Who Are You?

Airports exhibit one of the most complicated scenarios to administer restricted-area access control, identity verification and issuance of an access credential. Various airline employees, vendors, third-party contractors and tenants need to be authenticated at all times, and their physical access rights must be controlled and managed dynamically based upon their role and policies affecting their access. But in many airports, security operations feature siloed access control systems and disjointed processes used to manage employee credentials for facility access.

Additionally, IT systems that issue transportation authority clearance, such as the Transportation Security Authority or Canadian Air Transport Security Authority, are all managed independently, often by different departments.

As a result, many physical identity and access management operations are handled manually, leading to costly human errors, ad-hoc cardholder credentialing, multiple ghost/orphan accounts, and long on- and off-boarding times.

Beyond these obvious inefficiencies, new compliance mandates are driving an entirely new level of security challenges within the airport infrastructure: Homeland Security Presidential Directive 12 mandates that all TSA employees and contractors authenticate themselves using two fingerprints and a smart card. Identities need to be checked against no-fl y lists on a regular basis. And transportation authority clearance needs to be monitored in real time.

Real Challenges

Because of the inefficient means by which identities and access to the restricted areas are managed, airport security practitioners are faced with a litany of issues on a regular basis.

  • A large number of transitory and/or contingent workers across airport staff, tenants and third parties need to be managed on a real-time basis
  • Inconsistent badging processes and operations, resulting in long processing times and erroneous area access rights
  • Constant facilities expansion, adding new layers of complexity regarding area access, related technologies and security infrastructure
  • A lack of overall visibility into airport identity and access operations, resulting in poor reporting and potential compliance issues.

For example, because so much of the airport staff is made up of contingent workers, making sure that their identities are well-managed and their access rights are current and appropriate based upon policies are continual challenges. If a third-party repair technician is fired, how can you make sure that their physical access rights are immediately removed, thus eliminating a potential security risk?

Single Identity Across the Entire Airport

Some airport organizations have begun to see the value in an integrated approach to physical identity and access management. By connecting disjointed and manual processes with their biometric and physical access control systems, security practitioners can create a single notion of identity across the entire airport, along with a policy paradigm for credential issuance and granting access to the airport facilities. This single notion of identity can be managed simply, effectively and securely, from the first day of employment to the last.

Quantum Secure's SAFE suite of products addresses this problem by providing a supervisory management system to transform and automate manual workfl ows and processes, enabling airport authorities to manage enrollment, credential issuance, do background checks, and credential expiry and facility access of users and groups. SAFE is a commercial off-the-shelf solution that, through an automated, role-based, policy-based access control mechanism, offers an integrated enrollment, access provisioning and badging engine along with a framework to integrate siloed systems and processes.

The SAFE enrollment engine authenticates and verifies identities and digital certificates, captures biometric images, issues a credential, binds the relevant biographical and biometric data with the card, and provisions the identity for facility access in the PACS—all in one connected process.

Conversely, identity expiration policies ensure that the card is automatically expired based on defined trigger points, including training, termination, insurance updates and governmental agency requirements.

A Real-world Example

One organization that is realizing dynamic returns by automating key processes related to identity management is the Toronto Pearson International Airport. Toronto Pearson, under governance by the Greater Toronto Airports Authority, handles 30 million passengers per year, employs more than 33,000 people and is an important economic engine for the area.

The airport's Pass/Permit Control Office, which issues restricted area identification and access control cards and passes for employees, serves an average of 175 clients per day and more than 45,000 employees and contractors each year.

Because every employee of every airline, shop, food vendor, contractor and consultant working at Toronto Pearson— as well as airport employees themselves— must be processed by the PPCO, this function is critical for the economic vitality, operation and security of the airport. Toronto Pearson needed a system that could keep up with demand, ensuring that staff started work in a timely fashion while maintaining high levels of customer satisfaction.

The SAFE suite of software enabled Toronto Pearson to incorporate existing, fragmented physical security processes and systems into its larger IT infrastructure, automating many of the previously physical, labor-intensive tasks of credentialing employees. It also made the applications more userfriendly, with better customer service, while leveraging the productivity opportunities available from the technology infrastructure.

Based on these preliminary results, the airport expects it will meet the goals of reducing average cost per customer from $49 to $35, average wait times from 560 minutes to 20 minutes and average service time by 50 minutes.

Greater Visibility, Strong ROI

By bringing together disparate systems and automating key processes and policies, security practitioners can quickly instill best practices and realize a strong ROI.

Manual, error-prone processes regarding the on-boarding of new identities can now take minutes, instead of days. An automated enrollment process can transform paper-based identity proofing and application process to an electronic and rules-based process for managing the on-/off-boarding of identities into and from the organization. Access to restricted areas can quickly be granted via automated policies and approvals. And the termination of a person is immediately pushed out to the physical access control systems.

At the same time, real-time reporting allows for greater visibility into all facets of airport security operations. To better manage that airside vehicle operator, an automated policy can be created that links access to driving privileges, allowing for the removal of airside access while penalties are enforced and other remediation activities occur.

Automated audit and compliance reporting allows for systematic checks and balances throughout the entire identity lifecycle management—on-boarding, change management and off-boarding. All anomalies and alarms related to failure in compliance are caught in real time, which activate automated policies for corrective action.

An integrated document management system allows for the centralized storage of enrollment applications, valid credentials, biographic and biometric information—including driver's license and passport data—I-9 information, photo and other related documents in an electronic format are always available with a click of a button.

And because a smart software solution integrates directly with the existing airport security infrastructure, there is no need for a complete rip and replace strategy. The SAFE suite of software includes integration agents that receive and push relevant information to all leading PACS, allowing a disparate environment of security systems to act as a single unit.

From a functionality standpoint, the various modules can be added independently, allowing airport security practitioners to grow and evolve their system based on their unique needs. For example, if badging and credential management is paramount, a module exists to streamline that function within the organization. If document management is a particular pain point, a module exists to digitize and bind key documents to an identity, storing approval forms, I-9 information and other related information in a centralized electronic system.

About the Author

Ajay Jain is president and CEO of Vector Flow, Inc.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3