Download PDF
A leading global airline arrives ahead of schedule at cloud computing PCI DSS compliance, thanks to Sumo Logic’s Cloud SIEM solution
Technology Category
- Cybersecurity & Privacy - Cloud Security
- Analytics & Modeling - Predictive Analytics
- Platform as a Service (PaaS) - Connectivity Platforms
Applicable Industries
- Transportation
- Aerospace
Applicable Functions
- Business Operation
- Quality Assurance
Use Cases
- Predictive Maintenance
- Cybersecurity
- Fleet Management
- Remote Asset Management
Services
- Cloud Planning, Design & Implementation Services
- Cybersecurity Services
- Training
The Challenge
As part of its ongoing commitment to innovation, a leading global airline company embarked on a major initiative that—when fully completed–would entail moving hundreds of applications to the cloud. However, essential to this initiative was the need for the company’s nascent cloud platforms to first attain compliance with the highly demanding PCI Data Security Standard. Failing to achieve this milestone would endanger the company’s entire digital transformation efforts. The airline company always seeks new methods for leveraging technology to support its drive for innovation and efficiencies. These objectives were instrumental in the company’s executive mandate to adopt a cloud-first strategy for its systems and applications. For example, the airline made major investments in Amazon Web Services (AWS), Microsoft Azure, Office 365, and SharePoint. Kubernetes also features prominently in the company’s portfolio. To date, the airline has deployed approximately five, major solutions to the cloud, underpinning critical functions, such as baggage tracking and carry-on monitoring. While that’s an impressive number, there are still hundreds of other applications to migrate. Regardless of the exact cloud vs. on-premise blend of the airline’s systems and applications, one overarching fact remains: the company is obligated to adhere to its rigorous PCI DSS regulations at all times. This reality means that the airline must constantly scrutinize its entire operating landscape to uncover any security risks to its cardholder data that could jeopardize the company’s cloud computing business strategy.
About The Customer
With an illustrious history dating back nearly a century to the dawn of commercial aviation, the airline company has maintained a dedicated mission to achieve the highest standards of safety and reliability. The company continues to earn trust with its customers and in the industry by doing things the right way and delivering on its commitments every day. The airline’s obligations to its customers extend far beyond the travel experience to include safeguarding their personal and financial details. Not surprisingly, with more than 162 million revenue passengers in 2019 alone, the company processes an enormous amount of credit card transactions each day. In fact, the Payment Card Industry Security Standards Council (PCI SSC) – a widely respected financial standards body – designates the airline company as a Level 1 merchant, its highest ranking. This means that the airline is subject to the most stringent PCI Data Security Standard (PCI DSS) stipulations, which includes 12 requirements for monitoring and maintaining a secure cardholder data environment.
The Solution
In an effort to supplant earlier attempts that fell short of the company’s objectives, the airline company standardized on Sumo Logic’s Cloud Security Information and Event Management (SIEM) solution, while concurrently adopting a far-reaching set of supporting procedures and best practices. The airline’s infrastructure team carried out a proof of value (POV) and completed it in four weeks spread across approximately four months. The airline selected Sumo Logic based on a combination of factors that included: Cloud-native solution, Speed to PCI DSS compliance, Ease of configuration and administration, Data ingestion, Reference accounts, Cost effectiveness, and Pre-sales support. Upon POV completion, the airline instantly converted its evaluation environment to production. Simultaneously, the company began ingesting machine data from additional AWS data sources, such as SNS notifications. Earning PCI DSS compliance for its cloud architecture was the airline’s initial rationale for picking Sumo Logic—a milestone attained when the airline went to production, within four months of beginning the POV. Sumo Logic’s Cloud SIEM solution has proven to be popular with up to 30 active users distributed across a broad range of specializations, including colleagues from the Cloud Security, Architecture, Incident Response, and Threat Monitoring/Analysis teams. By centralizing the airline’s security-related raw log data into a centralized, consistent repository, Sumo Logic is producing dramatically lower quantities of false positive security alerts. The company has also uncovered multiple, supplemental use cases for its Sumo Logic investment, such as correlation and automated workflows. The airline is taking this opportunity to establish overarching machine data-oriented policies and procedures for its application teams to follow, which is providing an important foundation for a DevSecOps culture to take root.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Airbus Soars with Wearable Technology
Building an Airbus aircraft involves complex manufacturing processes consisting of thousands of moving parts. Speed and accuracy are critical to business and competitive advantage. Improvements in both would have high impact on Airbus’ bottom line. Airbus wanted to help operators reduce the complexity of assembling cabin seats and decrease the time required to complete this task.
Case Study
Aircraft Predictive Maintenance and Workflow Optimization
First, aircraft manufacturer have trouble monitoring the health of aircraft systems with health prognostics and deliver predictive maintenance insights. Second, aircraft manufacturer wants a solution that can provide an in-context advisory and align job assignments to match technician experience and expertise.
Case Study
Airport SCADA Systems Improve Service Levels
Modern airports are one of the busiest environments on Earth and rely on process automation equipment to ensure service operators achieve their KPIs. Increasingly airport SCADA systems are being used to control all aspects of the operation and associated facilities. This is because unplanned system downtime can cost dearly, both in terms of reduced revenues and the associated loss of customer satisfaction due to inevitable travel inconvenience and disruption.
Case Study
IoT-based Fleet Intelligence Innovation
Speed to market is precious for DRVR, a rapidly growing start-up company. With a business model dependent on reliable mobile data, managers were spending their lives trying to negotiate data roaming deals with mobile network operators in different countries. And, even then, service quality was a constant concern.
Case Study
Digitize Railway with Deutsche Bahn
To reduce maintenance costs and delay-causing failures for Deutsche Bahn. They need manual measurements by a position measurement system based on custom-made MEMS sensor clusters, which allow autonomous and continuous monitoring with wireless data transmission and long battery. They were looking for data pre-processing solution in the sensor and machine learning algorithms in the cloud so as to detect critical wear.
Case Study
Cold Chain Transportation and Refrigerated Fleet Management System
1) Create a digital connected transportation solution to retrofit cold chain trailers with real-time tracking and controls. 2) Prevent multi-million dollar losses due to theft or spoilage. 3) Deliver a digital chain-of-custody solution for door to door load monitoring and security. 4) Provide a trusted multi-fleet solution in a single application with granular data and access controls.
