HomeFrom friction to flow: Why Swissport scrapped its VPN maze for Cato’s SASE fabric
Swissport's Journey to Enhanced Security and Growth
In the world of Swissport, bolstering security and networking isn't just a necessity—it's a golden opportunity to expand their customer base and drive growth. As the company's global IT operations began to show the cracks of relying on outdated legacy systems, it became clear that these systems were more of a hindrance than a help. Senior management quickly recognized the need for centralized visibility and took swift action to address these challenges.
Outpacing Legacy Systems
Swissport's rapid business expansion brought with it a host of security and networking issues. The legacy systems were simply not keeping up, impeding the company's ability to serve customers effectively, secure global operations, and continue to grow. The senior management team shared with VentureBeat that these systems were falling behind the pace of their business, prompting a search for modern solutions, starting with the adoption of secure access service edge (SASE).
In 2024, Swissport provided ground services for 247 million airline passengers, managed over five million tons of air freight across 117 cargo centers, and supported airlines at 279 airports in 45 countries spanning six continents. As the world's leading provider of ground and cargo handling services in the aviation industry, Swissport's ability to connect and secure its global IT operations is crucial. This is essential for a business that supports over 26,000 users, including ground crew and remote workers.
“The real challenge wasn't just about visibility—it was about maintaining consistency,” explained Giles Ashton-Roberts, Chief Information Security Officer at Swissport. “We needed to streamline security enforcement across our hundreds of sites without hampering our business operations.”
Transitioning to SASE
“We operate around the clock. There's always peak time somewhere in the world, and our network must be both secure and always available,” Richard Thorp, Chief Technology Officer at Swissport, shared in a recent VentureBeat interview. “Standardizing security across all users and devices, whether they're in a coffee shop or on the tarmac, is essential.”
The legacy systems were not scaling fast enough to match Swissport's growth. These systems, along with a fragmented infrastructure, were slowing down the company's expansion and posing potential security risks. Swissport aimed to overhaul its security and networking infrastructure, replacing a patchwork of virtual private networks (VPNs), disparate appliances, and inconsistent policy enforcement with a cohesive SASE architecture.
“Before this transformation, managing different systems at different sites with varied policies was a nightmare—visibility was all over the place,” Thorp remarked. “Now, we operate under a single set of security policies worldwide, which gives me peace of mind knowing our environment is secure.”
Every connection, from airport kiosks to hybrid work devices, is now identity-aware, continuously assessed for risk, and enforced in real-time from a single, cloud-native SASE platform. With Zero Trust enforced on every endpoint and interaction, Swissport can flexibly expand while continuing to meet its customers' needs.
SASE: The Heart of Swissport’s Transformation
Swissport's move to SASE architecture highlights the importance of real-time responsiveness, transparency, and accuracy in maintaining and enhancing its global customer relationships. In the aviation service industry, success hinges on every unit having access to the necessary data. SASE enables Swissport to forge a unified team dedicated to delivering exceptional service to its customers.
VentureBeat has observed that SASE offers more than just a replacement for legacy systems; it provides a unified architecture that significantly enhances operational efficiency. The faster and more accurate the data, the better Swissport can coordinate remote offices and locations, aligning them with broader teams and boosting return on invested capital (ROIC).
This trend is evident across capital-intensive service industries, where improving responsiveness and unifying geographically diverse networks directly impacts revenue. Swissport's SASE strategy is built around a unified architecture that connects over 320 locations, ensuring secure, real-time communication across the network.
In choosing its SASE strategy, Swissport selected a single, cloud-native SASE platform. Gartner highlights several advantages to this approach, including platform unification, simplified policy control, and identity-aware access that adapts in real-time. After thorough evaluation of SASE vendors that also integrate zero trust into their architecture, Swissport opted for Cato Networks. Cato Networks was chosen for its single management plane, unified data lake, global Points of Presence (PoPs), and its ability to integrate software-defined wide area network (SD-WAN) and security into one enforcement layer. Thorp emphasized to VentureBeat that the motivation to adopt a SASE platform stemmed from the need to streamline the management of multiple legacy platforms, each with its own configurations, which had previously complicated troubleshooting and security enforcement.
“Cato’s TLS Inspection capability allows us to inspect encrypted traffic without causing service disruptions,” said Ashton-Roberts. “This has significantly enhanced our security posture.” Transport Layer Security (TLS) inspection is vital to Swissport's network and security infrastructure, as it secures data and identifies potential threats by analyzing the contents of encrypted messages for malware, data exfiltration, or other malicious activities.
Lessons from Swissport’s SASE Implementation
While many enterprises are piecing together secure service edge (SSE), SD-WAN, and zero trust network access (ZTNA) from various vendors, Swissport took a different approach. They chose to consolidate their security technology stack with Cato, standardizing policy enforcement and embedding security directly into the network fabric.
Ashton-Roberts and Thorp shared with VentureBeat that SASE has provided the visibility needed to keep their global IT operations running smoothly, while Zero Trust ensures the least privilege access, safeguarding assets, resources, and, most importantly, the identities and roles of employees and customers on the network.
Swissport’s SASE blueprint is built on the following five principles:
- End-to-end Zero Trust for Immediate Action: Swissport enforces Zero Trust across every edge and endpoint, replacing legacy VPNs with a fully authenticated, segmented, and adaptive network fabric that continuously assesses risk. “Within 15 minutes, our team identified unusual database traffic, blocked the device, and restored normal operations—something that would’ve taken days before,” Thorp told VentureBeat.
- Unified Policy for Simplified Global Security: Swissport's legacy systems were a disjointed mix of multiprotocol label switching (MPLS) links, regional VPNs, and isolated firewalls, leading to inconsistent policy enforcement. Now, a single policy framework governs access across Amazon Web Services (AWS), Microsoft Azure, cloud SaaS applications, and airport edge systems, with real-time control. Gartner predicts that by 2027, 40% of large enterprises will adopt location-agnostic enforcement as a ZTNA baseline, up from less than 10% in 2024. Swissport is already leveraging this model to reduce complexity and increase its reach.
- Real-time Visibility to Drive Business Results: Legacy systems left Swissport blind to cross-domain threats, with root cause analysis taking days. Now, all traffic, from airport terminals to cloud SaaS applications, is streamed into a single data lake that supports continuous, role-based access control (RBAC) and threat analytics. “It’s incredibly straightforward to identify connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp said. According to Gartner, fewer than half of vendors offer unified observability across users, devices, and apps at all edges. Swissport has made this a foundational element.
- Decrypt Everything, Disrupt Nothing: Encrypted traffic can be a blind spot. Many enterprises avoid TLS inspection to prevent latency or application issues, but Swissport chose a different path. By deploying full inline TLS inspection across its backbone, Swissport maintains visibility into encrypted threats without disrupting critical aviation systems. Most SSE and ZTNA vendors rely on partial decryption or bypass tunnels, but Swissport has shown that full inspection is possible even in high-sensitivity, high-availability environments.
- SASE Platform for Faster Business Wins: Swissport didn't add more vendors; they consolidated them. A SASE platform replaced a sprawl of SD-WAN appliances, VPN concentrators, and standalone security tools. The result? Sites come online in hours, not weeks. New users are protected instantly. Policy changes propagate globally in minutes. Gartner projects that 65% of all SD-WAN purchases will be bundled into single-vendor SASE platforms by 2027, up from just 20% in 2024. Swissport didn’t wait—they made SASE the baseline, not a bolt-on, and it's evident in their global agility.
Related article
Hangzhou Shangcheng District Launches Zhejiang's First AIGC Audio-Visual 'Golden Ten Measures', 5 Billion Industry Fund
On the 16th, the AIGC Audio-Visual Industry Innovation Ecosystem Conference took place in Hangzhou's Shangcheng District. During the event, the province unveiled its first dedicated policy for the AIGC audio-visual industry—"The Golden Ten." This pol
MIIT Seeks Public Feedback on 121 Industry Standards, Including AI Model Context Protocol
China's Ministry of Industry and Information Technology has officially released a notice seeking public feedback on 121 industry standardization projects, including the "Application Security Requirements for the Artificial Intelligence Security Gover
OpenAI Partners with U.S. Department of Defense, ChatGPT Uninstallations Surge 295%
Public Outrage: OpenAI's Military Partnership Sparks a 'Uninstall Surge'Recently, AI leader OpenAI announced a deep partnership with the U.S. Department of Defense (DoD), integrating its AI models into top-secret military networks. The news sparked w
Related Special Topic Recommendations
Text-to-speech
Top AI Voice Tools for Indie Game Devs: Save Time on Voice Acting for RPGs and Visual Novels
Discover the 2026 best AI voice tools for game devs! XIX.AI's curated list features top-rated, game-changing solutions to save you time and money on voice acting for RPGs and visual novels. Explore free vs paid comparisons, real-world tests, and weekly updated rankings. Find your perfect voice tool today!
10 tools
xix.ai
Education and Learning
Best AI Spaced Repetition Tools: Optimize Study Schedules for Medical & Law Students
Discover the 2026 best AI spaced repetition tools, curated by XIX.AI. Our top-rated, game-changing picks help medical and law students optimize study schedules for maximum retention. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your learning edge now.
10 tools
xix.ai
Video creation
Best AI Text to Video Platforms for Script Writing and Visual Storytelling
2026 Latest Best AI Text to Video Platforms: Top-rated tools for script writing and visual storytelling. Discover powerful, game-changing solutions to transform your text into engaging videos. Compare free vs paid options with our weekly updated rankings and real-world tests. Find your perfect platform to boost creativity and productivity. Explore the curated selection at XIX.AI.
10 tools
xix.ai
chatbot
AI Multi-Agent Orchestrators: Design Complex Automated Workflows through Natural Language
2026 Latest: Discover the best AI multi-agent orchestrators to design complex automated workflows through natural language. Our curated list features top-rated, powerful platforms for seamless task automation and intelligent process management. Compare free vs paid options with real-world insights. Unlock your AI edge with XIX.AI's expert weekly updated rankings.
10 tools
xix.ai
Image editing
Best AI Noise Reduction Software: Remove Grain & Artifacts from Low-Light Night Photography
Discover the 2026 best AI noise reduction software for low-light night photography. Our top-rated, curated list compares free vs paid tools, featuring real-world tests and weekly updated rankings. Remove grain & artifacts effortlessly. Unlock your AI edge at XIX.AI.
10 tools
xix.ai
chatbot
Best Custom AI Girlfriend Generators: Design Unique Personalities, Hobbies, and Backstories
Discover the 2026 best custom AI girlfriend generators on XIX.AI. Explore our top-rated, curated list for designing unique personalities, hobbies, and deep backstories. Compare free vs paid options with real-world insights. Unlock your perfect creative companion today.
10 tools
xix.ai
Comments (1)
0/500
![RyanSmith]()
Swissport's move to SASE is intriguing! It’s like swapping a clunky old car for a sleek electric model—smoother and faster. Curious how this impacts their global ops long-term. 🌐
Swissport's Journey to Enhanced Security and Growth
In the world of Swissport, bolstering security and networking isn't just a necessity—it's a golden opportunity to expand their customer base and drive growth. As the company's global IT operations began to show the cracks of relying on outdated legacy systems, it became clear that these systems were more of a hindrance than a help. Senior management quickly recognized the need for centralized visibility and took swift action to address these challenges.
Outpacing Legacy Systems
Swissport's rapid business expansion brought with it a host of security and networking issues. The legacy systems were simply not keeping up, impeding the company's ability to serve customers effectively, secure global operations, and continue to grow. The senior management team shared with VentureBeat that these systems were falling behind the pace of their business, prompting a search for modern solutions, starting with the adoption of secure access service edge (SASE).
In 2024, Swissport provided ground services for 247 million airline passengers, managed over five million tons of air freight across 117 cargo centers, and supported airlines at 279 airports in 45 countries spanning six continents. As the world's leading provider of ground and cargo handling services in the aviation industry, Swissport's ability to connect and secure its global IT operations is crucial. This is essential for a business that supports over 26,000 users, including ground crew and remote workers.
“The real challenge wasn't just about visibility—it was about maintaining consistency,” explained Giles Ashton-Roberts, Chief Information Security Officer at Swissport. “We needed to streamline security enforcement across our hundreds of sites without hampering our business operations.”
Transitioning to SASE
“We operate around the clock. There's always peak time somewhere in the world, and our network must be both secure and always available,” Richard Thorp, Chief Technology Officer at Swissport, shared in a recent VentureBeat interview. “Standardizing security across all users and devices, whether they're in a coffee shop or on the tarmac, is essential.”
The legacy systems were not scaling fast enough to match Swissport's growth. These systems, along with a fragmented infrastructure, were slowing down the company's expansion and posing potential security risks. Swissport aimed to overhaul its security and networking infrastructure, replacing a patchwork of virtual private networks (VPNs), disparate appliances, and inconsistent policy enforcement with a cohesive SASE architecture.
“Before this transformation, managing different systems at different sites with varied policies was a nightmare—visibility was all over the place,” Thorp remarked. “Now, we operate under a single set of security policies worldwide, which gives me peace of mind knowing our environment is secure.”
Every connection, from airport kiosks to hybrid work devices, is now identity-aware, continuously assessed for risk, and enforced in real-time from a single, cloud-native SASE platform. With Zero Trust enforced on every endpoint and interaction, Swissport can flexibly expand while continuing to meet its customers' needs.
SASE: The Heart of Swissport’s Transformation
Swissport's move to SASE architecture highlights the importance of real-time responsiveness, transparency, and accuracy in maintaining and enhancing its global customer relationships. In the aviation service industry, success hinges on every unit having access to the necessary data. SASE enables Swissport to forge a unified team dedicated to delivering exceptional service to its customers.
VentureBeat has observed that SASE offers more than just a replacement for legacy systems; it provides a unified architecture that significantly enhances operational efficiency. The faster and more accurate the data, the better Swissport can coordinate remote offices and locations, aligning them with broader teams and boosting return on invested capital (ROIC).
This trend is evident across capital-intensive service industries, where improving responsiveness and unifying geographically diverse networks directly impacts revenue. Swissport's SASE strategy is built around a unified architecture that connects over 320 locations, ensuring secure, real-time communication across the network.
In choosing its SASE strategy, Swissport selected a single, cloud-native SASE platform. Gartner highlights several advantages to this approach, including platform unification, simplified policy control, and identity-aware access that adapts in real-time. After thorough evaluation of SASE vendors that also integrate zero trust into their architecture, Swissport opted for Cato Networks. Cato Networks was chosen for its single management plane, unified data lake, global Points of Presence (PoPs), and its ability to integrate software-defined wide area network (SD-WAN) and security into one enforcement layer. Thorp emphasized to VentureBeat that the motivation to adopt a SASE platform stemmed from the need to streamline the management of multiple legacy platforms, each with its own configurations, which had previously complicated troubleshooting and security enforcement.
“Cato’s TLS Inspection capability allows us to inspect encrypted traffic without causing service disruptions,” said Ashton-Roberts. “This has significantly enhanced our security posture.” Transport Layer Security (TLS) inspection is vital to Swissport's network and security infrastructure, as it secures data and identifies potential threats by analyzing the contents of encrypted messages for malware, data exfiltration, or other malicious activities.
Lessons from Swissport’s SASE Implementation
While many enterprises are piecing together secure service edge (SSE), SD-WAN, and zero trust network access (ZTNA) from various vendors, Swissport took a different approach. They chose to consolidate their security technology stack with Cato, standardizing policy enforcement and embedding security directly into the network fabric.
Ashton-Roberts and Thorp shared with VentureBeat that SASE has provided the visibility needed to keep their global IT operations running smoothly, while Zero Trust ensures the least privilege access, safeguarding assets, resources, and, most importantly, the identities and roles of employees and customers on the network.
Swissport’s SASE blueprint is built on the following five principles:
- End-to-end Zero Trust for Immediate Action: Swissport enforces Zero Trust across every edge and endpoint, replacing legacy VPNs with a fully authenticated, segmented, and adaptive network fabric that continuously assesses risk. “Within 15 minutes, our team identified unusual database traffic, blocked the device, and restored normal operations—something that would’ve taken days before,” Thorp told VentureBeat.
- Unified Policy for Simplified Global Security: Swissport's legacy systems were a disjointed mix of multiprotocol label switching (MPLS) links, regional VPNs, and isolated firewalls, leading to inconsistent policy enforcement. Now, a single policy framework governs access across Amazon Web Services (AWS), Microsoft Azure, cloud SaaS applications, and airport edge systems, with real-time control. Gartner predicts that by 2027, 40% of large enterprises will adopt location-agnostic enforcement as a ZTNA baseline, up from less than 10% in 2024. Swissport is already leveraging this model to reduce complexity and increase its reach.
- Real-time Visibility to Drive Business Results: Legacy systems left Swissport blind to cross-domain threats, with root cause analysis taking days. Now, all traffic, from airport terminals to cloud SaaS applications, is streamed into a single data lake that supports continuous, role-based access control (RBAC) and threat analytics. “It’s incredibly straightforward to identify connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp said. According to Gartner, fewer than half of vendors offer unified observability across users, devices, and apps at all edges. Swissport has made this a foundational element.
- Decrypt Everything, Disrupt Nothing: Encrypted traffic can be a blind spot. Many enterprises avoid TLS inspection to prevent latency or application issues, but Swissport chose a different path. By deploying full inline TLS inspection across its backbone, Swissport maintains visibility into encrypted threats without disrupting critical aviation systems. Most SSE and ZTNA vendors rely on partial decryption or bypass tunnels, but Swissport has shown that full inspection is possible even in high-sensitivity, high-availability environments.
- SASE Platform for Faster Business Wins: Swissport didn't add more vendors; they consolidated them. A SASE platform replaced a sprawl of SD-WAN appliances, VPN concentrators, and standalone security tools. The result? Sites come online in hours, not weeks. New users are protected instantly. Policy changes propagate globally in minutes. Gartner projects that 65% of all SD-WAN purchases will be bundled into single-vendor SASE platforms by 2027, up from just 20% in 2024. Swissport didn’t wait—they made SASE the baseline, not a bolt-on, and it's evident in their global agility.
Hangzhou Shangcheng District Launches Zhejiang's First AIGC Audio-Visual 'Golden Ten Measures', 5 Billion Industry Fund
On the 16th, the AIGC Audio-Visual Industry Innovation Ecosystem Conference took place in Hangzhou's Shangcheng District. During the event, the province unveiled its first dedicated policy for the AIGC audio-visual industry—"The Golden Ten." This pol
MIIT Seeks Public Feedback on 121 Industry Standards, Including AI Model Context Protocol
China's Ministry of Industry and Information Technology has officially released a notice seeking public feedback on 121 industry standardization projects, including the "Application Security Requirements for the Artificial Intelligence Security Gover
OpenAI Partners with U.S. Department of Defense, ChatGPT Uninstallations Surge 295%
Public Outrage: OpenAI's Military Partnership Sparks a 'Uninstall Surge'Recently, AI leader OpenAI announced a deep partnership with the U.S. Department of Defense (DoD), integrating its AI models into top-secret military networks. The news sparked w
Discover the 2026 best AI voice tools for game devs! XIX.AI's curated list features top-rated, game-changing solutions to save you time and money on voice acting for RPGs and visual novels. Explore free vs paid comparisons, real-world tests, and weekly updated rankings. Find your perfect voice tool today!
10 tools
xix.ai
Discover the 2026 best AI spaced repetition tools, curated by XIX.AI. Our top-rated, game-changing picks help medical and law students optimize study schedules for maximum retention. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your learning edge now.
10 tools
xix.ai
2026 Latest Best AI Text to Video Platforms: Top-rated tools for script writing and visual storytelling. Discover powerful, game-changing solutions to transform your text into engaging videos. Compare free vs paid options with our weekly updated rankings and real-world tests. Find your perfect platform to boost creativity and productivity. Explore the curated selection at XIX.AI.
10 tools
xix.ai
2026 Latest: Discover the best AI multi-agent orchestrators to design complex automated workflows through natural language. Our curated list features top-rated, powerful platforms for seamless task automation and intelligent process management. Compare free vs paid options with real-world insights. Unlock your AI edge with XIX.AI's expert weekly updated rankings.
10 tools
xix.ai
Discover the 2026 best AI noise reduction software for low-light night photography. Our top-rated, curated list compares free vs paid tools, featuring real-world tests and weekly updated rankings. Remove grain & artifacts effortlessly. Unlock your AI edge at XIX.AI.
10 tools
xix.ai
Discover the 2026 best custom AI girlfriend generators on XIX.AI. Explore our top-rated, curated list for designing unique personalities, hobbies, and deep backstories. Compare free vs paid options with real-world insights. Unlock your perfect creative companion today.
10 tools
xix.ai
Swissport's move to SASE is intriguing! It’s like swapping a clunky old car for a sleek electric model—smoother and faster. Curious how this impacts their global ops long-term. 🌐
