DANIEL DIERMEIER AND EVAN MEAGHER KEL720 San Francisco International Airport and
Quantum Secure’s SAFE for Aviation System:
Making the Business Case for Corporate Security
On January 22, 2008, Assistant Deputy Director of Aviation Security Kim Dickie met with her
team in a conference room at San Francisco International Airport (known by its three-letter airport
code, SFO) to review the challenge facing them.
Steadily rising passenger counts and the increasing launch of service by low-cost carriers such
as Virgin America, Southwest Airlines, and JetBlue Airways had compelled SFO’s Airport
Director John Martin to announce plans to renovate and reopen Terminal 2, shuttered in 2000 upon
the opening of SFO’s new international terminal. The $383 million project would require new
heating and ventilation installations, energy-efficient architectural design, and the construction of
four additional gates, but Dickie was focused on the security infrastructure requirements.1 In
addition, Dickie’s boss, Henry Thompson, the Associate Deputy Airport Director of Safety and
Security, had a mandate to overhaul the security infrastructure of the airport, tightening loopholes
around employees and passenger security, airside operations, badge credentialing, physical identity
and access management, as well as investing in technology, automation, and intelligence to create
a next-generation model airport.
Dickie and her team saw the Terminal 2 reopening as an opportunity to start a much-needed
transition to a long-term airport-wide credentialing and physical identity and access management
(PIAM) system that would meet the growing need of airport risks and comply with regulations
from the Transportation Security Administration (TSA).2 After months of work, she and her team
had selected Quantum Secure’s SAFE for Aviation software suite as the new Terminal 2
credentialing system.
The infrastructure upgrades required by the renovation provided both momentum and initial
support from senior executives, but Dickie still needed to justify a state-of-the-art airport
credentialing system that would address airport security risks while complying with TSA
regulations. Dickie and her team had a small window of opportunity to develop a business case
that would convince senior management to fund the purchase. 1
“SFO Eyes Old Terminal for Expansion,” Oakland Tribune, September 10, 2007; “SFO Airport Awards Contract to Upgrade Old Int’l
Terminal,” Aviation Daily, May 19, 2008.
2
The Transportation Security Administration is the U.S. governmental agency responsible for air travel security. It was created after the
9/11 attacks as part of the U.S. Department of Homeland Security. See http://www.tsa.gov. ©2013 by the Kellogg School of Management at Northwestern University. This case was developed with support from the December
2009 graduates of the Executive MBA Program (EMP-76). This case was prepared by Evan Meagher ’09 under the supervision of
Professor Daniel Diermeier. Cases are developed solely as the basis for class discussion. Cases are not intended to serve as
endorsements, sources of primary data, or illustrations of effective or ineffective management. To order copies or request permission to
reproduce materials, call 800-545-7685 (or 617-783-7600 outside the United States or Canada) or e-mail custserv@hbsp.harvard.edu.
No part of this publication may be reproduced, stored in a retrieval system, used in a spreadsheet, or transmitted in any form or by any
means—electronic, mechanical, photocopying, recording, or otherwise—without the permission of Kellogg Case Publishing.
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyright. Please contact
customerservice@harvardbusiness.org or 800-988-0886 for additional copies. SFO AND QUANTUM SECURE KEL720 Airport Security
Security at SFO posed unique challenges. The most obvious was the more than 100,000
passengers who used the facility’s ticketing and check-in lines, security screens, gates, and
baggage claim every day. Less visible were the thousands of tenants, vendors, airline personnel,
and third-party contractors who needed to be authenticated and whose physical access rights had to
be controlled and managed dynamically based on their role and the airport’s security policies.
Due to the vast array of security threats, managing the identities of these people, their
credentials, and their physical access to facilities, all airports were required to execute missioncritical processes, which included: Conducting background checks for new users and obtaining security clearances for access
to secured locations from the TSA, the Canadian Air Transport Security Authority
(CATSA), or other relevant national transportation security governing bodies; Using the American Association of Airport Executives’ BASIC (Biometric Airport
Security Identification Consortium) messaging integration to communicate with the
Transportation Security Clearinghouse; Identify proofing, enrolling, and issuing badges, which included the management and
storage of related documents, such as a copy of a passport or I-9 form; Creating flexible self-service access rights to allow approved parties to enroll their own
employees and subcontractors and grant them physical access rights prior to their on-site
arrival; Complying with and enforcing new security directives like SD-1542-04-08G, which
governed the security protocols for transient aircraft and after-hours operations, or SD1542-04-08F, which required security threat assessments on a wider range of parties
including pilots, baggage screeners, and other airport employees; Integrating with a broad variety of physical access control systems (PACS), human
resources and information technology systems, and biometric employee databases so as to
generate a common workflow and consistent policies across all systems; Issuing and tracking infractions to verify that violations are detected and penalized, with
penalties escalating with each subsequent violation; and Performing regular identity audits to ensure that the proper people have the proper access
for the proper reasons. In principle, airports could have completed these processes by creating a single notion of a
user’s identity for use across the entire facility and attaching that identity to a set of access rules
overseen by aviation employees and airport tenants. This would have established a unified policy
paradigm that issued credentials, managed rules, and modified or retracted access when the role
was changed or terminated.
In actuality, however, each of these procedures was handled separately, processed manually,
and the results entered into separate databases. This approach led to numerous problems. For
example, there was no routine way to determine if an access card had been successfully
deactivated after the termination of an airport worker, nor was there any way to tell if an airport
worker without the required privileges had access to a restricted area. The databases had different
formats and file types, so they could not communicate with each other or be checked for internal 2
KELLOGG SCHOOL OF MANAGEMENT
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyright. Please contact
customerservice@harvardbusiness.org or 800-988-0886 for additional copies. KEL720 SFO AND QUANTUM SECURE consistency, so updates lagged days or weeks behind actual changes such as terminations. These
challenges were exacerbated by the fact that airport badging operators often lacked understanding
of the strategic importance of following certain protocols and assessing risks. This led to
inefficiencies, delays, and at times, compromised security levels.
The disjointed execution of these processes—which were often conducted out of sequence and
required additional resources for correction—undermined airports’ operational efficiency. (See
Exhibits 1 and 2.) For example, one large international airport took three weeks to register an
employee in the parking, payroll, human resources, and PACS databases. “You’d go stand in this
huge line, and you’d get to the front of the line, and they would say, ‘This isn’t right, come back
Tuesday to fill out new forms,’” said Ajay Jain, president and CEO of Quantum Secure, a provider
of enterprise-wide security software solutions. “The wait was so long that people were starting to
leave and just abandon these job offers, thereby creating heavy strain on airport operations.”3
The challenges did not end once a new employee was registered in the systems—any changes
to access permissions required that a massive spreadsheet be printed and compared to the list used
at an access point to identify any additions, deletions, or modifications. This inefficient, highly
manual, and error-prone process had been the status quo in the physical access control world for
decades, but development of comprehensive software solutions offered the prospect of integrating
and streamlining existing procedures.
Process automation not only promised improved efficiency, speed, and cost, but also improved
compliance that could mitigate potentially serious legal and reputational risks. “When you talk to a
higher-level audience and outline these issues at the CXO level, that audience understands the
limitations there,” Jain said. “They know they’ve got major compliance and risk issues to deal
with, and they’re asking, ‘How do I clean that up? How do I make things accountable?’”4 Quantum Secure and SAFE
Founded in 2005 in San Jose, California, Quantum Secure was a privately held provider of
software-based solutions and platforms for physical identity and access management.
Quantum Secure’s core offering was the SAFE software suite, a commercial off-the-shelf
solution that streamlined the identity management and access provisioning processes for clients
with large facilities that required rigorous physical security and access management procedures.
SAFE for Aviation enabled users to create a single notion of identity across the entire airport that
integrated previously fragmented manual processes as well as biometrics. This integration enabled
security managers to create policies and general procedures for issuing credentials and granting
access to airport facilities.
SAFE’s flexible system architecture and policy/rules-based framework accommodated
changes and additions to rules, workflows, and policies without programming, which meant that
ever-changing regulations and internal initiatives could be easily incorporated without costly
upkeep and development charges. It also addressed “insider threats” by continuously monitoring 3
4 Phone interview with Ajay Jain, February 22, 2011.
Ibid. KELLOGG SCHOOL OF MANAGEMENT
3
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyright. Please contact
customerservice@harvardbusiness.org or 800-988-0886 for additional copies. SFO AND QUANTUM SECURE KEL720 video and marrying it with analytics of access behavior to identify anomalies that could provide
early warning of any potential threats.
SAFE for Aviation integrated directly with the existing airport security infrastructure,
obviating the need for costly replacement of existing security systems, hardware, controllers, and
other products. The software integrated with all leading PACS, training systems, TSA-mandated
background-check processes, and other airport-specific IT systems, allowing disparate security
systems to act as a single unit. (See Exhibits 3 and 4.)
In 2008, Toronto Pearson International Airport deployed the SAFE suite. Based on
preliminary results, the airport expected to meet the following goals:5 Reduce the average cost of processing a badge by 28 percent, from $49 to $35; Cut average wait times by 96 percent, from 560 minutes to 20 minutes; Decrease average service time by 66 percent, from 74 minutes to 25 minutes; and Streamline the credentialing operations with full audit and compliance. Bryan Scott, the Greater Toronto Airports Authority’s senior manager of security
infrastructures, said, “. . . the PPCO [Pass/Permit Control Office] serves an average of 175 clients
per day and more than 45,000 employees and contractors each year for a wide variety of
pass/permit requests. We needed a system that could keep up with this demand, ensuring that
important staff started work in a timely fashion while maintaining high levels of customer
satisfaction.”6 Selecting a Solution
With the announcement that SFO would be renovating Terminal 2 to accommodate increased
demand for gates from discount air carriers, Dickie’s team needed to decide how to solve its PACS
challenges. For decades, SFO had relied on physical access systems—the systems that opened and
closed doors—that were not designed to implement integrated processes, such as policies related
to access grant or revocation, as well as the ability to manage compliance with internal controls.
Although SFO had led the industry with the installation of biometric technology at access
control doors in 1990, “it was very painful,” Dickie said. “We desperately wanted to move away
from legacy manual processing to automating and streamlining our credential issuance process.
We were also thinking to rip and replace our old physical access system at the same time.”7
Although SFO had managed to stave off expensive hardware upgrades for many years, the
evolving demands of physical security had required periodic software upgrades, a marriage of new
and old that was not without occasional problems. The Terminal 2 renovation project therefore
came at an opportune moment for Dickie’s team, as it presented an opportunity to begin a 5 “Quantum Secure Deploys SAFE Software Suite for Toronto Pearson International Airport,” PR Newswire, February 3, 2008,
http://www.prnewswire.com/news-releases/quantum-secure-deploys-safe-software-suite-for-toronto-pearson-international-airport65658767.html.
6
Ibid.
7
Interview with Kim Dickie, March 9, 2011. 4
KELLOGG SCHOOL OF MANAGEMENT
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyright. Please contact
customerservice@harvardbusiness.org or 800-988-0886 for additional copies. KEL720 SFO AND QUANTUM SECURE migration to a new PACS on a newly opened area of the airport that did not yet face the strain of
full everyday usage.8
Dickie first hired a systems integrator that shortlisted several companies and managed the
request for proposal process before ultimately helping the team select a newer PACS for Terminal
2. “We had a situation where we had a 20-year-old access control system in place, and we wanted
to migrate off of it into a new platform, but we had to do it in a phased manner due to bandwidth
constraints,” Dickie said. “Knowing that we were going to have a newer and different PACS
running in Terminal 2 and the older PACS still running everywhere else in the airport, we were
looking for a new badging solution that could interface with both and provide us with a muchneeded identity and credential lifecycle management system—all at once.”9
This requirement meant that the badge provisioning software would have to communicate with
the old and new PACS while being flexible enough to accommodate new TSA directives and
interface with the newly deployed PACS. After a rigorous examination of the options available,
Dickie and her team selected Quantum Secure’s SAFE for Aviation product. They considered
other vendors, but felt that Quantum Secure offered the most comprehensive solution and also
provided a robust audit and compliance system.
“We talked to all the various vendors, and then to other airports, most of whom did not have a
separate badging system; they just badge through the physical access control systems,” Dickie
said. “The badges that come out in the previous process have no intelligence built in. After the
physical production of the badge, all processes from pre-enrollment of an airport identity to badge
assignment to access management leading to termination of the access—all processes are done
manually with lots of errors and no accountability. We knew Quantum Secure had done work for
Toronto, so we called them and understood how Quantum’s technology is being leveraged by
them. They had three PACS systems that they had to converge. We thought we had it bad with
two. We got a lot of positive comments from Toronto and how they fully automated tough manual
processes, including audit and compliance requirements. We placed a lot of importance on
Quantum’s ability and willingness to service us and deliver airport-specific functionality and
enhancements as they became necessary, because in the physical security world, especially with
airports, the goalposts are always moving.”10 Calculating Return on Investment
Dickie liked the operational aspects of the SAFE solution but still had to convince senior SFO
executives that the tangible benefits justified the cost. Deciding the right amount to spend to
achieve a given level of security was a challenging task, in large part because serious breaches of
security were very rare but resulted in extremely painful consequences.
The team’s research identified benefits to SFO in five major areas: reduced labor and material
costs, increased accuracy of recordkeeping, improved compliance with safety regulations, and
avoided costs of replacing old systems by enabling integration and interoperation. 8 Ibid.
Ibid.
10
Ibid.
9 KELLOGG SCHOOL OF MANAGEMENT
5
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyright. Please contact
customerservice@harvardbusiness.org or 800-988-0886 for additional copies. SFO AND QUANTUM SECURE KEL720 Labor Costs
Quantum Secure supplied data about the impact of the SAFE system on Toronto Pearson’s
badging process over the entire user lifecycle. Upon implementing the SAFE system, Toronto
Pearson estimated that its automated, interconnected identity management system would reduce
the need for duplicative data entry and streamline the background-check process to onboard a new
user. As a result, the time to onboard a user would fall from 9.33 man hours (560 minutes) to just
20 minutes.
Dickie saw this as a significant potential cost savings if SFO’s own credentialing time could
be reduced from the more than six man hours it currently took. The airport credentialed
approximately 20,000 new users every year, a figure Dickie expected to grow by approximately 10
percent for each of the next five years (from 2009 to 2013), the timeframe used by its finance
department to calculate the payback period for capital expenditures.
SAFE also enabled Toronto Pearson to increase the consistency of data entry, which reduced
ID badge processing costs from $49 per card to $35 in the first year, with the potential to decrease
further in subsequent years. SFO’s cost was approximately $44 per badge before implementing the
SAFE solution. Dickie knew this also could represent significant cost savings for the 2,000 users
that would access Terminal 2 using the older PACS system in 2009, and the rest of SFO’s
approximately 20,000 users that ultimately would migrate to the new system in Terminal 2 as it
was migrated across the rest of the airport in four equal tranches in future years.
On average, identity management at SFO required approximately 15 minutes of manual
processing per identity per year for each of the more than 20,000 identities. (Dickie expected this
number to grow by 5 percent annually for the next five years.) Identity management consisted of
changing identity records, terminating identities, changing access provisioning, replacing lost
badges, and renewing old badges. Automating these tasks with SAFE was expected to reduce the
time required to complete them by as much as 35 percent, which would not only increase the
productivity of security personnel but also prevent users from experiencing long wait times. Material Costs
The enhanced functionality of the new PACS at Terminal 2 required a new, more
technologically sophisticated badge for the 2,000 users accessing the terminal in 2009. Without
SAFE, any users with access to both Terminal 2 and other parts of the airport that still used the
older PACS infrastructure would have to carry a new badge for Terminal 2 in addition to their old
badge for the rest of the airport. The old badges cost $2.00, while the new badges for Terminal 2
cost $7.00. Based on the planned rollout of the new PACS and gradual replacement of the old
PACS, Dickie estimated the number of users that would need two badges over time would be as
follows:
2009 2010 2011 2012 2,000 4,000 8,000 10,000 2013
0 By implementing SAFE technology from Quantum Secure, however, SFO would eliminate the
need for duplicate badges, as SAFE could enable the newer badges to continue working on the 6
KELLOGG SCHOOL OF MANAGEMENT
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyright. Please contact
customerservice@harvardbusiness.org or 800-988-0886 for additional copies. KEL720 SFO AND QUANTUM SECURE older PACS system when those users accessed airport areas outside of the Terminal 2 zone (which
would now use the newer PACS system). Increased Accuracy of Recordkeeping
Because SAFE populated recurring fields such as social security number, name, and address
across multiple pages and required certain fields to be completed before moving to the next screen,
Dickie knew that one of its benefits would be far fewer missing fields and mistyped information in
SFO’s user database. However, the team worried that it would be difficult to place a dollar value
on greater information accuracy.
Dickie knew, however, that one tangible result of improved accuracy would be a reduction in
the time to detect and correct errors across the airport’s various databases. The badging department
reported that seven employees spent one full day each month comparing user databases and
attempting to correct the errors they discovered. Toronto Pearson had reported a 90 percent
reduction in this activity after its SAFE implementation; Dickie anticipated that SFO’s systems
and processes were comparable to Toronto Pearson’s before its SAFE implementation, but she
estimated that 90 percent was an aggressive savings assumption and that SFO would probably
enjoy a slightly lower level of savings. Increased Compliance
According to Quantum Secure, the SAFE for Aviation solution had improved Toronto
Pearson’s compliance with various regulatory safety standards by as much as 60 percent, although
it was impossible to obtain accurate data across various categories. For example, Toronto Pearson
reported a drop in accidental violations of the Canadian Air Transport Security Authority’s
restricted area identification card program from 311 to 224 annually. Most of the reduction
stemmed from eliminating violations resulting from users borrowing badges to access areas for
which they lacked permission, a violation that could result in a fine of up to $10,000 CAD
(approximately $8,849 USD at the time) per incident. SAFE Solution for Airports promised
significant improvements.11
Unfortunately for Dickie, Toronto Pearson officials lacked accurate data on the increase in
compliance to the hundreds of other regulations and the average cost of violating them.
Complicating matters further, in some situations the SAFE system did not prevent violations from
occurring, but rather led to more rapid detection and remediation. 11 Among other benefits, the SAFE system:
(a) includes pre-defined policies for TSA compliance, badging, and operations which allows airports to enforce compliance
with TSA Security Directives (SD) across diverse and disparate systems, including Customs and Border Control (CBP)
regulations pertaining the airports;
(b) provides in-built controls, policies, workflows, and reports to comply with SD and Regulations—“SD 1542-04-08G,”
“Watch list matching in accordance with Part 1542 and SD 10 series,” “49 CFR Part 1542 directives,” “Requirement related
to -25% SIDA badge issuance, 5% loss badge status, 10% 100% Employee Audit, Daily/Monthly STA Monitoring.”
Patented graphical policy tool allows accommodating any future addition or change to rules and workflows related current
security directives and regulations; and
(c) automates complex operations and monitoring—STA/CHRC Rules by Employer, Badge Expiration Notification and
Renewal, Training Relationship to Privileges, Document Storage (I9, Certifications, Signatures, etc.), Not Returned Keys,
Fobs and Badges. KELLOGG SCHOOL OF MANAGEMENT
7
This document is authorized for use only by Yongchai Raksapol (YRAKSAPO@MY.HPU.EDU). Copying or posting is an infringement of copyr…
