Who Are You?

  • By Ajay Jain
  • Sep 02, 2009

Airports exhibit one of the most complicated scenarios to administer restricted-area access control, identity verification and issuance of an access credential. Various airline employees, vendors, third-party contractors and tenants need to be authenticated at all times, and their physical access rights must be controlled and managed dynamically based upon their role and policies affecting their access. But in many airports, security operations feature siloed access control systems and disjointed processes used to manage employee credentials for facility access.

Additionally, IT systems that issue transportation authority clearance, such as the Transportation Security Authority or Canadian Air Transport Security Authority, are all managed independently, often by different departments.

As a result, many physical identity and access management operations are handled manually, leading to costly human errors, ad-hoc cardholder credentialing, multiple ghost/orphan accounts, and long on- and off-boarding times.

Beyond these obvious inefficiencies, new compliance mandates are driving an entirely new level of security challenges within the airport infrastructure: Homeland Security Presidential Directive 12 mandates that all TSA employees and contractors authenticate themselves using two fingerprints and a smart card. Identities need to be checked against no-fl y lists on a regular basis. And transportation authority clearance needs to be monitored in real time.

Real Challenges

Because of the inefficient means by which identities and access to the restricted areas are managed, airport security practitioners are faced with a litany of issues on a regular basis.

  • A large number of transitory and/or contingent workers across airport staff, tenants and third parties need to be managed on a real-time basis
  • Inconsistent badging processes and operations, resulting in long processing times and erroneous area access rights
  • Constant facilities expansion, adding new layers of complexity regarding area access, related technologies and security infrastructure
  • A lack of overall visibility into airport identity and access operations, resulting in poor reporting and potential compliance issues.

For example, because so much of the airport staff is made up of contingent workers, making sure that their identities are well-managed and their access rights are current and appropriate based upon policies are continual challenges. If a third-party repair technician is fired, how can you make sure that their physical access rights are immediately removed, thus eliminating a potential security risk?

Single Identity Across the Entire Airport

Some airport organizations have begun to see the value in an integrated approach to physical identity and access management. By connecting disjointed and manual processes with their biometric and physical access control systems, security practitioners can create a single notion of identity across the entire airport, along with a policy paradigm for credential issuance and granting access to the airport facilities. This single notion of identity can be managed simply, effectively and securely, from the first day of employment to the last.

Quantum Secure's SAFE suite of products addresses this problem by providing a supervisory management system to transform and automate manual workfl ows and processes, enabling airport authorities to manage enrollment, credential issuance, do background checks, and credential expiry and facility access of users and groups. SAFE is a commercial off-the-shelf solution that, through an automated, role-based, policy-based access control mechanism, offers an integrated enrollment, access provisioning and badging engine along with a framework to integrate siloed systems and processes.

The SAFE enrollment engine authenticates and verifies identities and digital certificates, captures biometric images, issues a credential, binds the relevant biographical and biometric data with the card, and provisions the identity for facility access in the PACS—all in one connected process.

Conversely, identity expiration policies ensure that the card is automatically expired based on defined trigger points, including training, termination, insurance updates and governmental agency requirements.

A Real-world Example

One organization that is realizing dynamic returns by automating key processes related to identity management is the Toronto Pearson International Airport. Toronto Pearson, under governance by the Greater Toronto Airports Authority, handles 30 million passengers per year, employs more than 33,000 people and is an important economic engine for the area.

The airport's Pass/Permit Control Office, which issues restricted area identification and access control cards and passes for employees, serves an average of 175 clients per day and more than 45,000 employees and contractors each year.

Because every employee of every airline, shop, food vendor, contractor and consultant working at Toronto Pearson— as well as airport employees themselves— must be processed by the PPCO, this function is critical for the economic vitality, operation and security of the airport. Toronto Pearson needed a system that could keep up with demand, ensuring that staff started work in a timely fashion while maintaining high levels of customer satisfaction.

The SAFE suite of software enabled Toronto Pearson to incorporate existing, fragmented physical security processes and systems into its larger IT infrastructure, automating many of the previously physical, labor-intensive tasks of credentialing employees. It also made the applications more userfriendly, with better customer service, while leveraging the productivity opportunities available from the technology infrastructure.

Based on these preliminary results, the airport expects it will meet the goals of reducing average cost per customer from $49 to $35, average wait times from 560 minutes to 20 minutes and average service time by 50 minutes.

Greater Visibility, Strong ROI

By bringing together disparate systems and automating key processes and policies, security practitioners can quickly instill best practices and realize a strong ROI.

Manual, error-prone processes regarding the on-boarding of new identities can now take minutes, instead of days. An automated enrollment process can transform paper-based identity proofing and application process to an electronic and rules-based process for managing the on-/off-boarding of identities into and from the organization. Access to restricted areas can quickly be granted via automated policies and approvals. And the termination of a person is immediately pushed out to the physical access control systems.

At the same time, real-time reporting allows for greater visibility into all facets of airport security operations. To better manage that airside vehicle operator, an automated policy can be created that links access to driving privileges, allowing for the removal of airside access while penalties are enforced and other remediation activities occur.

Automated audit and compliance reporting allows for systematic checks and balances throughout the entire identity lifecycle management—on-boarding, change management and off-boarding. All anomalies and alarms related to failure in compliance are caught in real time, which activate automated policies for corrective action.

An integrated document management system allows for the centralized storage of enrollment applications, valid credentials, biographic and biometric information—including driver's license and passport data—I-9 information, photo and other related documents in an electronic format are always available with a click of a button.

And because a smart software solution integrates directly with the existing airport security infrastructure, there is no need for a complete rip and replace strategy. The SAFE suite of software includes integration agents that receive and push relevant information to all leading PACS, allowing a disparate environment of security systems to act as a single unit.

From a functionality standpoint, the various modules can be added independently, allowing airport security practitioners to grow and evolve their system based on their unique needs. For example, if badging and credential management is paramount, a module exists to streamline that function within the organization. If document management is a particular pain point, a module exists to digitize and bind key documents to an identity, storing approval forms, I-9 information and other related information in a centralized electronic system.

About the Author

Ajay Jain is president and CEO of Vector Flow, Inc.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.