In Swissport’s world, strengthening safety and networking supplies a chance to serve extra clients and develop.
Swissport’s international IT operations began to show the strains of counting on legacy techniques for safety and networking, which have been rapidly changing into a legal responsibility for the corporate. Senior administration might see that centralized visibility was a serious problem, which led them to take fast motion.
Swissport’s development outpaced its legacy techniques
The safety and networking challenges that Swissport confronted started to multiply as its enterprise enlargement accelerated. Legacy techniques have been hindering the power to serve clients, safe international places and develop the enterprise. The senior administration crew informed VentureBeat that legacy techniques weren’t maintaining with the tempo of their enterprise, main the crew to contemplate new alternate options, beginning with safe entry service edge (SASE).
In 2024, Swissport offered floor companies for 247 million airline passengers, dealt with greater than 5 million tons of air freight at 117 cargo facilities and served airways at 279 airports in 45 international locations throughout six continents. Because the world’s largest supplier of floor and cargo dealing with companies within the aviation trade, a core a part of how Swissport excels for its clients is connecting and securing its international IT operations. That’s desk stakes for a enterprise with over 26,000 customers, together with floor crew and distant staff.
“The biggest challenge wasn’t just visibility—it was consistency,” stated Giles Ashton-Roberts, Chief Info Safety Officer at Swissport. “We had to unify how we enforce security across hundreds of sites without slowing down the business.”
From fragmented infrastructure to SASE
“We’re truly a 24/7 business. It’s always peak time somewhere in the world, and we need to keep our network both secure and available,” Richard Thorp, Chief Expertise Officer at Swissport, informed VentureBeat in a current interview. “That means standardizing security and making sure every user and every device is covered—whether they’re in a coffee shop or on the tarmac.”
Legacy techniques weren’t scaling quick sufficient to maintain up with the speedy enlargement tempo that Swissport was experiencing. Legacy techniques, together with the fragmented infrastructure on which they have been primarily based, have been slowing down development and creating potential safety and networking challenges. Swissport set formidable targets to redefine its safety and networking stack, changing fractured digital non-public networks (VPNs), disparate home equipment and inconsistent coverage enforcement with a completely new SASE structure.
“Before this change, we were managing different systems across different sites with different policies—and visibility was fragmented,” Thorp stated. “Now we operate under one set of security policies globally, and I can sleep at night knowing the environment is secure.”
Each connection, whether or not from an airport kiosk or a hybrid work system, is now identity-aware, constantly risk-scored, and enforced in real-time from a single, cloud-native SASE platform. Zero Belief is enforced on each endpoint and interplay, giving Swissport the pliability to develop on the tempo it must whereas serving its rising buyer base.
Why SASE is on the core of Swissport’s architectural overhaul
Swissport’s choice to undertake SASE structure underscores the significance of sustaining real-time responsiveness, transparency and accuracy to maintain and improve its quite a few buyer relationships worldwide. Excellence in international aviation companies happens when each working unit has the required knowledge. SASE helps Swissport create a unified crew galvanized to the frequent objective of excelling on behalf of shoppers.
VentureBeat is seeing SASE ship advantages past changing legacy techniques with a unified structure. The quicker and extra correct the info, the extra a enterprise can attain distant places of work and places, conserving them coordinated with broader groups and reaching a higher return on invested capital (ROIC).
VentureBeat can also be seeing this play out throughout capital-intensive companies companies in the present day, the place enhancing responsiveness and unifying geographically various networks has a direct impression on income. Core to Swissport’s SASE technique is a unified structure that unites over 320 places, making certain safer, real-time communications throughout every location and network-wide.
In defining its SASE technique, Swissport opted for a single, cloud-native SASE platform. Gartner notes there are a lot of advantages to this strategy, together with platform unification, simplified coverage management and identity-aware entry that adapts in real-time.
Swissport did their due diligence throughout all SASE distributors who additionally supply zero belief as part of their structure and selected Cato Networks for its single administration airplane, unified knowledge lake, international Factors of Presence (PoPs) and skill to break down software-defined broad space community (SD-WAN) and safety into one enforcement layer. Thorp informed VentureBeat {that a} vital motivation for adopting a SASE platform was the necessity to transfer away from supporting quite a few legacy platforms, every with its distinctive configuration. “Different platforms required different configurations, which complicated troubleshooting and made security enforcement a challenge,” stated Thorp.
“Cato’s TLS Inspection gives us the ability to inspect encrypted traffic while avoiding unintended service disruptions,” stated Ashton-Roberts. “It’s been a major improvement to our security posture.” Transport Layer Safety (TLS) inspection is central to sustaining Swissport’s community and safety infrastructure. Encrypting and decrypting TLS and safe sockets layer (SSL) visitors is important in Swissport’s SASE infrastructure, because it secures knowledge and helps determine potential threats. TLS inspection analyzes the contents of each encrypted message to detect malware, knowledge exfiltration, or different malicious actions that could possibly be extra damaging.
5 classes discovered from Swissport’s SASE blueprint
Whereas most enterprises are attempting to combine safe service edge (SSE), SD-WAN, and ZTNA from a number of distributors collectively, Swissport selected to go all-in on platform consolidation with Cato to break down their safety tech stack, standardize coverage enforcement and embed safety straight into the community cloth.
Ashton-Roberts and Thorp informed VentureBeat that SASE is delivering the visibility they should preserve their international IT operations working easily. On the similar time, Zero Belief enforces the least privilege and protects belongings, assets, and, most significantly, the identities and roles of staff and clients on the community.
Swissport’s SASE blueprint consists of the next 5 rules:
Finish-to-end zero belief turns detection into immediate motion. Swissport is implementing Zero Belief throughout each edge and endpoint. They’ve changed legacy VPNs with a totally authenticated, segmented and adaptive community cloth that constantly scores each session for danger. “Within 15 minutes, our team identified excessive database traffic, blocked the device and restored normal operations—something that would’ve taken us days before,” Thorp informed VentureBeat.
World safety will get simpler when coverage is unified. Swissport’s legacy techniques have been a patchwork of multiprotocol label switching (MPLS) hyperlinks, region-specific VPNs and remoted firewalls, every created at totally different occasions and all delivering inconsistent coverage enforcement and fixed friction. Now, a single coverage framework governs community entry throughout Amazon Net Companies (AWS), Microsoft Azure, cloud SaaS functions and airport edge techniques. There’s no location-specific logic or guide drift, simply real-time management. Gartner forecasts that by 2027, 40% of enormous enterprises will undertake location-agnostic enforcement as a zero belief community entry (ZTNA) baseline, up from lower than 10% in 2024. Swissport is already working on that mannequin, flattening complexity whereas growing attain.
Actual-time visibility is a enterprise accelerator driving outcomes and ROI. Legacy techniques left Swissport blind to cross-domain threats. Correlating the basis trigger with the response took days. Now, all visitors, from airport terminals to cloud SaaS functions, is streamed right into a single knowledge lake that helps steady, role-based entry management (RBAC) and menace analytics. “It’s incredibly easy to pinpoint connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp stated. In accordance with Gartner, fewer than half of distributors present unified observability throughout customers, gadgets and apps in any respect edges. Swissport constructed it into the inspiration.
Decrypt every thing, disrupt nothing: Safe TLS at scale. Encrypted visitors is the brand new blind spot. Many enterprises nonetheless bypass TLS inspection to keep away from latency or software breakage. Swissport selected otherwise. By deploying full inline TLS inspection throughout its spine, Swissport maintains visibility into encrypted threats with out disrupting mission-critical aviation techniques. Most SSE and ZTNA distributors nonetheless depend on partial decryption or bypass tunnels, in line with Gartner’s newest evaluation of adaptive entry capabilities. Swissport proved full inspection is achievable even in high-sensitivity, high-availability environments.
A SASE platform drives quicker enterprise wins. Swissport didn’t add extra distributors; they consolidated them. A SASE platform changed a sprawl of SD-WAN home equipment, VPN concentrators, and standalone safety instruments. The outcome? Websites come on-line in hours, not weeks. New customers are protected immediately. Coverage adjustments propagate globally in minutes. Gartner initiatives that 65% of all SD-WAN purchases will probably be bundled into single-vendor SASE platforms by 2027, up from simply 20% in 2024. Swissport didn’t wait. They made SASE the baseline, not a bolt-on, and it reveals of their international agility.
Every day insights on enterprise use instances with VB Every day
If you wish to impress your boss, VB Every day has you coated. We provide the inside scoop on what corporations are doing with generative AI, from regulatory shifts to sensible deployments, so you may share insights for max ROI.
An error occured.
