Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
In Swissport’s world, strengthening security and networking provides an opportunity to serve more customers and grow.
Swissport’s global IT operations started to expose the strains of relying on legacy systems for security and networking, which were quickly becoming a liability for the company. Senior management could see that centralized visibility was a major challenge, which led them to take quick action.
Swissport’s growth outpaced its legacy systems
The security and networking challenges that Swissport faced began to multiply as its business expansion accelerated. Legacy systems were hindering the ability to serve customers, secure global locations and expand the business. The senior management team told VentureBeat that legacy systems weren’t keeping up with the pace of their business, leading the team to consider new alternatives, starting with secure access service edge (SASE).
In 2024, Swissport provided ground services for 247 million airline passengers, handled more than five million tons of air freight at 117 cargo centers and served airlines at 279 airports in 45 countries across six continents. As the world’s largest provider of ground and cargo handling services in the aviation industry, a core part of how Swissport excels for its customers is connecting and securing its global IT operations. That’s table stakes for a business with over 26,000 users, including ground crew and remote workers.
“The biggest challenge wasn’t just visibility—it was consistency,” said Giles Ashton-Roberts, Chief Information Security Officer at Swissport. “We had to unify how we enforce security across hundreds of sites without slowing down the business.”
From fragmented infrastructure to SASE
“We’re truly a 24/7 business. It’s always peak time somewhere in the world, and we need to keep our network both secure and available,” Richard Thorp, Chief Technology Officer at Swissport, told VentureBeat in a recent interview. “That means standardizing security and making sure every user and every device is covered—whether they’re in a coffee shop or on the tarmac.”
Legacy systems were not scaling fast enough to keep up with the rapid expansion pace that Swissport was experiencing. Legacy systems, along with the fragmented infrastructure on which they were based, were slowing down growth and creating potential security and networking challenges. Swissport set ambitious goals to redefine its security and networking stack, replacing fractured virtual private networks (VPNs), disparate appliances and inconsistent policy enforcement with an entirely new SASE architecture.
“Before this change, we were managing different systems across different sites with different policies—and visibility was fragmented,” Thorp said. “Now we operate under one set of security policies globally, and I can sleep at night knowing the environment is secure.”
Every connection, whether from an airport kiosk or a hybrid work device, is now identity-aware, continuously risk-scored, and enforced in real-time from a single, cloud-native SASE platform. Zero Trust is enforced on every endpoint and interaction, giving Swissport the flexibility to grow at the pace it needs to while serving its growing customer base.
Why SASE is at the core of Swissport’s architectural overhaul
Swissport’s decision to adopt SASE architecture underscores the importance of maintaining real-time responsiveness, transparency and accuracy to sustain and enhance its numerous customer relationships worldwide. Excellence in global aviation services occurs when every operating unit has the necessary data. SASE helps Swissport create a unified team galvanized to the common goal of excelling on behalf of customers.
VentureBeat is seeing SASE deliver benefits beyond replacing legacy systems with a unified architecture. The faster and more accurate the data, the more a business can reach remote offices and locations, keeping them coordinated with broader teams and achieving a greater return on invested capital (ROIC).
VentureBeat is also seeing this play out across capital-intensive services businesses today, where improving responsiveness and unifying geographically diverse networks has a direct impact on revenue. Core to Swissport’s SASE strategy is a unified architecture that unites over 320 locations, ensuring more secure, real-time communications across each location and network-wide.
In defining its SASE strategy, Swissport opted for a single, cloud-native SASE platform. Gartner notes there are many benefits to this approach, including platform unification, simplified policy control and identity-aware access that adapts in real-time.
Swissport did their due diligence across all SASE vendors who also offer zero trust as a part of their architecture and chose Cato Networks for its single management plane, unified data lake, global Points of Presence (PoPs) and ability to collapse software-defined wide area network (SD-WAN) and security into one enforcement layer. Thorp told VentureBeat that a significant motivation for adopting a SASE platform was the need to move away from supporting numerous legacy platforms, each with its unique configuration. “Different platforms required different configurations, which complicated troubleshooting and made security enforcement a challenge,” said Thorp.
“Cato’s TLS Inspection gives us the ability to inspect encrypted traffic while avoiding unintended service disruptions,” said Ashton-Roberts. “It’s been a major improvement to our security posture.” Transport Layer Security (TLS) inspection is central to maintaining Swissport’s network and security infrastructure. Encrypting and decrypting TLS and secure sockets layer (SSL) traffic is essential in Swissport’s SASE infrastructure, as it secures data and helps identify potential threats. TLS inspection analyzes the contents of every encrypted message to detect malware, data exfiltration, or other malicious activities that could be more damaging.
Five lessons learned from Swissport’s SASE blueprint
While most enterprises are trying to integrate secure service edge (SSE), SD-WAN, and ZTNA from multiple vendors together, Swissport chose to go all-in on platform consolidation with Cato to collapse their security tech stack, standardize policy enforcement and embed security directly into the network fabric.
Ashton-Roberts and Thorp told VentureBeat that SASE is delivering the visibility they need to keep their global IT operations running smoothly. At the same time, Zero Trust enforces the least privilege and protects assets, resources, and, most importantly, the identities and roles of employees and customers on the network.
Swissport’s SASE blueprint includes the following five principles:
End-to-end zero trust turns detection into instant action. Swissport is enforcing Zero Trust across every edge and endpoint. They’ve replaced legacy VPNs with a fully authenticated, segmented and adaptive network fabric that continuously scores every session for risk. “Within 15 minutes, our team identified excessive database traffic, blocked the device and restored normal operations—something that would’ve taken us days before,” Thorp told VentureBeat.
Global security gets easier when policy is unified. Swissport’s legacy systems were a patchwork of multiprotocol label switching (MPLS) links, region-specific VPNs and isolated firewalls, each created at different times and all delivering inconsistent policy enforcement and constant friction. Now, a single policy framework governs network access across Amazon Web Services (AWS), Microsoft Azure, cloud SaaS applications and airport edge systems. There’s no location-specific logic or manual drift, just real-time control. Gartner forecasts that by 2027, 40% of large enterprises will adopt location-agnostic enforcement as a zero trust network access (ZTNA) baseline, up from less than 10% in 2024. Swissport is already operating on that model, flattening complexity while increasing reach.
Real-time visibility is a business accelerator driving results and ROI. Legacy systems left Swissport blind to cross-domain threats. Correlating the root cause with the response took days. Now, all traffic, from airport terminals to cloud SaaS applications, is streamed into a single data lake that supports continuous, role-based access control (RBAC) and threat analytics. “It’s incredibly easy to pinpoint connectivity issues, analyze traffic patterns, and secure our network from a single interface,” Thorp said. According to Gartnerfewer than half of vendors provide unified observability across users, devices and apps at all edges. Swissport built it into the foundation.
Decrypt everything, disrupt nothing: Secure TLS at scale. Encrypted traffic is the new blind spot. Many enterprises still bypass TLS inspection to avoid latency or application breakage. Swissport chose differently. By deploying full inline TLS inspection across its backbone, Swissport maintains visibility into encrypted threats without disrupting mission-critical aviation systems. Most SSE and ZTNA vendors still rely on partial decryption or bypass tunnels, according to Gartner’s latest review of adaptive access capabilities. Swissport proved full inspection is achievable even in high-sensitivity, high-availability environments.
A SASE platform drives faster business wins. Swissport didn’t add more vendors; they consolidated them. A SASE platform replaced a sprawl of SD-WAN appliances, VPN concentrators, and standalone security tools. The result? Sites come online in hours, not weeks. New users are protected instantly. Policy changes propagate globally in minutes. Gartner projects that 65% of all SD-WAN purchases will be bundled into single-vendor SASE platforms by 2027, up from just 20% in 2024. Swissport didn’t wait. They made SASE the baseline, not a bolt-on, and it shows in their global agility.
Daily insights on business use cases with VB Daily
If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.
Thanks for subscribing. Check out more VB newsletters here.
An error occured.
GIPHY App Key not set. Please check settings