By their nature, most airports are open to the public. The sheer volume of passengers, employees and delivery personnel that transit a typical major destination airport every day is staggering relative to almost any other venue. And ensuring authorized access to secured areas becomes an even greater challenge when filtering such a large volume of people at dozens of entry points. Compound the volume of people with the potential of gaining access to an aircraft, baggage or tarmac areas, and a whole other set of concerns come into play.
This presents more than just an access control challenge for airport security professionals – it’s a true identity management issue. Without a modern approach to integrating physical access with real-time identity management, keeping track of all of these people and access control badges and devices is an unrealistic security objective, if not an impossible objective to achieve. From a security perspective, it is relatively easy for “bad guys” to exploit the weaknesses of manual processes to gain access to secure areas. A perfect example is the recent security breech at a high profile international airport where a ramp agent was dismissed for gaining access to an airplane, then continued to use his expired and cancelled credentials to access secure areas throughout the airport. Fortunately he was caught and prosecuted – but how many are not?
In fact, the TSA monitors many aspects of credential policies and operations at airports including lost badges. If anomalies are found, penalties can be levied on airports and they may even have to re-badge segments of their worker population which can incur millions in operational costs and cause service disruptions. However, there are identity management solutions available that help mitigate risks and allow airport security management to more efficiently meet TSA and FAA regulations.
Physical identity and access management technology (PIAM) is a proven solution to assist with unifying identity management, integrating disparate physical security systems, automating processes and simplifying control of employees, vendors and other identities at airports. PIAM software allows airports to manage the “life cycle” of identities as they relate to physical access, including synchronized on/off-boarding across all systems harboring an identity record, access profile and zone management, and role-based physical access. These unified software systems can better meet the dual challenge of access control and identity verification by centralizing all identity information across relevant systems while applying rules based conformance.
When applying this concept to an airport environment where identities need to be authenticated on a daily basis and physical access rights need to be controlled and managed dynamically, several strategic safety and security benefits are evident. For instance, when an employee is terminated, the termination process automatically flows through the various areas, ensuring that all aspects of that identity are simultaneously disallowed in the system and all assets such as card, keys, etc. are returned or billed for properly in a timely manner.
Unified PIAM software solutions can seamlessly interface with various systems throughout an airport and can streamline time-consuming and inefficient processes such as issuing ID badges, managing various databases, adding new employees, responding to changing work assignments, and assigning access privileges across multiple physical access control systems. In the airport environment, unified PIAM software can also integrate and embrace specific requirements related to TSA compliance and FAA regulations.
If there are prerequisites for an access control credential, unified PIAM software can track and confirm those requirements (authorization, I9s, security checks, training, etc.). Also contributing to efficiency, use of special document-specific scanners for passports, drivers’ licenses, etc. can store and manage PDF documents and monitor for expiration dates as part of an employer or identity record. Paper file storage is not needed.
The more complications that exists in any system, the harder it is to monitor and understand, and more importantly, respond to anomalous incidents. There are many ways a unified PIAM software solution for airport identity management can uncomplicate the process, boost overall operational efficiency, and lower cost while achieving a higher security level and meeting regulatory requirements.
Unified PIAM software solutions can leverage an existing live scan solution and automatically submit applicants' information for automation of security threat assessment (STA) results and notification of criminal history records checks (CHRC) ready for review. It can also monitor airport workers' STA status in real-time and tie it to activation of an electronic airport badge.
This software also enables operators to set prices for employer interactions for direct billing or regular invoicing of charges such as badging, background checks, penalties, violations, lost assets (keys, cards, etc.), training, etc. Automating these processes can recoup transactions that would not be cost-effective to process manually.
Related to compliance monitoring, PIAM software can generate reports on an as-needed basis (nightly, weekly, monthly and on-demand) in the format required by the Transportation Security Clearinghouse and other channel service providers. It can also provide real-time auditing capabilities, eliminating the need for manual audits. Another benefit is that changing systems, processes, and directives can be easily adapted in a software environment. Previous investment in business policies and operations is not lost if a system changes.
Software can replace off-line, non-automated processes, which are also not scalable and do not enable the automated compilation of information. These solutions can solve various airport pain-points and combine the needed elements of low cost, customer service, and security/compliance. Off-the-shelf software solutions can streamline and automate each airport’s operational processes.
Standardization reduces complexity. Reduced complexity allows for better control, better information, and faster response times. By applying tools that can streamline workflows, automate processes and integrate disparate systems, we can reduce insider risks associated with manual, error-prone systems and practices, provide an environment for 100 percent compliance, increase operational efficiencies, and reduce costs.
With a unified PIAM software solution in place, multiple software systems can be managed through a single web-based database, and provide a holistic approach that combines global identity with compliance and risk assessment. Benefits include greater efficiency, lower costs, and proactive management of regulatory compliance – and safer airports for everyone.
About the Author:
Andy Kuchel is the VP Business Development for Quantum Secure.
