’s outer doors and shared spaces. Employees may have a similar mix of access devices. However, while the tenant’s identity is typically stored in the access control system, the employees might reside in a separate, corporate IAM system.

Disparate systems for identity and access are not a good scenario for maintaining either physical or cybersecurity. For one thing, tenants and employees are not the only people whose identities need to be tracked. Contractors and vendors need access to certain parts of the premises. Guests are often also missed by any organized identity management scheme. Delivery people come and go as well, with little or no systematic monitoring and logging of their actions or identities. The setup is also inconvenient for tenants who want streamlined access to spaces like the laundry and pools, while also expecting secure package delivery and the like.

Risks Arise

Identity management and access control are not the same thing. In a multi-tenant setting, there may be separate systems governing identities and access for employees and tenants, but none for vendors, visitors and delivery personnel. The results of this heterogeneous environment include incomplete awareness of the identities of people who require access to the premises. Nor do property managers have knowledge of presence — whether someone who entered the premises actually left, how long they stayed and so forth.

Multi-tenant buildings are exposed to risks that include unauthorized entry, resulting in theft or vandalism or even threats to a tenant’s physical safety. The property might have issues with compliance, too, such as adhering to capacity limits dictated by COVID regulations. Incomplete information about service providers could lead to disputes and administrative headaches, e.g. the pool cleaner is supposed to visit once a week, but no one can prove if he or she actually came to do the job.

Font

By centralizing control over identity and enabling managers to grant and revoke access privileges to virtually any user on demand, these solutions make it possible to improve security while cutting overhead and improving tenants’ user experiences.

Evolving Needs for Multi-Tenant Buildings

Tenant expectations in the multi-tenant market are experiencing shifts that will have an impact on identity management and access control. For example, a large percentage of new multifamily projects feature at least some smart functionality. The changes are partly generational in nature, with younger tenants expecting to use a card or phone to unlock any door.

As the trend of working from anywhere continues to grow over the next several years, we will see more multifamily units shift to short-term rentals. This makes the identity management challenges for multi-tenant buildings all the greater. Property managers need to figure out how to meet the needs of tenants who might be staying for a few months at a time, or even less.

Addressing Market Conditions

New identity management technologies can address new market conditions while solving the current difficulties with multiple, unintegrated access control systems. The solutions vary, but most involve using a centralized identity management and provisioning platform that creates identity credentials for all who need access to a multi-tenant building. The dynamic identity provisioning comes to life on the user’s smartphone. The device then becomes a universal key, in essence, that allows the user to gain access to any space on the property or designated spaces.

The resulting locking systems are “smart.” They can be controlled remotely, with property managers able to generate credentials that grant access — but which can be quickly revoked or preset to expire. This way, the pool cleaner can be given access rights to the pool for half the day on Wednesday, but will be unable to enter the property at any other time. A guest can give her phone number to the property manager and receive a dynamically generated identity that translates into a defined set of site access rights for a specified period of time.

The solutions also typically offer compatibility with existing enterprise access control (EAC) systems. There is no “rip and replace.” The building can use legacy EAC in parallel with the new dynamic identity provisioning solutions. The solution can also integrate with IAM platforms, such as Microsoft Active Directory. This capability creates a single identity management control that works across the property and the broader business. System users have access to rich access and identity data, including presence data, visitor logs and so forth.

Security Needs are Changing

Times are changing with multi-tenant building security needs. Tenants have new expectations of seamless access experiences using mobile devices. At the same time, property managers want better security overall, spanning physical and digital areas of operation — as well as lower administrative overhead to handle identity and access control workloads. New, dynamic identity provisioning solutions offer a path to positive change. By centralizing control over identity and enabling managers to grant and revoke access privileges to virtually any user on demand, these solutions make it possible to improve security while cutting overhead and improving tenants’ user experiences.

About the Author
Brooke Grigsby is Director of Marketing for Safetrust. She has been active in the security industry for over 15 years, holding marketing leadership and management roles in cybersecurity, physical access security, mobile access and the Internet of Things (IoT) segment. Grigsby is currently responsible for leading the marketing efforts at Safetrust, a secure virtual credentialing solution company headquartered in Fremont, California. Previously, she led marketing at ActivIdentity (now owned by HID Global), idOnDemand (acquired by Identiv), and Identiv. She is an active member of ASIS, SIA, and the NFC Forum. Image courtesy of Grigsby

Facial expression, Flash photography, Face, Smile, Cheek, Lip, Chin, Hairstyle, Eyebrow, Eye