Airports today serve billions of passengers every year. To make sure everything runs smoothly—and securely—for each traveler, airports employ thousands of workers, including airline personnel, vendors, tenants, ground transportation and third-party contractors. To manage the risk of potential insider and outsider threats, as well as ensure operational efficiency, each of those employees must be accurately credentialed in line with federal and airport-specific regulations.
Managing these credentials involves numerous workflows which, when processed manually, can be time-consuming and introduce an element of human error, particularly when copying data across multiple systems that aren’t synchronized. In addition to this, airports are facing increasing pressure to comply with regulatory standards, both internally and externally mandated, designed to increase security. These standards often require proof of compliance via arduous audits, and are prone to regular updates, making it difficult for airports to keep on top of changing requirements.
Identity management solutions (IDMSs) enable airport security teams to more securely and efficiently manage the identity credentials of their workforce, including airport staff and the staff of airport customers, such as vendors, contractors and airlines.
1. Airports are a prime target for physical threat actors wanting to cause maximum damage and disruption to as many people as possible. Consequences of a successful breach can cause physical harm to staff and passengers, loss of reputation, and long-term economic decline caused by a reduction in tourism.
2. Airports must comply with federal and airport-specific regulations, such as those issued by the Transportation Security Administration (TSA), to ensure the security of their staff and their passengers.
3. Ensuring compliance lies in vetting and auditing physical user access within the airport environment, requiring effective identity management processes and technologies.
The Challenge: Identity Management Within The Aviation Industry
There are five main challenges when it comes to identity management in airports: ensuring security, maintaining compliance, overcoming cumbersome operational workflows, gathering and processing data, and integrating physical infrastructures with digital technologies.
Airports are high risk locations, and it is absolutely critical that all security decisions are made with the utmost consideration.
When it comes to securing physical identity and access, it is crucial that airports have a clear insight into who is doing what within their physical environment, and where those people should be. A robust identity management solution enables airports to detect any unexpected behaviors among their customers—including airlines, vendors and contractors—so that they can identify and remediate potential threats. To do this, they provide airports with a single destination from which they can manage the workflows and processes required to operate securely and ensure compliance with regulations such as the TSA guidelines.
Without this technology in place, airports must manage each process manually, opening up the possibility for human error, which can lead to critical mistakes.
In recent years, organizations across all sectors have faced increasing pressure to operate in line with compliance regulations designed to protect those organizations and their customers. And the aviation industry is no exception; the primary concern of airports is to comply with federal and airport-specific regulations to ensure the security of their staff and their passengers.
Identity management is a huge factor when it comes to compliance with many of these regulatory bodies, because it concerns sensitive personal data that could cause individuals harm if accessed by the wrong person.
An example of this can been seen in America, where airports must comply with guidelines issued by the Transportation Security Administration (TSA), an agency of the U.S. Department of Homeland Security that authorizes the security of public travel within the United States. According to requirement § 1542.207, airports must implement measures for controlling entry to secured areas of the airport. This means ensuring that only individuals authorized to have unescorted access to secured areas can gain entry and that individuals’ entry is immediately denied when their access authority is withdrawn. It also involves providing a means to differentiate between individuals authorized access to an entire secured area vs part of that area. Additionally, airports must carry out fingerprint-based criminal history record checks and security threat assessment on all employees that are to be granted unescorted access to a secured area (§ 1542.209), and audit their personnel identification system at least once a year (§ 1542.211).
In order to prove compliance, airports must produce reports or audits that outline the steps they’re taking to ensure the security of that data, such as the documentation of policies they’ve implemented and how those policies are being enforced. When undertaken manually, producing these reports is extremely time consuming, and it can be easy for someone to make an error when copying data into the report.
A strong identity management solution can help by tracking all event and decisions related to policies or exceptions—thus compiling evidence of adherence to enforced policies—and by enabling system admins to schedule the automatic creation of such reports in line with compliance guidelines. But they also allow admins to generate reports in real-time, as they’re needed. This reduces the risks associated with paper-based, error-prone audit documentation, as well as saving time that security personnel could be spending on proactive risk management and threat detection.
Overcoming Cumbersome Operational Workflows
When granting or deprovisioning access, airports often have a number of different identity lifecycle workflows to use, depending on the access requirements of each individual. This is because of the diversity of personnel that are working within the airport environment; from airline staff, to border control officers; from ground transportation to retailers. Some of these core workflows include managing events across the full identity lifecycle, access reviews to maintain compliance with internal or external regulations, watch lists and background checks (e.g., FBI Rap Back), and ad-hoc temporary access requests.
There are a few stages to these workflows, including data collections, taking biometric scans for each employee, verifying them and distributing access credentials. And managing each of these manually intensive steps is extremely cumbersome.
However, tested security technologies offer a solution to this problem. With a dedicated, modern IDMS solution designed to provision physical access, airports can eliminate redundant steps from their workflows and automate others, such as data entry, auditing and the capture of biometric information. This enables them to provision access permissions much more quickly, improving security as well as employee experience.
Airports handle the identity records of a highly diverse population of employees, including:
- Vendor employees, such as hospitality and retail staff
- Partner employees, such as security staff
- Contractors, such as maintenance staff
- Visitors, such as system integrators
Identity records and attributes are often stored across different systems based on the type of identity, employee, partner, contractor, customer, visitor, and existing workflows. This makes it particularly difficult to keep all associated systems in synchronization and up to date with status changes for employees and extended identities alike. Modern IDMS integrate with an airport’s employee directory or similar third-party systems, enabling them to easily onboard new employees and adjust access when needed.
Request A Demo Of HID Safe
Request A Demo
How To Improve Identity Management Standards
We recommend that airports implement a single, holistic identity management solution to address the challenges outlined above and future needs as they arise. A strong IDMS offers identity and access management, badging and credentialing, maintenance and auditing tools, usage analytics, and compliance reporting; implementing such a solution will enable you to access the following benefits:
1. Comply With Regulatory Mandates (And Prove Compliance)
Security compliance is one of the primary concerns airports currently face. In order to prove compliance with regulations such as those mandated by the TSA, airports must adhere to stringent auditing processes and produce reports that can attest to their adherence. Carrying out these audits and producing the correct reports is a cumbersome process when undertaken manually, and the use of paper documentation leaves a lot of room for human error.
Implementing an IDMS solution can dramatically reduce the time taken to complete an audit cycle, minimizing the resource that an airport needs to dedicate to proving compliance and reducing the risk of legal repercussions, such as fines. It also enables airports to generate reports into the status of their physical access security in real-time on demand, ensuring that they’re continuously working with the most up-to-date vulnerability data.
2. Increase Identity Workflow Efficiency With Automation
Identity management software enables airports to manage their identity workflows and process their credentialling data much more efficiently by introducing automation and powerful integrations. Automated workflows, auditing, onboarding and offboarding ensure more accurate data entry that scales as the organization grows. This helps make each process in the credentialling lifecycle run more smoothly and accurately, mitigating error and improving the experience of customers to the airport by capturing their information more effectively.
3. Implement Card-Based Smart Credentialling
In secure areas, airport staff and the staff of airport customers, such as vendors and contractors, are required to display ID badges at all times. Smart cards are a highly secure method of authentication that contain identity credentials that link back to a system meant to govern permissions and access requests and can have pertinent information and graphical elements printed onto the card to address display badge requirements.
Implementing an identity management solution ties all the various identity lifecycle processes together—issuance, usage, changes, and revocation. Integrations with document scanning, eSignature and card encoding technologies help minimize the time spent processing ID credentials, while mitigating the risk of data being copied across systems incorrectly. Some IDMSs also offer integrations with biometric capture devices to enable an added layer of access authentication in the form of fingerprint or iris scanning.
The Solution: HID SAFE for Aviation
HID is a market-leading provider of identity solutions for physical and logical (digital) access management. HID SAFE for Aviation is an identity management solution designed to integrate with an airport’s existing security infrastructure to enable admins to secure and manage staff access within the airport environment. To achieve this, SAFE offers an integrated identity management, access orchestration, badging and credentialing, and a flexible policy engine, as well as value-added capabilities around reporting, compliance, audit, attestation, infraction management, asset management, tracking of payments and training, and analytics. Combined, these features help airports reduce security risks that stem from unauthorized access, meet compliance requirements, and reduce associated costs by standardizing and centralizing identity and access management workflows then automating the myriad manual processes required to secure the physical domain.
Intelligent Badging Station
The Badging Station supports the use of a variety of peripherals, including:
- Cameras and biometric capture devices
- Specialized document scanners that input information into the IDMS for more efficient verification of physical ID cards, licenses and passports
- Credential printers with optional smart card encoders
- Touchscreen devices and electronic signature for quicker, electronic-based onboarding and administrative workflows, like document signing or signature validation
Audit Automation And Regulatory Compliance
HID SAFE for Aviation enables security teams to schedule and fully automate regular employee access audits in line with compliance regulations including TSA, SEA, Sarbanes-Oxley, ISO-2700 and FIPS. This ensures that only authorized current employees have active credentials—the credentials of terminated or unauthorized individuals are deactivated, mitigating the risk of unauthorized access.
The built-in reporting wizard enables admins to generate pre-configured and tailored reports to streamline the auditing process, and authorized signatories can directly submit audit results to SAFE, helping to improve workflow efficiency.
With HID’s solution, admins can automate tasks that their security and operational teams would previously have had to undertake manually, such as entering identity information, issuing access credentials, and managing user privileges. This enables security and operations staff to spend their time on meaningful management, analytics and threat detection, rather than tedious administration. It also reduces costs by increasing the efficiency of each workflow.
HID SAFE for Aviation offers powerful integrations with existing physical and IT infrastructure, improving efficiency and mitigating human error by eliminating the need to copy information between various databases.
Typical connected systems include:
- Live scanning technology, such as CHRC fingerprinting
- Biometric access controls, such as biometrically controlled doors and gates
- Computer-based security training
- Designated Aviation Channelers (DAC) for automated background checks
- Physical Access Control Systems (PACS)
- Other operational systems, including HR, finance, and event management systems
Request A Demo of HID SAFE
Request A Demo
One IDMS tying together the many disparate systems needed to secure the physical domain gives airports the right tools to properly administer physical access and comply with regulations. This means spending less time on tedious administrative tasks and more time providing the most secure, efficient experience to both their staff and customers.
Legacy systems come with a lot of baggage that can weigh your security and compliance efforts down. Implementing a comprehensive IDMS like HID SAFE can give you a start towards creating a secure, operationally efficient environment.
HID is a market-leading provider of identity security solutions for physical and logical (digital) asset authentication. An independent brand of Swedish door and access control provider ASSA ABLOY, HID manufactures and sells a variety of physical and logical access control solutions, as well as secure issuance products to accompany those solutions. These include smart cards, card readers, card printers and encoders, cloud services, IoT identification technologies, and identity and access management software.
From their headquarters in Texas and worldwide international offices, HID work with organizations in over 100 countries across a number of verticals, including government, education, finance and aviation, helping them to implement trusted physical and virtual environments founded on seamless, secure access.