Enterprise GIS Security

The challenge

The Port of Seattle runs multiple lines of business:

  • Airport
  • Seaport
  • Real Estate
  • Recreational Marinas
  • Cruise Terminals

To fulfill the wide variety of different tasks, the Port’s GIS needs to host highly sensitive datasets related to physical security, cameras, alarms, sensors, access control systems, etc.

Due to the many different business units, the Port’s Enterprise GIS security architecture needs to be able to manage access to different information sources at a very fine-grained level. This includes:

  • Role Based Security. Users should only have access to the GIS layers appropriate to their job.
  • Layer Filtering. Control what map layers are visible to different users of the same application.
  • Attribute Filtering. Determine what features are visible to different users viewing the same layer, based on attributes.
  • Geospatial Filtering. Limit visibility to only features within a specific geographic area. For example: allow access to security cameras at the Seaport but not at the Airport.

Since information is shared among different applications and devices, an access control solution has to be applicationindependent and provide security for all communication channels, making use of existing technology such as Active Directory and ArcGIS.

The Customer

The Port of Seattle plays a key role in bringing international trade, transportation and travel to the U.S. Pacific Northwest, and supports industries as diverse as tourism and commercial fishing. The Port is also akey builder of road and rail infrastructure, partnering with other agencies to improve freight traffic from Tacoma to Everett.

The port owns and operates Seattle-Tacoma International Airport - the USA’s 15th busiest – handling more than 33.2 million passengers in 2012. Sea-Tac's Air Cargo operations rank 21st in the U.S. while passenger cruise terminals at Pier 66 and Smith Cove Terminal handled 202 ship calls and an estimated 934,900 passengers during the 2012 season.

www.portseattle.org

The Solution

Port of Seattle requires a robust, powerful GIS system to serve lots of different purposes, some of them mission-critical. So relying on an ArcGIS platform is a natural choice. To maintain privacy and authorized data access, however, a powerful access control solution was needed on top, being capable of fine-grained authorization without breaking interoperability throughout the multitude of different systems accessing the ArcGIS backbone. The Port of Seattle decided to use security.manager as an access control layer on top of their ArcGIS services, since through its explicit dedication to the ArcGIS technology stack, security.manager works as a perfect emulation of ArcGIS for Server, making access control completely transparent to the different systems designed to use ArcGIS.

Technology Used

  • ArcGIS for Server
  • Active Directory
  • security.manager

Benefits

Due to the various parties needing access to different subsets of GIS data, the Port of Seattle was creating dedicated services for each party. With a growing number of users and use cases, this was getting harder to maintain. security.manager now provides a solution which allows users to create services only once, and assigning the appropriate access rights to various groups, ensuring that users only get access to those datasets to which they are authorized.
Implementing an access control solution into an existing infrastructure may risk breaking existing workflows by changing the behavior of the services. However, due to security.manager’s ability to fully imitate core ArcGIS behavior the product can be implemented without interoperability issues.
This complete alignment with ArcGIS core technology, together with the ability to use the Port’s Active Directory as the user repository for security.manager, Port of Seattle now has the infrastructure in place to serve the current needs while being prepared for future requirements.

Customer comment

“The Port of Seattle is excited to finally have an advanced, fine-grained ArcGIS security infrastructure in place to secure our most sensitive geospatial applications.
Adding security.manager to our GIS architecture added critically needed control and functionality.”

Eric Drenckpohl
Enterprise GIS Manager, Port of Seattle