Who Are You?

Airports exhibit one of the most complicated scenarios to administer restricted-area access control, identity verification and issuance of an access credential. Various airline employees, vendors, third-party contractors and tenants need to be authenticated at all times, and their physical access rights must be controlled and managed dynamically based upon their role and policies affecting their access. But in many airports, security operations feature siloed access control systems and disjointed processes used to manage employee credentials for facility access.

Additionally, IT systems that issue transportation authority clearance, such as the Transportation Security Authority or Canadian Air Transport Security Authority, are all managed independently, often by different departments.

As a result, many physical identity and access management operations are handled manually, leading to costly human errors, ad-hoc cardholder credentialing, multiple ghost/orphan accounts, and long on- and off-boarding times.

Beyond these obvious inefficiencies, new compliance mandates are driving an entirely new level of security challenges within the airport infrastructure: Homeland Security Presidential Directive 12 mandates that all TSA employees and contractors authenticate themselves using two fingerprints and a smart card. Identities need to be checked against no-fl y lists on a regular basis. And transportation authority clearance needs to be monitored in real time.

Real Challenges

Because of the inefficient means by which identities and access to the restricted areas are managed, airport security practitioners are faced with a litany of issues on a regular basis.

  • A large number of transitory and/or contingent workers across airport staff, tenants and third parties need to be managed on a real-time basis
  • Inconsistent badging processes and operations, resulting in long processing times and erroneous area access rights
  • Constant facilities expansion, adding new layers of complexity regarding area access, related technologies and security infrastructure
  • A lack of overall visibility into airport identity and access operations, resulting in poor reporting and potential compliance issues.

For example, because so much of the airport staff is made up of contingent workers, making sure that their identities are well-managed and their access rights are current and appropriate based upon policies are continual challenges. If a third-party repair technician is fired, how can you make sure that their physical access rights are immediately removed, thus eliminating a potential security risk?

Single Identity Across the Entire Airport

Some airport organizations have begun to see the value in an integrated approach to physical identity and access management. By connecting disjointed and manual processes with their biometric and physical access control systems, security practitioners can create a single notion of identity across the entire airport, along with a policy paradigm for credential issuance and granting access to the airport facilities. This single notion of identity can be managed simply, effectively and securely, from the first day of employment to the last.

Quantum Secure's SAFE suite of products addresses this problem by providing a supervisory management system to transform and automate manual workfl ows and processes, enabling airport authorities to manage enrollment, credential issuance, do background checks, and credential expiry and facility access of users and groups. SAFE is a commercial off-the-shelf solution that, through an automated, role-based, policy-based access control mechanism, offers an integrated enrollment, access provisioning and badging engine along with a framework to integrate siloed systems and processes.

The SAFE enrollment engine authenticates and verifies identities and digital certificates, captures biometric images, issues a credential, binds the relevant biographical and biometric data with the card, and provisions the identity for facility access in the PACS—all in one connected process.

Conversely, identity expiration policies ensure that the card is automatically expired based on defined trigger points, including training, termination, insurance updates and governmental agency requirements.

A Real-world Example

One organization that is realizing dynamic returns by automating key processes related to identity management is the Toronto Pearson International Airport. Toronto Pearson, under governance by the Greater Toronto Airports Authority, handles 30 million passengers per year, employs more than 33,000 people and is an important economic engine for the area.

The airport's Pass/Permit Control Office, which issues restricted area identification and access control cards and passes for employees, serves an average of 175 clients per day and more than 45,000 employees and contractors each year.

Because every employee of every airline, shop, food vendor, contractor and consultant working at Toronto Pearson— as well as airport employees themselves— must be processed by the PPCO, this function is critical for the economic vitality, operation and security of the airport. Toronto Pearson needed a system that could keep up with demand, ensuring that staff started work in a timely fashion while maintaining high levels of customer satisfaction.

The SAFE suite of software enabled Toronto Pearson to incorporate existing, fragmented physical security processes and systems into its larger IT infrastructure, automating many of the previously physical, labor-intensive tasks of credentialing employees. It also made the applications more userfriendly, with better customer service, while leveraging the productivity opportunities available from the technology infrastructure.

Based on these preliminary results, the airport expects it will meet the goals of reducing average cost per customer from $49 to $35, average wait times from 560 minutes to 20 minutes and average service time by 50 minutes.

Greater Visibility, Strong ROI

By bringing together disparate systems and automating key processes and policies, security practitioners can quickly instill best practices and realize a strong ROI.

Manual, error-prone processes regarding the on-boarding of new identities can now take minutes, instead of days. An automated enrollment process can transform paper-based identity proofing and application process to an electronic and rules-based process for managing the on-/off-boarding of identities into and from the organization. Access to restricted areas can quickly be granted via automated policies and approvals. And the termination of a person is immediately pushed out to the physical access control systems.

At the same time, real-time reporting allows for greater visibility into all facets of airport security operations. To better manage that airside vehicle operator, an automated policy can be created that links access to driving privileges, allowing for the removal of airside access while penalties are enforced and other remediation activities occur.

Automated audit and compliance reporting allows for systematic checks and balances throughout the entire identity lifecycle management—on-boarding, change management and off-boarding. All anomalies and alarms related to failure in compliance are caught in real time, which activate automated policies for corrective action.

An integrated document management system allows for the centralized storage of enrollment applications, valid credentials, biographic and biometric information—including driver's license and passport data—I-9 information, photo and other related documents in an electronic format are always available with a click of a button.

And because a smart software solution integrates directly with the existing airport security infrastructure, there is no need for a complete rip and replace strategy. The SAFE suite of software includes integration agents that receive and push relevant information to all leading PACS, allowing a disparate environment of security systems to act as a single unit.

From a functionality standpoint, the various modules can be added independently, allowing airport security practitioners to grow and evolve their system based on their unique needs. For example, if badging and credential management is paramount, a module exists to streamline that function within the organization. If document management is a particular pain point, a module exists to digitize and bind key documents to an identity, storing approval forms, I-9 information and other related information in a centralized electronic system.

About the Author

Ajay Jain is president and CEO of Vector Flow, Inc.


  • Cloud Adoption Gives Way to Hybrid Deployments

    Cloud adoption is growing at an astonishing rate, with Gartner forecasting that worldwide public cloud end-user spending will approach $600 billion by the end of this year—an increase of more than 21% over 2022. McKinsey believes that number could eclipse $1 trillion by the end of the decade, further underscoring the industry’s exponential growth. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • Securing the Future

    In an increasingly turbulent world, chief security officers (CSOs) are facing a multitude of challenges that threaten the stability of businesses worldwide. Read Now

    • Guard Services
  • Security Entrances Move to Center Stage

    Most organizations want to show a friendly face to the public. In today’s world, however, the need to keep people safe and secure has become a prime directive when designing and building facilities of all kinds. Fortunately, there is no need to construct a fortress-like entry that provides that high level of security. Today’s secured entry solutions make it possible to create a welcoming, attractive look and feel at the entry without compromising security. It is for this reason that security entrances have moved to the mainstream. Read Now

Featured Cybersecurity

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3