IN SwissportThe world, strengthening of security and networks ensures the ability to handle more customers and development.
Global IT operations in Swisport began to reveal varieties of relying on older security systems and networks, which quickly became responsible for the company. Higher -level management saw that centralized visibility was a serious challenge, which led them to quick motion.
The height of Szwajsport overtook its older systems
Challenges related to security and networks that Swisport faced began to breed as the business expansion accelerated. Older systems hindered the possibility of customer support, protecting global locations and expanding activities. The senior management team said Venturebeat that older systems are not maintaining with the pace of their activity, leading the team to consider latest alternatives, starting with Secure Access Service Edge (Sase).
In 2024, Swispsport provided ground services for 247 million airlines, served over five million tons of air freight in 117 freight centers and served airlines at 279 airports on 45 countries on six continents. As the world’s largest provider of ground service and cargo services in the aviation industry, the basic a part of how Swissport stands out for its clients, combines and secures global IT activities. This is a table for a company with over 26,000 users, including a ground crew and distant employees.
“The biggest challenge was not only visibility-this is a consequence,” said Giles Ashton-Roberts, information security director at Swissport. “We had to unify the way of enforcing security at hundreds of sites without slowing down the company.”
From crushed infrastructure to Sase
“We’re really 24/7. “This means safety standardization and ensuring that every user and each device are covered – whether or not they are in a cafe or asphalt.”
Older systems weren’t fast enough to sustain with the rapid pace of expansion that Swissport experienced. Older systems, along with crushed infrastructure on which they resisted, slowed down growth and created potential challenges related to security and contacts. SWISPSPORT has established ambitious goals redefining a security stack and network, replacing broken virtual private networks (VPN), different devices and inconsistent policy enforcement with a completely latest Sase architecture.
“Before this change, we managed various systems in different places with different rules – and the visibility was crushed,” said Thorp. “Now we operate under one set of safety rules around the world and I can sleep at night, knowing that the environment is safe.”
Each connection, each from a kiosk at the airport or from a hybrid work device, is now aware of identity, consistently dangerous and enforced in real time from one Sase platform in the cloud. Zero Trust is enforced at every end point and interaction, which provides Swissport flexibility in development at the pace he needs by serving the growing customer base.
Why Sase is the basis of a Swiss architectural renovation
The SWISPORT decision on the adoption of Sase architecture emphasizes the importance of maintaining reactions, transparency and real -time accuracy to maintain and increase quite a few relationships with clients around the world. Perfection in global air services occurs when each operational unit has the obligatory data. Sase helps Swisport in creating a united galvanized team for a common goal, which is perfection on behalf of clients.
Venturebeat sees Sase provides advantages except for replacing older systems with unified architecture. The faster and more accurate data, the more the company can reach distant offices and locations, maintaining them coordinating with wider teams and achieving a greater return on investment (ROIC).
Venturebeat also sees that this is currently going down in firms with capital services, in which the improvement of reactivity and unification of the network of geographically diverse has a direct impact on revenues. The basis of the Sase Swissport strategy is a unified architecture, which connects over 320 locations, providing safer communication in real time in each location and network.
When determining his strategy, Sase, Swissport selected a single, national Sase platform. Garter There are many advantages for this approach, including the unification of the platform, simplified policy control and access to identity, which adapts in real time.
Swispsport has made due diligence in all Sase suppliers who also offer zero trust as a part of their architecture and selected Cato networks In the case of one management aircraft, unified lake of knowledge, global attendance points (POPS) and the possibility of sinking software defined software (SD-WAN) and safety in one layer of enforcement. Thorp told Venturebeat that an essential motivation to accept the Sase platform was the need to move away from servicing many older platforms, each with a unique configuration. “Different platforms required various configurations that complicated problems solving and made security of security,” said Thorp.
“TLS CATO control gives us the opportunity to control the encrypted movement while avoiding unintentional interference,” said Ashton-Roberts. “It was a significant improvement in our safety position.” The safety of the transport layer (TLS) is crucial for maintaining Swiss network and security infrastructure. Crocrying and deciphering TLS and Secure Gockets Layer (SSL) is obligatory in Swiss Sase infrastructure, because it protects data and helps discover potential threats. TLS control analyzes the content of each encrypted message to detect malware, data exfiltration or other malicious activities which may be more harmful.
Five lessons pulled out of Sase Sase BluePrint
While most enterprises are trying to integrate Secure Service Edge (SEZ), SD-WAN and ZTNA from many providers together, Swissport decided to enter the consolidation of the Cato platform to collapse a pile of security technology, standardize the enforcement of rules and set safety directly in network fabric.
Ashton-Roberts and Thorp said Venturebeat that Sase provides the visibility they need to make their global IT operations easily. At the same time, Zero Trust enforces the least permissions and protects resources, resources, and most significantly, identities and roles of employees and customers on the web.
Sase Sase BluePrint includes the following five rules:
- Zero zero trust turns into immediate motion. Swisport enforces zero trust at every edge and end point. They replaced the older VPNS fully authenticated, segmented and adaptive network fabric, which consistently assesses each risk session. “Within 15 minutes, our team identified excessive movement in the database, blocked the device and restored normal operations – something that would take us a few days earlier,” said Thorp Venturebeat.
- Global security becomes easier when politics is united. Older Swiss systems were a mosaic of multi -fold label switching (MPLS), VPN specific to the region and isolated dams, each of which was created at different times and all providing inconsistent policy enforcement and continuous friction. Now individual policy framework regulates access to the network at Amazon Web Services (AWS), Microsoft Azure, Cloud Saas applications and Edge Airport Edge systems. There is no specific logic or manual drift for the location, only real time control. Garter Forecasts that by 2027, 40% Large enterprises will accept the enforcement of a physical location as a final analysis Zero Trust (ZTNA), compared to lower than 10% In 2024, Swisport already operates on this model, flattening complexity, while increasing the range.
- Real time visibility is the motion of a business accelerator and roi. Legacy Systems have made Swisspsport not blind to threats between domains. Corllaving the basic cause took the days. Now all movement, from airport terminals to SaaS applications in the cloud, is streamly sent to one lake data that supports continuous, based on the role of access control (RBAC) and hazard evaluation. “It is extremely easy to indicate connectivity problems, analyze movement patterns and secure our network against one interface,” said Thorp. According to GarterLess than half of the suppliers provide united statement for users, devices and applications on all edges. Swisport built him into the foundation.
- Degrave the whole lot, do not disturb anything: secure TLS on a large scale. An encrypted movement is a latest dead point. Many enterprises still bypass TLS control to avoid delays or application crack. SWISPSPORT selected in a different way. By implementing the full Inline control of TLS in its circle, Swissport maintains visibility in encrypted threats without disturbing critical mission aviation systems. Most SEZ and ZTNA suppliers still involve partial deciphering or bypass tunnels, according to the latest Gartner review regarding the possibility of adaptive access. Swispsport has proved that full control is possible even in high sensitivity and availability environments.
- The Sase platform drives faster business victories. Swisport didn’t add more suppliers; They consolidated them. The Sase platform has replaced the growth of SD-WAN devices, VPN concentrators and independent safety tools. Result? Sites are available on the web inside a few hours, not weeks. New users are immediately protected. Policy changes are propagated throughout the world inside a few minutes. GArtner Projects are 65% Of all SD-WAN purchases, they will probably be included in the Sase platform package with one vision until 2027, up from 20% In 2024, Swisport didn’t wait. They created a Sase base, not screwed, and shows it in their global agility.