The University of Arizona May Be Setting a New Industry Trend in Campus Security

The recent Integrated Access Management and Security Summit, hosted by ASSA ABLOY Group in Nashville, Tennessee, drew industry leaders from across the country to discuss the latest developments in campus security infrastructure. Among the presentations, one stood out for its potential to reshape how institutions approach vendor relationships and technological independence.

Christopher Augustine, IT project manager at the University of Arizona, took the stage alongside colleague Joe Harting, executive director of information technology, and Tim Nyblom, mobile advocate and higher education technology innovator at HID. What they shared would spark conversations that have begun reverberating through boardrooms and campus IT departments nationwide.

The presentation focused on Arizona's decision to develop its credential management integration layer, rather than relying on traditional vendor solutions. But it was industry analyst Lee Odess who crystallized the moment's significance in a LinkedIn post that went viral in security circles: "Is the University of Arizona a canary in the coal mine or an outlier in the access control industry?"

That question has the industry paying attention. Because if Arizona's approach catches on, it could reshape how institutions think about vendor relationships, data ownership, and technological independence.

The Challenge of Scale and Legacy Systems

The University of Arizona represents a complexity that faces all major educational institutions. The university serves nearly 53,000 students across a 392-acre campus in Tucson, Arizona. Founded in 1885, the University of Arizona has grown into one of the state's most prominent educational institutions, with 42,075 undergraduates and 11,102 graduate students representing a diverse population that includes students from all 50 states.

With such a large campus, managing the data infrastructure presented a significant challenge. Arizona was managing approximately 3,000 access control readers scattered across campus buildings, representing 15 different HID reader models from various product iterations accumulated over decades of piecemeal upgrades. The complexity came not from the readers themselves, but from the multiple campus systems that consumed credential data. Dining services, access control, recreation facilities, and other systems each spoke their language, creating dependencies and demanding different maintenance protocols.

Joe Harting has spent over 20 years in higher education IT leadership, first at Northern Arizona University and now at the University of Arizona. Unfortunately, he's seen a pattern play out repeatedly: universities identify operational needs, seek technical solutions, and inevitably find themselves "painted into technology corners."

"Whenever we would find an operational need and seek a technical solution, we would usually go out to the market and get some vendor’s off-the-shelf solution," Harting explains. "In some cases, we found ourselves painted into a technology corner. We would get stuck in some proprietary ecosystem."

Chris Augustine puts it more directly, saying that in traditional setups, "if you want to make a switch, you accidentally break probably three other things unintentionally." It's what he calls "the things you didn't know when you started the project, but you find out through development."

Understanding the Web of Dependencies

The typical campus setup creates what Augustine describes as a "massive web of connections and dependencies." Your point-of-sale system for the campus store needs to talk to the dining meal plan system. The mobile app needs to display balances from the declining balance system. Campus recreation needs to verify memberships through the card production system. Each connection works individually, but string them all together, and you've created an interconnected web where changing one component requires negotiating with seven different vendors who might have conflicting interests, timelines, or technical capabilities.

"You create a web of dependencies every single time you want to make a change that becomes unmanageable to an extent over the years," Augustine says.

This interconnectedness creates what Harting refers to as getting "stuck in the box." Universities often struggle to innovate or advance because changes to one system can cascade through multiple vendor relationships, each with its own technical requirements and business constraints.

The financial implications extend beyond licensing costs. When universities can't easily switch components of their technology stack, they lose negotiating power and become dependent on vendor roadmaps that may not align with institutional priorities.

The problem compounds when vendors themselves change hands or shift strategic focus. Universities have found themselves in a precarious position when a key vendor discontinues a product line, is acquired by a competitor, or decides to exit the education market entirely. With interconnected systems, losing one vendor can force costly replacements across multiple technology areas.

Even routine maintenance can become problematic. Software updates from one vendor can inadvertently break integrations with others, leaving IT departments scrambling to coordinate fixes across companies that may view each other as competitors rather than collaborators.

Arizona's Agnostic Architecture Approach

Arizona's answer was deceptively simple in concept, though revolutionary in execution. Instead of letting vendors communicate directly with each other, they decided that vendors should communicate directly with the university. Period.

"We don't want one vendor talking directly to another," Augustine explains. "We want them talking to us. Because we're the one piece that doesn't change. We’re the constant."

The UofA team developed its own middleware solution, referred to as CardSync, which places the university at the center of all data flows. Think of it like a hub-and-spoke model where the university sits at the center, with individual lines connecting out to each vendor partner rather than a complex web of interconnections.

This approach doesn't eliminate vendor relationships. Arizona still relies on and collaborates with partners, including SwiftConnect for credential management, HID as a credential provider, and Atrium Campus for their meal plan systems.

"This isn't about locking partners out," Augustine emphasizes. "It's about ensuring we never get locked in. By controlling how systems connect and owning the data flows, we gain flexibility, sustainability, and speed."

The practical benefits become evident immediately. When Arizona wants to change its campus recreation system, it's not a conversation with seven other vendors who might be interfacing with it. It's a connection they own, manage, and can modify as needed.

Augustine dismisses concerns about resource requirements. "We don't have an abundance of developers at our disposal," he clarifies. "The core of our system was really built by one person. The key lies in leveraging existing technologies and APIs rather than building everything from scratch.”

Mobile Credentials and Infrastructure Modernization

Students can now add their university ID to Apple Wallet through the University of Arizona app. Android users enjoy a similar experience, with what Nyblom calls 'the first HID Seos credential in Google Wallet for higher education.

The transformation happened remarkably quickly. From concept to beta launch of the next generation of university IDs in mobile wallets took just seven months, a timeline that would be nearly impossible under traditional vendor-dependent models. The digital wallet integration required a massive infrastructure overhaul. Arizona replaced approximately 3,000 readers across campus, consolidating from 15 different models down to just two: HID Signo for access control and HID Omnikey for other access transactions and point-of-sale applications.

Students embraced the change enthusiastically. The mobile CatCard offers the same functionality as its physical counterpart, providing access to buildings, meal plan management, and campus services with just a tap of their iPhone, Apple Watch, or Android phone.

The sustainability impact was immediate and measurable. Arizona anticipates reducing nearly 6,500 plastic cards and chip sets in the first semester alone, significantly minimizing environmental impact while saving students the $25 replacement fee for lost physical cards.

The digital credential system also enhances campus safety protocols. With mobile credentials, there are inherent security benefits. Students are less likely to lose their phones as easily as physical cards, thereby reducing security risks associated with lost or stolen credentials.

Arizona is launching with both Apple Wallet and Google Wallet available simultaneously, with plans to expand its footprint in both platforms to other untapped campus verticals.

Industry Impact and Future Implications

Tim Nyblom's perspective from HID provides crucial industry context. While approximately 150 universities nationwide have deployed mobile credentials over the past six to seven years, Arizona represents a distinct approach.

"What is unique about this is that Arizona will be the first school in the country that will deploy without one of those traditional one-card providers controlling the credential provisioning," Nyblom explains. Previous mobile deployments still required universities to work through established vendor ecosystems.

The interest level since Arizona's IAMSS presentation has been substantial, and multiple institutions have reached out expressing interest in the approach, suggesting this may indeed be the beginning of a broader trend.

"It's just like, how come nobody could break a four-minute mile until somebody did, and then after they did, oh yeah, this is doable. And a lot of other people followed,” Harting explains. “Demonstrating a proof of concept and that something is possible has generated a ton of interest. And if the interest that is generated is any indicator, I would guess that we're going to see others following in our footsteps."

The approach isn't limited to higher education. Healthcare systems, government facilities, and large enterprises with in-house IT capabilities could adopt similar strategies. The common thread is having both the technical talent and institutional will to take control of integration architecture. For the vendor community, this shift presents both challenges and opportunities. Rather than viewing Arizona's approach as a threat, forward-thinking companies are embracing the evolving partnership model.

"You can work with vendors, but you're working with partners," Nyblom says. "They're looking for people who can help and promote what they're trying to do. So, they're not looking to be locked in. They're not looking for a vendor to sell them something. They're looking for partners to help with their vision."

This shift requires vendors’ solutions to "stand on their own" rather than depend on ecosystem dependencies to maintain customer relationships. The most successful vendors will be those that embrace the partnership model, providing excellent solutions that integrate seamlessly with customer-controlled architectures.

With this new approach, universities gain the flexibility and control they need to innovate rapidly and respond to changing needs. Under Arizona's model, bringing on a new system connection takes a fraction of the time. When you control the middleware, you control the timeline. Perhaps most importantly, Arizona now controls its innovation roadmap. Instead of waiting for vendors to develop features they need, they can build solutions in-house or work directly with partners to create exactly what serves their campus best.

"This agnostic idea can be lifted and transplanted into just about any process where you want to standardize integrations,” Augustine adds. "The approach scales beyond access control to any scenario where institutions want to maintain control over data flows while working with multiple technology partners.

Arizona's success doesn't signal the death of traditional vendor relationships, but instead, it points toward an evolution in how institutions and technology companies work together. As Harting puts it: "We're looking for partners to help with the vision and shape the future."

The vision is spreading as more institutions are beginning to ask themselves a fundamental question: when you have the technical capability and strategic vision, why wait for others to build what you need?

The answer, increasingly, is that they won't wait. Arizona proved it's possible to maintain vendor partnerships while controlling its technological destiny. Others are already following their lead. The industry is listening, and the conversation about institutional autonomy versus vendor dependency will continue to evolve.