From friction to flow: Why Swissport scrapped its VPN maze for Cato’s SASE fabric
Swissport's Journey to Enhanced Security and Growth
In the world of Swissport, bolstering security and networking isn't just a necessity—it's a golden opportunity to expand their customer base and drive growth. As the company's global IT operations began to show the cracks of relying on outdated legacy systems, it became clear that these systems were more of a hindrance than a help. Senior management quickly recognized the need for centralized visibility and took swift action to address these challenges.
Outpacing Legacy Systems
Swissport's rapid business expansion brought with it a host of security and networking issues. The legacy systems were simply not keeping up, impeding the company's ability to serve customers effectively, secure global operations, and continue to grow. The senior management team shared with VentureBeat that these systems were falling behind the pace of their business, prompting a search for modern solutions, starting with the adoption of secure access service edge (SASE).
In 2024, Swissport provided ground services for 247 million airline passengers, managed over five million tons of air freight across 117 cargo centers, and supported airlines at 279 airports in 45 countries spanning six continents. As the world's leading provider of ground and cargo handling services in the aviation industry, Swissport's ability to connect and secure its global IT operations is crucial. This is essential for a business that supports over 26,000 users, including ground crew and remote workers.
“The real challenge wasn't just about visibility—it was about maintaining consistency,” explained Giles Ashton-Roberts, Chief Information Security Officer at Swissport. “We needed to streamline security enforcement across our hundreds of sites without hampering our business operations.”
Transitioning to SASE
“We operate around the clock. There's always peak time somewhere in the world, and our network must be both secure and always available,” Richard Thorp, Chief Technology Officer at Swissport, shared in a recent VentureBeat interview. “Standardizing security across all users and devices, whether they're in a coffee shop or on the tarmac, is essential.”
The legacy systems were not scaling fast enough to match Swissport's growth. These systems, along with a fragmented infrastructure, were slowing down the company's expansion and posing potential security risks. Swissport aimed to overhaul its security and networking infrastructure, replacing a patchwork of virtual private networks (VPNs), disparate appliances, and inconsistent policy enforcement with a cohesive SASE architecture.
“Before this transformation, managing different systems at different sites with varied policies was a nightmare—visibility was all over the place,” Thorp remarked. “Now, we operate under a single set of security policies worldwide, which gives me peace of mind knowing our environment is secure.”
Every connection, from airport kiosks to hybrid work devices, is now identity-aware, continuously assessed for risk, and enforced in real-time from a single, cloud-native SASE platform. With Zero Trust enforced on every endpoint and interaction, Swissport can flexibly expand while continuing to meet its customers' needs.
SASE: The Heart of Swissport’s Transformation
Swissport's move to SASE architecture highlights the importance of real-time responsiveness, transparency, and accuracy in maintaining and enhancing its global customer relationships. In the aviation service industry, success hinges on every unit having access to the necessary data. SASE enables Swissport to forge a unified team dedicated to delivering exceptional service to its customers.
VentureBeat has observed that SASE offers more than just a replacement for legacy systems; it provides a unified architecture that significantly enhances operational efficiency. The faster and more accurate the data, the better Swissport can coordinate remote offices and locations, aligning them with broader teams and boosting return on invested capital (ROIC).
This trend is evident across capital-intensive service industries, where improving responsiveness and unifying geographically diverse networks directly impacts revenue. Swissport's SASE strategy is built around a unified architecture that connects over 320 locations, ensuring secure, real-time communication across the network.
In choosing its SASE strategy, Swissport selected a single, cloud-native SASE platform. Gartner highlights several advantages to this approach, including platform unification, simplified policy control, and identity-aware access that adapts in real-time. After thorough evaluation of SASE vendors that also integrate zero trust into their architecture, Swissport opted for Cato Networks. Cato Networks was chosen for its single management plane, unified data lake, global Points of Presence (PoPs), and its ability to integrate software-defined wide area network (SD-WAN) and security into one enforcement layer. Thorp emphasized to VentureBeat that the motivation to adopt a SASE platform stemmed from the need to streamline the management of multiple legacy platforms, each with its own configurations, which had previously complicated troubleshooting and security enforcement.
“Cato’s TLS Inspection capability allows us to inspect encrypted traffic without causing service disruptions,” said Ashton-Roberts. “This has significantly enhanced our security posture.” Transport Layer Security (TLS) inspection is vital to Swissport's network and security infrastructure, as it secures data and identifies potential threats by analyzing the contents of encrypted messages for malware, data exfiltration, or other malicious activities.
Lessons from Swissport’s SASE Implementation
While many enterprises are piecing together secure service edge (SSE), SD-WAN, and zero trust network access (ZTNA) from various vendors, Swissport took a different approach. They chose to consolidate their security technology stack with Cato, standardizing policy enforcement and embedding security directly into the network fabric.
Ashton-Roberts and Thorp shared with VentureBeat that SASE has provided the visibility needed to keep their global IT operations running smoothly, while Zero Trust ensures the least privilege access, safeguarding assets, resources, and, most importantly, the identities and roles of employees and customers on the network.
Swissport’s SASE blueprint is built on the following five principles:
- End-to-end Zero Trust for Immediate Action: Swissport enforces Zero Trust across every edge and endpoint, replacing legacy VPNs with a fully authenticated, segmented, and adaptive network fabric that continuously assesses risk. “Within 15 minutes, our team identified unusual database traffic, blocked the device, and restored normal operations—something that would’ve taken days before,” Thorp told VentureBeat.
- Unified Policy for Simplified Global Security: Swissport's legacy systems were a disjointed mix of multiprotocol label switching (MPLS) links, regional VPNs, and isolated firewalls, leading to inconsistent policy enforcement. Now, a single policy framework governs access across Amazon Web Services (AWS), Microsoft Azure, cloud SaaS applications, and airport edge systems, with real-time control. Gartner predicts that by 2027, 40% of large enterprises will adopt location-agnostic enforcement as a ZTNA baseline, up from less than 10% in 2024. Swissport is already leveraging this model to reduce complexity and increase its reach.
- Real-time Visibility to Drive Business Results: Legacy systems left Swissport blind to cross-domain threats, with root cause analysis taking days. Now, all traffic, from airport terminals to cloud SaaS applications, is streamed into a single data lake that supports continuous, role-based access control (RBAC) and threat analytics. “It’s incredibly straightforward to identify connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp said. According to Gartner, fewer than half of vendors offer unified observability across users, devices, and apps at all edges. Swissport has made this a foundational element.
- Decrypt Everything, Disrupt Nothing: Encrypted traffic can be a blind spot. Many enterprises avoid TLS inspection to prevent latency or application issues, but Swissport chose a different path. By deploying full inline TLS inspection across its backbone, Swissport maintains visibility into encrypted threats without disrupting critical aviation systems. Most SSE and ZTNA vendors rely on partial decryption or bypass tunnels, but Swissport has shown that full inspection is possible even in high-sensitivity, high-availability environments.
- SASE Platform for Faster Business Wins: Swissport didn't add more vendors; they consolidated them. A SASE platform replaced a sprawl of SD-WAN appliances, VPN concentrators, and standalone security tools. The result? Sites come online in hours, not weeks. New users are protected instantly. Policy changes propagate globally in minutes. Gartner projects that 65% of all SD-WAN purchases will be bundled into single-vendor SASE platforms by 2027, up from just 20% in 2024. Swissport didn’t wait—they made SASE the baseline, not a bolt-on, and it's evident in their global agility.
Related article
Tech Leaders Embrace AI Avatars for Earnings Calls
Tech company CEOs are not only prioritizing AI in their businesses but are now using AI avatars to represent them during earnings calls.Buy-now-pay-later firm Klarna showcased an AI version of CEO and
New Star Wars Turn-Based Strategy Game Zero Company Revealed
The Star Wars strategy game announced in 2022 now has an official title: Zero Company, as disclosed by EA today. The game’s website describes it as a “single-player turn-based tactics game,” features
Meta Intensifies Efforts to Curb Unoriginal Content on Facebook
On Monday, Meta unveiled stricter measures to tackle accounts posting unoriginal content on Facebook, targeting those that repeatedly repurpose others’ text, images, or videos. The company reported re
Comments (0)
0/200
Swissport's Journey to Enhanced Security and Growth
In the world of Swissport, bolstering security and networking isn't just a necessity—it's a golden opportunity to expand their customer base and drive growth. As the company's global IT operations began to show the cracks of relying on outdated legacy systems, it became clear that these systems were more of a hindrance than a help. Senior management quickly recognized the need for centralized visibility and took swift action to address these challenges.
Outpacing Legacy Systems
Swissport's rapid business expansion brought with it a host of security and networking issues. The legacy systems were simply not keeping up, impeding the company's ability to serve customers effectively, secure global operations, and continue to grow. The senior management team shared with VentureBeat that these systems were falling behind the pace of their business, prompting a search for modern solutions, starting with the adoption of secure access service edge (SASE).
In 2024, Swissport provided ground services for 247 million airline passengers, managed over five million tons of air freight across 117 cargo centers, and supported airlines at 279 airports in 45 countries spanning six continents. As the world's leading provider of ground and cargo handling services in the aviation industry, Swissport's ability to connect and secure its global IT operations is crucial. This is essential for a business that supports over 26,000 users, including ground crew and remote workers.
“The real challenge wasn't just about visibility—it was about maintaining consistency,” explained Giles Ashton-Roberts, Chief Information Security Officer at Swissport. “We needed to streamline security enforcement across our hundreds of sites without hampering our business operations.”
Transitioning to SASE
“We operate around the clock. There's always peak time somewhere in the world, and our network must be both secure and always available,” Richard Thorp, Chief Technology Officer at Swissport, shared in a recent VentureBeat interview. “Standardizing security across all users and devices, whether they're in a coffee shop or on the tarmac, is essential.”
The legacy systems were not scaling fast enough to match Swissport's growth. These systems, along with a fragmented infrastructure, were slowing down the company's expansion and posing potential security risks. Swissport aimed to overhaul its security and networking infrastructure, replacing a patchwork of virtual private networks (VPNs), disparate appliances, and inconsistent policy enforcement with a cohesive SASE architecture.
“Before this transformation, managing different systems at different sites with varied policies was a nightmare—visibility was all over the place,” Thorp remarked. “Now, we operate under a single set of security policies worldwide, which gives me peace of mind knowing our environment is secure.”
Every connection, from airport kiosks to hybrid work devices, is now identity-aware, continuously assessed for risk, and enforced in real-time from a single, cloud-native SASE platform. With Zero Trust enforced on every endpoint and interaction, Swissport can flexibly expand while continuing to meet its customers' needs.
SASE: The Heart of Swissport’s Transformation
Swissport's move to SASE architecture highlights the importance of real-time responsiveness, transparency, and accuracy in maintaining and enhancing its global customer relationships. In the aviation service industry, success hinges on every unit having access to the necessary data. SASE enables Swissport to forge a unified team dedicated to delivering exceptional service to its customers.
VentureBeat has observed that SASE offers more than just a replacement for legacy systems; it provides a unified architecture that significantly enhances operational efficiency. The faster and more accurate the data, the better Swissport can coordinate remote offices and locations, aligning them with broader teams and boosting return on invested capital (ROIC).
This trend is evident across capital-intensive service industries, where improving responsiveness and unifying geographically diverse networks directly impacts revenue. Swissport's SASE strategy is built around a unified architecture that connects over 320 locations, ensuring secure, real-time communication across the network.
In choosing its SASE strategy, Swissport selected a single, cloud-native SASE platform. Gartner highlights several advantages to this approach, including platform unification, simplified policy control, and identity-aware access that adapts in real-time. After thorough evaluation of SASE vendors that also integrate zero trust into their architecture, Swissport opted for Cato Networks. Cato Networks was chosen for its single management plane, unified data lake, global Points of Presence (PoPs), and its ability to integrate software-defined wide area network (SD-WAN) and security into one enforcement layer. Thorp emphasized to VentureBeat that the motivation to adopt a SASE platform stemmed from the need to streamline the management of multiple legacy platforms, each with its own configurations, which had previously complicated troubleshooting and security enforcement.
“Cato’s TLS Inspection capability allows us to inspect encrypted traffic without causing service disruptions,” said Ashton-Roberts. “This has significantly enhanced our security posture.” Transport Layer Security (TLS) inspection is vital to Swissport's network and security infrastructure, as it secures data and identifies potential threats by analyzing the contents of encrypted messages for malware, data exfiltration, or other malicious activities.
Lessons from Swissport’s SASE Implementation
While many enterprises are piecing together secure service edge (SSE), SD-WAN, and zero trust network access (ZTNA) from various vendors, Swissport took a different approach. They chose to consolidate their security technology stack with Cato, standardizing policy enforcement and embedding security directly into the network fabric.
Ashton-Roberts and Thorp shared with VentureBeat that SASE has provided the visibility needed to keep their global IT operations running smoothly, while Zero Trust ensures the least privilege access, safeguarding assets, resources, and, most importantly, the identities and roles of employees and customers on the network.
Swissport’s SASE blueprint is built on the following five principles:
- End-to-end Zero Trust for Immediate Action: Swissport enforces Zero Trust across every edge and endpoint, replacing legacy VPNs with a fully authenticated, segmented, and adaptive network fabric that continuously assesses risk. “Within 15 minutes, our team identified unusual database traffic, blocked the device, and restored normal operations—something that would’ve taken days before,” Thorp told VentureBeat.
- Unified Policy for Simplified Global Security: Swissport's legacy systems were a disjointed mix of multiprotocol label switching (MPLS) links, regional VPNs, and isolated firewalls, leading to inconsistent policy enforcement. Now, a single policy framework governs access across Amazon Web Services (AWS), Microsoft Azure, cloud SaaS applications, and airport edge systems, with real-time control. Gartner predicts that by 2027, 40% of large enterprises will adopt location-agnostic enforcement as a ZTNA baseline, up from less than 10% in 2024. Swissport is already leveraging this model to reduce complexity and increase its reach.
- Real-time Visibility to Drive Business Results: Legacy systems left Swissport blind to cross-domain threats, with root cause analysis taking days. Now, all traffic, from airport terminals to cloud SaaS applications, is streamed into a single data lake that supports continuous, role-based access control (RBAC) and threat analytics. “It’s incredibly straightforward to identify connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp said. According to Gartner, fewer than half of vendors offer unified observability across users, devices, and apps at all edges. Swissport has made this a foundational element.
- Decrypt Everything, Disrupt Nothing: Encrypted traffic can be a blind spot. Many enterprises avoid TLS inspection to prevent latency or application issues, but Swissport chose a different path. By deploying full inline TLS inspection across its backbone, Swissport maintains visibility into encrypted threats without disrupting critical aviation systems. Most SSE and ZTNA vendors rely on partial decryption or bypass tunnels, but Swissport has shown that full inspection is possible even in high-sensitivity, high-availability environments.
- SASE Platform for Faster Business Wins: Swissport didn't add more vendors; they consolidated them. A SASE platform replaced a sprawl of SD-WAN appliances, VPN concentrators, and standalone security tools. The result? Sites come online in hours, not weeks. New users are protected instantly. Policy changes propagate globally in minutes. Gartner projects that 65% of all SD-WAN purchases will be bundled into single-vendor SASE platforms by 2027, up from just 20% in 2024. Swissport didn’t wait—they made SASE the baseline, not a bolt-on, and it's evident in their global agility.
Tech Leaders Embrace AI Avatars for Earnings Calls
Tech company CEOs are not only prioritizing AI in their businesses but are now using AI avatars to represent them during earnings calls.Buy-now-pay-later firm Klarna showcased an AI version of CEO and
New Star Wars Turn-Based Strategy Game Zero Company Revealed
The Star Wars strategy game announced in 2022 now has an official title: Zero Company, as disclosed by EA today. The game’s website describes it as a “single-player turn-based tactics game,” features
Meta Intensifies Efforts to Curb Unoriginal Content on Facebook
On Monday, Meta unveiled stricter measures to tackle accounts posting unoriginal content on Facebook, targeting those that repeatedly repurpose others’ text, images, or videos. The company reported re
