In a nutshell, these were the challenges facing Toronto Pearson International Airport, as outlined by Andre Romanovskiy, senior manager, security and privacy services, for Deloitte, during a May 7 webinar hosted by Quantum Secure. The Greater Toronto Airports Authority (GTAA) retained Deloitte to address the intertwined business and security issues at Toronto Pearson.
Toronto Pearson handles more than 30 million passengers annually. The airport's Pass/Permit Control Office (PPCO) manages the physical access control for the 33,000 employees of the tenants based at Toronto Pearson--from airline service and maintenance companies to concourse retailers--as well as contractors. The office issues and manages Restricted Area Identification Cards (RAICs), keycards, parking permits, vehicle markers, and Airside Vehicle Operator's Permits (AVOPs) and provides other administrative services and training. PPCO serves an average of 175 clients per day, and over 43,000 employees and contractors each year.
The Deloitte, GTAA and Toronto Pearson security team identified slow, labor-intensive PPCO processes as contributing to three key challenges for the airport, said Romanovskiy. These were to improve client services; enhance security controls; and create operational efficiencies.
The manual processes were also affecting the airport's ability to adapt to increased business and regulatory changes. For example, the Canadian Air Transport Security Authority (CATSA) issued a regulation about more swiftly terminating badges based on clearance expiration. "The airport had a hard time complying with that given that information was spread across a number of databases," said Romanovskiy.
To address these business challenges, Deloitte and its client determined a solution for Toronto Pearson's PPCO operations would need to incorporate five core abilities:
- Profle management, the ability to store employee profiles for all tenants in a single system;
- Pass/keycard management throughout the life cycle of an identity;
- Interfaces to the airport's three existing PACS systems
to keep them updated and in sync with the keycard management module;
- Connections to external systems and databases, such as
the clearance and background check databases created by CATSA and Transport
Canada;
- Reporting and exceptions, indicating not just security issues but business process exceptions, such as missing or mismatched data, and the ability to handle such notifications as part of an automated workflow.
Automatic workflows
SAFE contains the access rules and policies in its database and uses these to guide PPCO staff through the credentialing process, ensuring the correct access rights are granted based on an employee's pre-defined role. The system automatically queries the appropriate external and internal databases to see confirm that background clearances, training, insurance, etc., are appropriate. If required data is missing, SAFE won't complete the credentialing process.
All this workflow is accomplished at a single workstation, whereas previously, PPCO staff had to walk around the office to log onto different terminals. Staff access to SAFE is also defined by roles, so individual staffers have access only to data they require for their jobs.
For employees coming to the PPCO to request status changes, the system automatically reconfirms required data. The system can also proactively monitor critical data attributes, such as AVOP employer liability insurance and violation tickets issued to vehicle operators. SAFE may then automatically deactivate AVOP passes if an insurance levels dip below a set threshold and are not rectified within a specified time, or if an airside vehicle operator gets too many tickets.
Measurable benefits
The solution took slightly under a year to implement, with a combined Deloitte/Quantum Secure team of five people, plus about five to six Toronto Pearson staffers. Implementation proceeded in phases that included building prototypes reviewing these with business users to ensure the interfaces and functions would meet user needs and expectations, Romanovskiy said. The full system went live earlier this year. After just two months in operation, the system returned these benefits:
- Average cost per customer dropped from $49 to $35, a 28% cost savings;
- Average wait times for initial credentials plummeted from 560 minutes, or more than 10 hours, to 20 minutes, a 96% reduction;
- Average service time for credentials maintenance decreased from 74 minutes to 25 minutes, a 66% reduction.
Maintaining a single source of employee and access rights data makes that information easier to manage and thus tightens security, Romanovskiy said. As necessary, SAFE triggers updates to other airport systems, ensuring data is synchronized among the systems.
With manual processes now automated, PPCO staff has more time to give to other high value activities, such as proactive monitoring, enforcement and planning. Romanovskiy also touted the flexibility of the SAFE solution, noting it can easily accommodate future growth of employees and additions of more IT and/or physical access control systems, inside the airport or out.
# # #
Query: How many databases hold identity data in your organization?
What are your costs, in dollars and time, for managing that data across
those domains? How well integrated are your PACS with those identity
data sources? In a nutshell, these were the challenges facing Toronto Pearson International Airport, as outlined by Andre Romanovskiy, senior manager, security and privacy services, for Deloitte, during a May 7 webinar hosted by Quantum Secure. The Greater Toronto Airports Authority (GTAA) retained Deloitte to address the intertwined business and security issues at Toronto Pearson.
Toronto Pearson handles more than 30 million passengers annually. The airport's Pass/Permit Control Office (PPCO) manages the physical access control for the 33,000 employees of the tenants based at Toronto Pearson--from airline service and maintenance companies to concourse retailers--as well as contractors. The office issues and manages Restricted Area Identification Cards (RAICs), keycards, parking permits, vehicle markers, and Airside Vehicle Operator's Permits (AVOPs) and provides other administrative services and training. PPCO serves an average of 175 clients per day, and over 43,000 employees and contractors each year.
The Deloitte, GTAA and Toronto Pearson security team identified slow, labor-intensive PPCO processes as contributing to three key challenges for the airport, said Romanovskiy. These were to improve client services; enhance security controls; and create operational efficiencies.
The manual processes were also affecting the airport's ability to adapt to increased business and regulatory changes. For example, the Canadian Air Transport Security Authority (CATSA) issued a regulation about more swiftly terminating badges based on clearance expiration. "The airport had a hard time complying with that given that information was spread across a number of databases," said Romanovskiy.
To address these business challenges, Deloitte and its client determined a solution for Toronto Pearson's PPCO operations would need to incorporate five core abilities:
- Profle management, the ability to store employee profiles for all tenants in a single system;
- Pass/keycard management throughout the life cycle of an identity;
- Interfaces to the airport's three existing PACS systems
to keep them updated and in sync with the keycard management module;
- Connections to external systems and databases, such as
the clearance and background check databases created by CATSA and Transport
Canada;
- Reporting and exceptions, indicating not just security issues but business process exceptions, such as missing or mismatched data, and the ability to handle such notifications as part of an automated workflow.
Automatic workflows
SAFE contains the access rules and policies in its database and uses these to guide PPCO staff through the credentialing process, ensuring the correct access rights are granted based on an employee's pre-defined role. The system automatically queries the appropriate external and internal databases to see confirm that background clearances, training, insurance, etc., are appropriate. If required data is missing, SAFE won't complete the credentialing process.
All this workflow is accomplished at a single workstation, whereas previously, PPCO staff had to walk around the office to log onto different terminals. Staff access to SAFE is also defined by roles, so individual staffers have access only to data they require for their jobs.
For employees coming to the PPCO to request status changes, the system automatically reconfirms required data. The system can also proactively monitor critical data attributes, such as AVOP employer liability insurance and violation tickets issued to vehicle operators. SAFE may then automatically deactivate AVOP passes if an insurance levels dip below a set threshold and are not rectified within a specified time, or if an airside vehicle operator gets too many tickets.
Measurable benefits
The solution took slightly under a year to implement, with a combined Deloitte/Quantum Secure team of five people, plus about five to six Toronto Pearson staffers. Implementation proceeded in phases that included building prototypes reviewing these with business users to ensure the interfaces and functions would meet user needs and expectations, Romanovskiy said. The full system went live earlier this year. After just two months in operation, the system returned these benefits:
- Average cost per customer dropped from $49 to $35, a 28% cost savings;
- Average wait times for initial credentials plummeted from 560 minutes, or more than 10 hours, to 20 minutes, a 96% reduction;
- Average service time for credentials maintenance decreased from 74 minutes to 25 minutes, a 66% reduction.
Maintaining a single source of employee and access rights data makes that information easier to manage and thus tightens security, Romanovskiy said. As necessary, SAFE triggers updates to other airport systems, ensuring data is synchronized among the systems.
With manual processes now automated, PPCO staff has more time to give to other high value activities, such as proactive monitoring, enforcement and planning. Romanovskiy also touted the flexibility of the SAFE solution, noting it can easily accommodate future growth of employees and additions of more IT and/or physical access control systems, inside the airport or out.
# # #
Query: How many databases hold identity data in your organization?
What are your costs, in dollars and time, for managing that data across
those domains? How well integrated are your PACS with those identity
data sources? 
Bookmark this on Delicious
Subscribe to our site's news feed
Leave a comment