Cogito Announces the TeSA Network Access EngineOctober 04, 2019
Today Cogito announces the deployment of the Technology Enabled Shared Accommodation capability in support of New Zealand Government. This project has sought to allow Government organisations to share buildings and services without having to be in the same security domains.
Cogito has worked to enable this through its unique offerings such as the Jellyfish Network Access Engine (NAE) and it’s Shared Access Federated Directory (SAfD) service.
These products have allowed multiple organisations to share services such as NZ Information Security Manual compliant 802.1x secure WIFI, shared printing, common visitor management platform, meeting room bookings, shared locker systems, and more.
In a modern hot desking environment, it’s common for organisations to lose time and money finding desks, software, and hardware. Not to mention searching for individuals across floors and securing meeting areas. Cogito have successfully integrated a solution that allows employees to find people, vacant desks, and print and communicate without having to switch to new providers. Where previously a lack of ability to communicate cohesively across areas led to time wasted, now working areas become intelligent.
How does it work?
TeSA works by one organisation providing the base services used to run daily practices within an organisation. Cogito’s products then identify these and allow the other organisations operating within the same location to share services.
What’s the value?
Cogito’s service goes past the requirements of the TeSA offering, giving New Zealand taxpayers additional value by solving the complex problems government organisations are often fraught with.
Examples of how this offering works in the real world include:
Streamline Employee Arrivals
When people can’t find desks in large buildings time and money is wasted. Cogito’s solution determines the following through fixed or wireless communications: How many devices are on a floor or in an area vs how many desks there are on that floor or area. This information is then presented back to the visitor management system or from their mobile device in the form of a traffic light system. This allows employees entering the building to see what floors are red (full), amber (nearly full) and green (should have space available). Employees can then make a beeline to empty desks.
Find individuals within a large multi-floor office building
When you need to find someone quickly in a large organisation it can be difficult. Cogito’s Jellyfish solution allows for individuals to be found, based on where the computer that they last logged onto was last located in the network, or through access to door barrier system data. This can then be joined with presence information to give a timeframe of when that person was last there – including if they are there right now.
For example: Joanne is searching for Rob, she goes to his assigned desk, but he is not there. She enters his details in the Jellyfish web portal or mobile application. The system tells her that the notebook Rob uses was last logged 5 minutes ago and that it is located around workstation 27 on floor 3, near Rebecca’s desk. Joanne could go up there to see him but decides to message him in case he is busy right now, telling him that she needs to speak to him when he can. Rob says that he will come to her in about 30 minutes after he finishes talking with Rebecca. Rob knows that Joanne is in the building but does not normally work in this building, so Rob is likely using shared spaces or is probably in a meeting room. When Rob finishes talking with Rebecca 20 minutes later, he uses his mobile phone to find out where Joanne is now. She is in meeting room 27 on level 5 and is logged in there right now. Rob heads down to meet her. After the meeting Joanne decides that Arpit also needs to know about the conversation and it would be best done in person. She again uses her mobile phone to find him and sees that he is not in the building now, so this conversation will have to wait. Later in the day Joanne looks again, Arpit is now located at or around his desk so she goes and sees him. In the past this would have been a frustrating endeavour, and unlikely to turn up results. Now, in a matter of minutes employees can locate one another to discuss shared needs.
Better use of resources such as WIFI access
Most offices have two types of WIFI. Access for employees and access for guests. Effectively these groups are those that are trusted and have full access to building services and those that are not trusted at all and have access only to the internet. Often there is another group of users. Those that are not trusted for all services but should be trusted for some. These might be contractors or even partner organisations. In the example of Government, that might be an individual from another Government organisation. Using the Cogito Jellyfish service this group of users can be better catered for. An example is Aurelia is visiting Agency A from Department B. Agency A and Department B are both subscribers to Cogito’s identity brokerage services and have a valid agreement between each other for limited data sharing, but they don’t formally share the building Aurelia is in. Aurelia is here for a meeting so uses the visitor management system to log her entry to the building. This gives her pass temporary (for the day) access to floor 1 only in Agency A. When she opens her notebook in the meeting room, she finds she automatically has access to the internet and can print documents locally on Agency A’s level one printers. To her surprise she also has access to resources on her home Department’s internal network. Without her having to do anything she has been positively identified and securely enabled for all these services and more.
Metrics on areas that are in high demand and those that are not highly utilised over time can have major benefits to organisations. For instance, this can determine if space is required for individual sections or the company, forming a cost and space saving solution, or a pathway to solve organisational issues. Shared workspaces to date have been worked out on general availability figures and anecdotal experience of the user base. By gathering historical data on area use based on physical access information and network access information an organisation could use the data to determine these things more accurately. For instance, Company B decided that by going hotdesking they could go into a building with 9 floors and 100 seats per floor for a total workspace of 900 seats. This was based on a workforce of 1000 and a calculation of 10% of that workforce being offsite at any one time. Once the metrics are gathered, the average daily need is for only 680 seats with a peak of as many as 720 seats in a day. The company realises this is because a large part of the business involves staff advising other organisations and these staff often work and meet on client sites. The company decides to sublease one floor for a lease savings of $1 million dollars per annum. This allows for enough space for growth but adds significantly to the bottom line of the company. The company also looks more closely at the figures and sees that two areas are underutilised, and one area appears to hit capacity every day. This may indicate that one area may not have enough capacity. The first underutilised area is the consultancy area, but another area has no immediate explanation as to why it is underutilised. In talking to the staff that often work near that area, they believe it is not utilised because of the strong afternoon sun. The company purchases some blinds and now the area is better utilised, by adjacent staff, which in turn allows the over committed area sufficient space.
Not enough meeting rooms due to ghost bookings
For example: Antoinette wants to book a meeting room for 10:30 on Thursday in one of the meeting rooms on level 1. She finds that there are no slots available, even though there are always spare meeting rooms when she goes down there. She knows the issue is ghost meeting room bookings caused by people not cancelling meetings when they are not needed, or due to recurring meeting room books that are not used by only booked in case they may be needed in the future, to avoid exactly the issue Antoinette is having right now. The problem is she doesn’t know which room might be one of these ghost meetings and which one is not one of these. Using Jellyfish, the organisation can decide its’ new policy will be that if an attendee of the meeting does not swipe into the meeting room within 15 minutes of the booking time, the meeting room will become available again. If a recurring meeting room is not swiped into three times in a row, that recurring meeting will also be cancelled. Antoinette finds that she now has no trouble booking a regular 10:30 meeting on a Thursday.
Reduction in Printing Costs
Printing documents can cause higher costs and reduced environmental efficiency. Unwanted or confidential documents being left in printers unsupervised represent poor security and organisational costs. Cogito’s solution allows print capability to be based on the presentation of an access pass across organisations and across vendor provided print solutions.
Blocking Access to Suspicious Logons
Jellyfish can recognise that even when a logon appears to be legitimate (i.e. using valid credentials), it may still be fraudulent. For example: An organisation is yet to implement Multi-Factor Authentication (MFA) for logon to their network and has concerns about the potential for credential compromise. The Cogito Jellyfish service is introduced which can block logons to Windows if a user has not passed through a physical entry point. Jellyfish recognises behaviour – in a case where a user’s everyday behaviour differs significantly Jellyfish can stop a remote attack in its tracks. Even when an attacker has managed to circumvent or steal valid logon credentials.
The Cogito service allows multiple types of credential provisioning to be automated.
Linking Large organisations across multiple buildings
Many large organisations have multiple buildings. Some or all of these buildings are leased and will have existing Physical/Electronic Access Systems (P/EACS). This means that large organisations cannot replace the existing EACS which often means that a person who needs access to a new building must be manually provisioned into that building. Cogito provides the ability to interface with multiple P/EACS solutions at once. This allows for a user to be provisioned automatically into multiple different solutions from multiple vendors all from one place
P/EACS solutions often do not respond to changes in personnel roles
The Cogito service can not only provision personnel based on rules set by the organisation, but it can also interface with other services such as HR systems or Active Directory to ensure this occurs automatically. On a person’s role within an organisation changes, their physical access can also change to match the access required of this new role.
If a user should have their physical card confiscated due to an issue, this can trigger logical access to be deprovisioned too. Likewise, if a user’s logical access is deprovisioned, this can also trigger a deprovisioning of their physical access as well. Jellyfish can respond to ensure that all access, physical and logical is deprovisioned based on only one of these services being deprovisioned (if desired).