Adverse incidents and terrorist threats within the commercial aviation industry over the last several years have enhanced the threat to airport security all over the world. Who goes in and out of restricted areas and how those areas are managed have become recent topics of conversation at forums such as AAAE, BASIC, the TSA and CATSA -- not to mention amongst airport security practitioners as well. Airports represent one of the most complicated scenarios in which to administer restricted-area access control and identity verification.
The Quantum Secure SAFE Airport Identity & Access Management solution offers specific ways to mitigate such risks and cut down the cost of operations by streamlining and automating key security processes and policies.
1. End to end Identity Proofing, Credentialing and Badging at the airport environment
Identity & Access Management at the Airports (or Seaports, Air Force Bases, etc.) is a complicated, expensive and manual process amidst a regularly changing workforce. The risks associated with un-badged people at the airports are tremendous. There are literally thousands of workers and hundreds of employers employing full time and contingent staff to which an Airport authenticates and issues credentials and gives access to facilities. The badging office is always challenged by long processing time, lack of continuous audit of all outstanding badges reconciled back to the roles, employment status and approvals for the underlying holder of such badges, and labor intensive erroneous manual processes across various domains. Quantum Secure’s SAFE Airport Identity & Access Management solution streamlines and optimizes all related processes by integrating to various systems and by creating a policy based workflow governed by intelligent set of rules. In many cases, after implementing SAFE, airports have witnessed a decrease of over 30% in cost of processing a badge in the first year with wait times reduced by over 95% and service time reduced by 66%. Compliance was achieved in real time with an automated ability to reconcile all outstanding badges with roles and policies defined for each user group. Some of the specific processes include:
· Web based pre-enrollment process for all identities to be on-boarded
· Enrollment and Final Eligibility Determination
· Identity Authentication and Verification including Background Check process
o Government vetting interface
o 1:n, n:n Biometric duplicate check and capture
o Biometric authentication payload issuance
o PKI Certificate management including root Certificate Authority (through partner)
o Credential Revocation List management and distribution
o Real-time interfaces with Physical Access Control Systems
· Credential Issuance, Badge printing
· Compliance
o Real-time and continuous audit of physical access privileges granted to an identity
o Mandatory company / employee audits reconciled with PACS
o Real-time credential usage reports and suspicious activity detection
o Issuance of infraction tickets based upon policies and rules
o Restricted area access management, eg. Airside Access Management and issuance of permit based upon specific eligibility requirements
· Identity Life Cycle Management
2. Management of Employers & Employee Status in a single Web Framework
Airports depict a very complicated scenario to manage workers and contingent staff and their employers. They have thousands of workers (ranging from local police, fire and rescue personnel, airline crews, federal officials, concession services, restaurant and shop employees, etc.) and literally hundreds of employers ranging from airlines to catering services to repair companies to shop owners, and all other intermodal operators. SAFE provides them a COTS (commercially off the shelf system) solution to manage airport / employer / employee relationship in a dynamic setting. Generally airports manage these processes manually or have a custom legacy system with limited functionality. SAFE Airport IAM suite manages the on and off boarding processes of staff and employers in a policy based framework resulting in a low operating cost of ownership with highest flexibility to introduce rules and workflows across multiple systems and domains.
3. Integration & Interoperability of Physical Security & Other IT Systems in a Policy Framework
The majority of today’s airports have disparate systems and applications that manage and process employee credentials for facility access. From enrollment of an identity, its credentialing process, its regular lifecycle management process and its revocation or end-of-life management are all done in silos of applications and systems. SAFE integrates with and homogenizes all such applications into a common policy and workflow paradigm, cutting down on cost of operations and manual processes tremendously. Some of the specific systems SAFE integrates with and creates seamless workflows and processes are:
· Physical Access Control Systems (PACS) – All brands
· Airport Authority Fleet Management System
· TSA / CATSA or Other Govt. Transportation Security Systems
· Electronic Filing System
· AAAE’s BASIC or ACIS Interface
· Biometric Systems – all brands
· Local LDAPs or Directory Systems
· Airport Building Management System
· FBI & Government Database interface
· Airport Incident Management System
· Parking Management System
· Vendor Profile Management System
· Metal Key Management System
· Card Management System (CMS) – all brands
· Other Middleware systems specific to the Airports
4. Compliance Management
Compliance related to industry security directives for Identity & Access Management at the airports. For example, mandatory employer/employee audit reconciliation with Physical Access Control Systems, real-time access level audit and security threat assessments based upon Identity proofing and badging operations, compliance with TSA’s new Security Directive (1542-04-08F), etc. SAFE reports compliance issues in real time and take corrective actions based upon intelligent policies and rules deployed.
5. Workflows, Rules, Policies and Process Creation
SAFE Policy engine makes it a very simple and non programming task to create ‘on the fly’ workflows and policies / processes across heterogeneous applications, systems and devices, from a single web console. SAFE comes with lots of pre-canned policies (as best practices) meant for an Airport environment. SAFE Policy engine uses Visio to draw workflows / policies and automatically translates the visual drawing into programming instructions for underlying sub systems. For example, a security administrator can easily create a following fully functional workflow in no time:- Allow an airport worker, belonging to a certain group, to access airside vehicle area (specific doors), only during the worker’s active shift hours and only if the worker’s employer has an appropriate insurance coverage for that worker to access the airside vehicle area. If the insurance is not appropriate, then deactivate the worker’s access and alert the employer and the airport security about the same via email. Here, SAFE system would integrate with several security and IT sub systems to make this workflow constructed. Once deployed, this workflow will check things in real time in the background to detect exceptions and alerts removing all manual intervention and subjectivity from the process. Also, the Airport will always be in compliance to its own set of policies and directives.
The SAFE Airport IAM Suite Consists of:
· Policy and Integration Engine which allows you to quickly automate key security policies and processes
· Enrollment Engine which provides the ability to seamlessly enroll an identity into the central physical identity management system and all the backend PACS
· Web Badging helps in creating and managing card templates for personalization for various airport groups
· Compliance Regulator that ensures all transactions are logged and monitored in real time
· Reporting Engine provides detailed reports covering operational and management information
· Integrated Document Management
o Incorporate documents into policies to ensure that the right form or signoff sheet is included as part of your automated process
o Store thousands of records and data to ensure compliance with local, state and federal mandates
o Create a more environmentally efficient operation by removing the need for hardcopy documentation