Airline soars by moving network security to the cloud

A large global commercial airline sought to differentiate itself from competitors by establishing a singular track record of on-time flights and providing exceptional customer service.

The airline realized it needed to digitally transform to achieve its goals. It aimed to upgrade its network security infrastructure and migrate additional mission-critical applications from on-premises to the cloud, primarily with Amazon Web Services (AWS).

Due to the project’s magnitude, the company sought to accomplish its journey to the cloud in phases. It planned a lift-and-shift migration for existing applications, then the refactoring or modernizing of legacy applications, and finally, development of new cloud-native applications.

To accomplish this ambitious project, the company sought a high-performing security partner to realize its vision and carry it into the future.

The airline’s existing network security infrastructure comprised point solutions provided by multiple vendors. Legacy firewalls repeatedly proved unreliable. This led to several large-scale outages, causing significant departure delays.

Not only were passengers stuck and inconvenienced, but the airline failed to meet important performance benchmarks, including on-time departures and arrivals and completion factor (the percentage of scheduled flights that aren’t canceled). The company was losing revenue and its reputation was on the line.

“Only by providing superior service could the airline justify its premium ticket prices and maintain loyal customers,” says Lamar Spells, Systems Engineer Manager at Palo Alto Networks. “If planes are sitting on the ground, if the airline’s performance metrics lag, its reputation is hurt in ways that a healthy business can’t tolerate.”

Shortly after the company decided to switch network security vendors and replace its firewalls, the COVID-19 pandemic began. The airline saw the downtime required by the pandemic as an opportunity to accelerate its digital transformation by moving away from legacy data centers and into the cloud.

This would allow the company to scale cloud costs down when capacity needs were low, then back up again when the travel industry recovered. Being able to scale quickly according to demand would enable the company to provide customers an improved experience.

The airline needed a reliable network security partner and Next-Generation Firewalls that would ensure uninterrupted business operations. The solution had to meet bandwidth demands and support required network interface types.

In addition, the airline wanted a solution to advance its Zero Trust strategy from on-premises to a hybrid environment spanning cloud and on-premises. A scalable solution was needed so costs could be dynamic.

As the airline modernized and digitized, the solution had to grow with it and keep up with changes in the industry. In sum, the company required a trusted platform to turn its plans into reality.

Palo Alto Networks not only met the airline’s requirements, it exceeded them. Palo Alto Networks stood out from competitors as an established leader in the Gartner® Magic QuadrantTM for Network Firewalls with a record of years of delivering innovation in network security and Next-Generation Firewalls. Each day, Palo Alto Networks uses AI and machine learning to detect 1.5 million new and unique threats and block 8.6 billion attacks for its customers.

Competitors couldn’t match Palo Alto Networks Advanced URL Filtering, Advanced WildFire® malware protection, payload inspection, and Advanced Threat Prevention capabilities.

The airline compared the throughput of its previous firewall vendor to that of Palo Alto Networks. It found that existing firewalls failed to achieve the vendor’s stated performance levels. With the Palo Alto Networks firewalls, the amount of data successfully transmitted over the network connection within a given period was much closer to benchmarks.

Continuing on the path to success

Some years ago, the airline began securing its digital transformation by deploying physical Palo Alto Networks Next-Generation Firewalls. The company initially chose PA-850 Next-Generation Firewalls to provide traffic segmentation for airport reservation kiosks and baggage handling systems.

The airline is now swapping those out with modernized models. As it moves critical applications to the cloud, it deploys Palo Alto Networks VM-Series Virtual Next-Generation Firewalls to protect those assets. Together, the physical and virtual firewalls provide security from the cloud to the edge of the network.

Panorama makes it easy for the airline’s IT team to manage the Network Security Platform. It also allows the team to collect log entries from multiple sources and pull them into a centralized operations platform.

The airline compared the performance of the virtual firewalls to a competitor’s firewall, which fell short on protections and was limited to open source intrusion prevention system (ISP) detection methods. The VM-Series virtual firewalls are much more secure.

Trusted technology from a dependable partner

Palo Alto Networks was on site for the implementation phase to ensure the process went smoothly and provided reference architecture and infrastructure-as-code (IaC) templates to assist the airline’s IT team in provisioning the VM-Series virtual firewalls. The templates and reference architecture covered at least 80 percent of the deployment; the airline’s IT team only needed to dial in the unique airline and passenger application requirements.

“By the time the airline began looking at the virtual firewalls, there was a level of comfort,” Spells says. “Their IT and security teams felt good about the work we did to deploy their physical firewalls, were familiar with managing the platform, and trusted Palo Alto Networks technology.”

The airline chose Prisma Cloud to secure cloud-native applications against today’s rapidly evolving cyberthreats, monitor cloud security posture, protect cloud workloads, and provide faster application delivery with code-to-cloud protection.

Palo Alto Networks also helped implement GlobalProtect to provide a clean source of user identity for all employees on the airline’s network, whether they work on-premises or remotely. This moves the airline closer to achieving Zero Trust across the enterprise, from on-premises to the cloud.

With Palo Alto Networks, the airline has a dependable partner in cloud network security to help ensure planes take off when they should. The company is also more agile and responsive to opportunities in the travel industry.

“With virtual firewalls and Prisma Cloud, the airline’s ability to scale cloud capacity to meet demand is better for customer service, provides a better user experience, and reduces costs,” Spells says.

The airline has moved many front-end applications, including its seat map application and mileage plan account data, from the mainframe to AWS. It’s on the way toward migrating its custom reservation system.

The company is well-positioned to achieve its aggressive goal of moving 80 percent of all workloads to the cloud within the next five years by leveraging modern application techniques like Kubernetes containers, microservices, and microsegmentation design techniques.

The airline has achieved efficiencies by automating manual processes and eliminating point solutions from disparate vendors. It has further cut costs by eliminating leased facility space for several data centers and maintenance of legacy equipment. The company has plans to close more of its data centers.

Perhaps most importantly, the decreased mainframe footprint is advancing the organization’s Zero Trust strategy and has made it possible for the airline to reduce its security risk significantly. The company demonstrated the ability to block different types of critical threats by achieving a benchmark set by Palo Alto Networks, and looks to continually improve its threat prevention capabilities.

Palo Alto Networks is helping the airline increase its use of automation. The company is exploring artificial intelligence for IT operations (AIOps) and plans to expand adoption of App-IDTM. This classification technology enables the IT team to see the applications on its network and learn how they work, their behavioral characteristics, and their relative risk.

The airline also plans to implement dynamic and Open Shortest Path First (OSPF) routing protocols to ensure flexible and efficient network routing.

Partnering with Palo Alto Networks allows the airline to strengthen its security, better serve customers, and achieve the quality standards that set it apart from competitors.

Find out more about how Palo Alto Networks’ best-in-class solutions can improve networking and security for your organization. Additional information is here.