From friction to flow: why swissport scrapped its vpn for cato’s sase platform

In Swissport‘S world, strengthening security and networking provides an opportunity to serve more customers and grow.

Swissport’s Global It Operations Started to Expos the Strains of Relying on Legacy Systems for Security and Networking, which was quickly be able a liability for the company. Senior Management Could See that Tentralized Visibility was a Major Challenge, Which LED them to take Quick Action.

Swissport’s growth outpaced its legacy systems

The Security and Networking Challenges that Swissport Facted Began to Multiply as Its Business Exposition Accelerated. Legacy Systems were hindering the ability to serve customers, secure global locations and expand the business. The Senior Management Team Told VentureBeat that Legacy Systems Weren Bollywood up with the Pace of their business, lead the team to consider new alternatives, starting with SECRESS SERVICE SARVICE SASES SASES SASES SASES SASES

In 2024, Swissport Provided Ground Services for 247 Million Airline Passengers, Handled More Than Five Million Tons of Air Freight at 117 Cargo Cargo Centers and Served AIRVED AIRVED AIRVED AIRVED AIRVED AIRVED AIRVED AIRVED AIRVED AIRVAD Six Continents. As the World’s Larges Provider of Ground and Cargo Handling Services in the Aviation Industry, A Core Part of How Swissport Excels for Its Customers is Connecting and Securing Its Global Its. That’s table stakes for a business with over 26,000 users, Including Ground Crew and Remote Workers.

“The biggest challenge wasn’t just visibility –it was consistency,” said giles ashton-roberts, Chief Information Security Officer at Swissport. “We had to unify how we enforce security have done hundreds of sites without slowing down the business.”

From fragmented infrastructure to sase

“We’re truly a 24/7 business. It’s always peak time somehere in the world, and we need to keep our network bot secure and available,” Richard Thorp, CEFCHONOLOONLOG TOLDE Venturebeat in a recent interview. “That means standardizing security and making sure always user and every device is covered – WHETHER AIN A A Coffee Shop or on the Tarmac.”

Legacy systems were not scaling fast enough to keep up with the rapid expansion pace that Swissport was experience. Legacy Systems, Along with the Fragmented Infrastructure on where they were based, was Slowing Down Growth and Creating Potential Security and Networking Challenges. Swissport set amableious goals to redefine its security and networking stack, replacing fractured virtual private private networks (vpns), disparete appliances and inconsistent inforce Entrely new sase architecture.

“Before this change, we were managing different systems Across Different Sites with different policies –nd visibility was fragmented,” Thorp Said. “Now we operate under one set of security policies globally, and I can sleep at night knowledge the environment is secure.”

Every connection, whither from an airport kiosk or a hybrid work device, is now identity-aware, continuously risk-scored, and enforced in real-time from a single, cloud-native sase Platform. Zero trust is enforced on every ENDPOINT and Interaction, Giving Swissport the flexibility to grow at the pace it needs to while serving its growing customer base.

Why sase is at the core of swissport’s architectural overhaul

Swissport’s decision to adopt sase architecture underscores the important Relationships Worldwide. EXCELLENCE in Global Aviation Services Occurs when Every Operating Unit Has the Necessary Data. SASE HELPS Swissport Create a Unified Team Galvanized to the Common Goal of Excelling on Behalf of Customers.

Venturebeat is see deliver benefits beyond replacing legacy systems with a unified architecture. The faster and more accurate the data, the more a business can Reach Remote Offices and Locations, Keeping Them Coordinated With Browader Teams and Achieving a Greater Return on Investted Capital (Roic).

Venturebeat is also seeing this play out acquires capital-invisible services business Revenue. Core to Swissport’s Sase Strategy is a Unified Architecture that Units Over 320 Locations, ENSURING More Secure, Real-Time Communications Across Each Location and Network-WIDE.

In defining its sase strategy, swissport opted for a single, cloud-native sase platform. Gartner Notes there are many benefits to this approach, Including Platform Unification, Simplified Policy Control and Identity-Aware Access That Adapts in Real-Time.

Swissport Did Cato networks For its Single Management Plane, Unified Data Lake, Global Points of Presence (POPS) and Ability to Collapse Software-Defined Wide Area Network (SD -WAN) and Security INFORCERCENG LAYAR Thorp Told Venturebeat that a Significant Motivation for Adopting a Sase Platform was the need to move Away from Supporting Numerous Numerous Legacy Platforms, Each with Its Unique Configuration. “Different platforms required different configurations, which complicated Troubleshooting and made security enforcement a challenge,” said thorp.

“Cato’s TLS Inspection Gives Us The Ability to Inspight Encrypted Traffic While Avoiding Unintended Service Disrupts,” Said Ashton-Roberts. “It’s been a Major improvement to our security posture. Encrypting and decrypting tls and secure sockets layer (SSL) Traffic is essential in Swissport’s SASE Infrastructure, as it secures data and helps Idential Threats. TLS Inspection Analyzes The Contents of Every Encrypted Message to Detect Malware, Data Exfiltration, or other MALICIUS Activities that would be more damaging.

Five Lessons Learned from Swissport’s Sase Blueprint

While Most Enterprises are Trying to Integrate Secure Service Edge (SSE), SD-WAN, And Ztna from Multiple Venndors togethors togethr, Swissport Chose to Go All -in Platform Consolidation White Cato Tot Collapse their Security Tech Stack, Standardize policy enforcement and embed security directly into the network fabric.

Ashton-roberts and thorp told venturebeat that sase is deliverying the visibility they need to keep their global it operations running smoothly. At the same time, Zero Trust Enforces the Least Privilege and Protects Assets, Resources, and Most Importantly, The Identities and Roles of Empolyees and Customers on the Network.

Swissport’s Sase Blueprint Includes The Fiveing ​​Five Principles:

1. End-to-Ed Zero Trust Turns Detection Into Instant Action. Swissport is enforcing zero trust across every edge and endpoint. They’ve replaced legacy vpns with a fullly authenticated, segmented and adaptive network fabric that Continiously scores every session for risk. “Within 15 minutes, our team identified excessive database traffic, blocked the device and restored Normal Operations – Somenting that would’ve’ve Taken Us Days Before,” Thorp Told venting.
2. Global Security Gets Easier when policy is unified. Swissport’s Legacy Systems was a Patchwork of Multiprotocol Label Switching (MPLS) LINKS, Region-Specific VPNS and Isolated Firewalls, Each Created AT Different Times and ALL DIFERENTED inconsistent policy enforcement and constant friction. Now, a Single Policy Framework Governs Network Access Across Amazon Web Services (AWS), Microsoft Azure, Cloud SAAS Applications and Airport Edge Systems. There’s no location-specific logic or manual drift, just real-time control. Gartner Forecasts that by 2027, 40% of Large Enterprises will adopt location -gnostic enforcement as a zero trust network access (ZTNA) Baseline, Up from Less Than 10% in 2024. Swissport is alredy operating on that model, flattening complexity while increasing Reach.
3. Real-time visibility is a business accelerator driving results and roi. Legacy Systems Left Swissport Blind to Cross-Domain Threats. Correlating the root cause with the response took days. Now, all traffic, from Airport Terminals to Cloud Saas Applications, Is Streamed INTO A Single Data Lake that supports Continuous, Role-Based Access Control (RBAC) and Threat Analytics. “It’s incredibly easy to pinpoint connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp said. According to GartnerFewer than half of vendors provide unified observability users, devices and apps at all edges. Swissport Built it into the foundation.
4. Decrypt everything, disrupt note: Secure TLS at Scale. Encrypted traffic is the new blind spot. Many Enterprises Still bypass TLS Inspection to avoid latency or application breakage. Swissport chose differently. By deploying full INLINE TLS Inspection Across its backbone, Swissport MainTains Visibility INTO Encrypted Threats without disrupting Mission-Critical aviation systems. Most sse and ztna vendors still relay on Partial Decryption or Bypass Tunnels, According to Gartner’s Latest Review of Adaptive Access Capability. Swissport Proved Full Inspection is achievable even in high-sensitivity, high-vaivilabity environments.
5. A Sase Platform Drives Faster Business Wins. Swissport didnight add more vendors; They consolidated them. A SASE PLATFORM REPLECED A Sprawl of SD-WAN Appliances, VPN Concentrators, and Standalone Security tools. The result? Sites come online in hours, not weeks. New users are protected instantly. Policy Changes Propagate Globally In Minutes. Gartner Projects That 65% of all sd-lead purchases will be bundled into single-vendor sase platforms by 2027, up from just 20% in 2024. Swissport didn please. They made sase the baseline, not a bolt-on, and it shows in their global agility.