Re: Physical Key Management

[Kevin Schmidt <kps () UCSB EDU>]

We use the Morse Keywatcher boxes. While they are a bit expensive, I have
to echo the comment about them being cheaper than re-keying. They also
provide an audit trail that can help in certain situations. We host
cellular provider sites on our campus, and the Keywatchers allow us to
release a specific subset of keys for these providers based on enrolled
fingerprint scans (to avoid PIN-sharing with sub-contractors). Similar
situations exist for a few other third-party entities with contract-based
access. Hosting a Keywatch in our police department lobby means access is
available 24/7. With the Morse systems, we get immediate alerts on certain
check-outs, plus end-of-day checks to alert if keys have not been returned.

Kevin Schmidt
Dir. of Networking, Communications and Security Services
ETS Infrastructure Services
Office: (805) 893-7779
Email: kps () ucsb edu
[image: UC Santa Barbara]


On Fri, Aug 16, 2019 at 7:20 AM Kimmitt, Jonathan <
jonathan-kimmitt () utulsa edu> wrote:

> Hi all,
>
>
>
>   I’m curious on what people have had success with for physical key
> management?
>
>
>
> Specifically the master & grandmaster keys that the IT department uses to
> get into buildings, offices,  and residential areas, so they may work on
> the network, computers, etc.?
>
>
>
> We have tried a few things in the past, and are looking for something new:
>
>
>
> -          Check out system at your Campus Security/Facilities
> department?  (Staff are extremely resistant to this)
>
> -          Physical key management lock box (that only allows each person
> only their assigned key)  (This can be very expensive)
>
> -          Regular lockbox (the hanging tag type, that anybody could take
> anything from the box)?   (Our current setup)
>
>
>
> Specifically, we have concerns on a couple of issues….
>
>
>
> 1.       Technicians/engineers taking keys home
>
> 2.       Technicians taking keys that are not assigned to them
>
> 3.       Technicians taking keys that have greater access than they are
> approved for
>
>
>
> Is this an issue at other institutions?  Has anybody found a good balance
> between security and convenience?
>
>
>
> -Jonathan
>
>
>
>
>
> ~
>
> Jonathan Kimmitt
>
> CISSP, PCIP, CEH, CIPM, GPEN, CIPT, CIPP/E
>
> Chief Information Security Officer
>
> Information Technology
>
> The University of Tulsa
>
> 918.631.2743
>
> jonathan-kimmitt () utulsa edu
>
>
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community