Matching Security with the Needs of a Cutting-Edge Research Institution
In New Jersey, Newark has firmly established itself as the state’s largest city—with a hefty chunk of its population centered around the University Heights neighborhood. The area is home to four higher learning institutions: New Jersey Institute of Technology (NJIT), Essex County College, New Jersey Medical School, and Rutgers University.
NJIT alone accounts for more than 13,000 students and roughly 3,000 faculty and staff, with 42 facilities sprawling across 40 acres. Robert Gjini, associate vice president for environmental and operational services, estimates that during the fall and spring semesters, when accounting for contractors and visitors, the school’s population ranges roughly between 18,000 and 20,000.
“Here in an urban environment, here in Newark, security is at the forefront of a lot of people’s thoughts,” says Gjini, who has worked for NJIT for more than 30 years. When the school administers surveys to students to determine how satisfied they are with the school and identify their most important issues, Gjini notes that safety and public safety are big concerns for the student body.
The public university is also a Research 1 (R1) polytechnic university, a classification that generates additional demands. NJIT has to meet strict compliance, reporting, and audit standards, which are established by the federal government. According to the Carnegie Classification of Institutions of Higher education—a framework for classifying American higher education—an R1 facility is a “very high spending and doctorate production” institution. For any college or university to achieve or maintain this classification, it must spend at least $50 million in total research and development, and award 70 research doctorates annually. In 2025, 187 academic institutions have achieved an R1 designation.
Because of its R1 status, NJIT must also provide the highest levels of security for certain facilities, including its biotechnology labs and clean rooms. So, when Gjini began considering an update to part of the school’s access control system, he wanted the R1 school’s facilities to rely on modern security solutions that matched the institution’s technology-centric culture.
The previous system—installed before Gjini began working at the school—was based on an older disk operating system, AMAG 302, which involved magnetic stripe card readers.
“Our students are expecting cutting-edge technology,” Gjini says. “They don’t want to see 30-year-old technology being used day to day. So, as technology changes, we’ve got make sure that we’re incorporating that newer technology and doing things on the cutting edge.”
Gjini knew that at the end of the day, whichever solution was selected, it needed to account for a massive level of turnover. That’s the kind seen only in large schools when new students start classes at the beginning of a semester, either as baby-faced freshmen or transfers, while the more familiar faces graduate and matriculate into the real world. Faculty and staff also change, with some retiring or changing institutions while new members eagerly arrive.
That turnover rate means that security must regularly update access permissions, which can vary but still must be issued precisely and controlled, given the sensitive nature of research at NJIT. While some students might simply require parking privileges and access to standard facilities, such as lecture halls and dormitories, others may need around-the-clock access to a teaching lab or studio.
Gjini estimated that at the start of the typical semester, the school issues about 35,000 electronic keys. At the end of each semester, the school has to reclaim roughly 25,000 of those keys, with the remainder active for summer classes or activities that proceed between the fall and spring semesters.
Our students are expecting cutting-edge technology. They don’t want to see 30-year-old technology being used day to day.
Ultimately, a committee involving 13 staff members representing the different departments on campus decided to stay with AMAG for the upgrade, selecting the On-Premise AMAG Symmetry Enterprise, AMAG Symmetry Mobile, and On-Premise AMAG Symmetry Professional.
Overall, the installation of these three solutions involved updating servers that would process the system, plus retrofitting the entire campus’s access readers and the credentials that users would carry, whether in the form of physical cards or a mobile app on a smartphone.
The first step was to transition the credentials, because the existing readers would still be able to recognize new access cards. However, given the huge number of people this would impact and what it would cost to rebadge an entire university’s population all at once, the shift happened in stages.
Instead, as new freshman started the school year and new employees were onboarded, they were the first to receive new access badges—a process that would eventually cover the entire student body. In a staggered campaign, other employees and third-party contractors were gradually issued the new credentials.
Once everyone had new credentials, the school began updating its servers and field hardware. While some of the servers manage the card access and alarm systems, others support the video management system. as the older cameras break or reach their end of life.
The school finished upgrading its card access hardware in 2023 but is still phasing out older, analog cameras, as they break or reach their end of life, in favor of digital models. Gjini notes that if someone is monitoring or reviewing surveillance footage, the analog cameras continue to provide the necessary coverage for tight, focused areas that correspond to card readers.
For ease of use, faculty, staff, and students receive their credentials in two forms: a physical badge and a mobile credential through a smartphone app. So far so good, until was a road bump on the mobile side.
To use the mobile key card, the user’s smartphone needed to be unlocked with the app open. While that might seem inconvenient for those on the move, it made for more security. However, a certain version of the system’s firmware was enabling some mobile key cards on iPhones (depending on the smartphone’s settings) to be readable even if the phone was locked. This meant that if someone’s phone was stolen, it would continue providing access to potentially sensitive or personal spaces on campus. It was an anomaly that Gjini knew had to be addressed, even if a rushing student or harried professor found the glitch convenient.
“There’s always contention between security and convenience, right?” Gjini says. “Usually the more convenient something is, the less secure it is, and the more secure you make something, the less convenient it is.”
Gjini worked with AMAG, which in turn worked with Apple, to address the issue and release a new version of the app for users’ smartphones.
Given the issue of high turnover occurring multiple times a year, Gjini was also able to coordinate with an AMAG professional services team and a contractor to develop an SQL database, which Gjini calls middleware.
The middleware is fed information about access privileges from various authorized sources—department or school administrators who provide information on up to thousands of students and staff, indicating who can park where, which residence halls correspond to which students, and so on. But what makes the middleware invaluable to Gjini is that, despite the huge amount of data fed into the database, a small team can manage it and feed that information into AMAG’s Symmetry systems, which in turn activate or deactivate access badges and adjust privileges.
Along with the ability to manage tens of thousands of access points, the middleware also allows the managing team to add or deactivate a high volume of cards in a short amount of time, which the team does by pulling from a master spreadsheet that is updated by authorized users.
As new buildings are constructed and opened, Gjini says, they plan to expand the system by incorporating some third-party systems, such as for paying for student meals, using printers, or checking out books from the library—allowing users to rely on a single credential across most of the campus.
“People are so conscious of security and wanting to feel safe and secure on campus,” Gjini said. “We want them not thinking about security and thinking about their research and their schoolwork. So, it’s very important that we give them that safe environment as seamlessly as we can.”
Sara Mosqueda is associate editor at Security Management. You can send her an email at [email protected] or connect with her on LinkedIn.
