By their nature, airports are one of the most challenging types of sites to protect - large facilities with many entrances and exits, along with a steady stream of travelers, airport staff, vendor employees, security personnel and law enforcement passing through at all hours of the day and night. Identity management is difficult; the multi-faceted programs employed at airports are often performed manually, making them time-consuming, highly susceptible to error and difficult to access on the enterprise level. Not only does this have a negative impact on security, but also these inefficient and potentially ineffective processes can make it difficult for airports to attract and keep businesses ranging from airlines to on-site vendors.
All individuals employed by or at airports require some sort of badge to enter secure areas, and different types of badges authorize different levels of access. For example, an airport restaurant employee has no business entering baggage handling areas, so his or her access level should be restricted only to concourses and terminals. Given the large number and variety of credentials that must be issued across the entire airport ecosystem, it’s easy to see why manual processes create such a bottleneck. Still, completing background checks, ensuring access only to appropriate areas and monitoring badge use are vital components of airports’ security programs.
The need for stronger, more effective badging and approval processes burst into public consciousness in late 2014, when authorities broke up a gun-smuggling operation at Atlanta’s Hartsfield-Jackson Airport. An employee used his badge to bring guns into secured areas, where an accomplice would place them on flights to New York.
A number of similar events involving employees of both airlines and third-party contractors placing contraband items on planes occurred in the months following the Atlanta incident, including:
- A ramp agent at the Oakland Airport brought bags of marijuana into secure areas, where nine accomplices handed them to passengers.
- Two security screeners at San Francisco International Airport allegedly took bribes to allow carry-on bags containing methamphetamine to pass through security checkpoints.
- Individuals in San Diego and Dallas-Fort Worth airports used their badges to circumvent security checks to allow cocaine and methamphetamine to be carried onto commercial flights.
Unfortunately, these are just a small sample of similar incidents that occurred in 2015 alone. Following the Atlanta incident, TSA reviewed security practices for airport personnel and made several recommendations, including exhaustive background checks for all employees including contractors. Astonishingly, only the airports in Miami and Orlando are currently doing this, primarily because of the time and cost associated with performing these tasks manually. The report also called for better tracking of badges that allow access to secure areas on the part of TSA and airport contractors. According to a March 2015 report, more than 1,400 employees at Hartsfield-Jackson Airport had their badges lost or stolen over a two-year period.
In light of these realities, the importance of employing more proactive badging measures couldn’t be clearer. However, the time-consuming manual processes this often requires can negatively impact or even disrupt operations for airlines, on-site vendors, contractors and the airport itself. As a result, badges are too often issued after only a cursory background check.
In addition to inefficiencies associated with badge issuance and monitoring, security has traditionally been a reactive process, meaning that by the time airport staff is alerted and determines the appropriate response, the damage from a security event has already been done – as evidenced by the aforementioned incidents. Additionally, abnormalities in credential use often go undetected until the auditing process is completed, which may be weeks or even months after the fact in a manual environment.
One solution airports can employ to overcome these challenges is Physical Identity Access Management (PIAM) software. Capable of being deployed enterprise-wide, today’s most advanced PIAM with predictive analysis capabilities moves security toward a more proactive approach by enabling management to identify abnormalities in behavior and isolate problems quickly, often before they can occur. These solutions bring together formerly disparate systems and assets with extreme levels of effectiveness and cost-efficiency to improve security and automate a number of processes to ensure compliance with the host of rules and regulations that govern security clearance, identification and access for airline employees, vendors and tenants. Many forward-looking airports have already leveraged PIAM solutions with predictive capabilities to improve security and increase productivity by as much as 35 percent.
One example of this is a major U.S. airport that faced tremendous challenges with its manual, labor-intensive and error-prone badging process, which involved numerous people. Compliance auditing alone was a months-long process because of the paper-based systems in place. Adding to these challenges was an outdated access control system, and with an upgrade or replacement anticipated, management knew associated systems would need to be compatible with the new system.
The airport deployed a PIAM solution to automate formerly manual, paper-based processes and improve badging, access approval and auditing. Within a year, the benefits of the system became clear, including a 27 percent increase in productivity over the previous year, as well as a 60 percent reduction in the time required to complete a badge audit. Additionally, the time required to prepare monthly financial reports, a process that previously took approximately a day, dropped to only two hours.
It is evident that PIAM solutions provide airports with better control, more accurate information, faster badging processes and response times, automated compliance management and lower cost. The increased effectiveness and efficiency these capabilities deliver move security and identity management closer to proactive rather than reactive processes. This makes airport environments not only more attractive to business, but also significantly more safe and secure – which is the ultimate bottom line.
