Get Started

A cybersecurity journey: An airline’s push to be digital-first

Thomas Widen
  • Customer Stories
  • Solutions
  • 2021
  • Thomas Widen
June 08, 2021
An inside look at Scandinavian Airlines System's (SAS) cybersecurity journey on its push to be digital-first

The airline industry faces years of uncertainty as the world recovers from the impact of COVID-19. Airlines will focus on operational efficiency and the means to adapt quickly to changing circumstances and new opportunities. Passengers may be required to carry a vaccine passport, most likely a digital solution, which could bring a host of data security complexity.

For these reasons and more, Scandinavian Airlines System (SAS) aspires to be a digital-first airline. We have more than 350 different systems within our ecosystem—195 of which are business-critical—sending data back and forth, verifying, and authenticating. Our interfaces are increasingly digital, whether that’s a passenger booking a ticket or ground crew checking baggage.

As a result, any airline is an attractive target for cybercriminals. As a critical piece of Scandinavia’s transport infrastructure, we’ve always made safety a priority. Today, safety includes cybersecurity.

Security Incident Response, part of ServiceNow IT Service Management (ITSM), enables us to manage the lifecycle of security threats. For us, that means cyberthreats are identified within one minute, contained in less than 10 minutes, and analyzed within an hour.

Establishing control and visibility

Strategically, SAS decided some time ago to outsource many noncore functions. For this to work to our advantage, we had to establish control and visibility, which we’ve been able to do with the help of ServiceNow.

In Security Incident Management, we’ve consolidated six separate legacy incident management systems—a combination of external and in-house products—into one. This enables us to:

  • Understand the nature of security incidents better

  • Spot trends

  • Address bottlenecks

For the first time, we have control of our dashboards and reporting, with all the metrics to show what’s happening. As a result, we’re driving our own destiny.

Navigating uncertain market conditions

In a normal year, SAS carries more than 28 million passengers, has 4 million loyalty members, and operates in 34 countries. Travel disruption caused by the pandemic has required us to make drastic reductions. But our systems, particularly cybersecurity, must still be robust.

Through automation with ServiceNow, we’re able to do more with the same headcount and be a lot smarter.

The Now Platform provides automation, integration, and consolidation on other workflows too, such as incident, problem, change, asset management, knowledge management, and service catalog. ServiceNow gives us the control and agility we need to move quickly.

We remain a small team, and the advice and insight we receive from ServiceNow, and its experience in other industries, helps inform our evolution. Today, our business is more efficient and proactive in the way it deals with and hunts down cyberthreats. Many manual tasks are now automated, and my team is more productive.

The engagement with ServiceNow is an example of our future IT strategy: cloud-based solutions, software as a service (SaaS), integrated workflows, and in-house visibility. There are clear use cases for ServiceNow across human resources, finance, and further IT projects.

Establishing a cybersecurity culture

Cybersecurity is a journey. We want to adopt a cybersecurity culture across the organization, which is as much about culture as it is tools.

We run competitions for office workers to identify and report phishing scams. We’re trying gamification techniques to encourage users to take part and using short video clips to educate teams. We’re even exploring biometric access for ground staff working in subzero temperatures (where it’s too cold to remove gloves and key in a passcode).

We’re stopping bad actors from getting in but, ultimately, we want to implement a zero-trust architecture to better protect ourselves from threats on the inside.

I’m excited about how SAS has embraced cybersecurity. If we’re to be a truly digital-first airline, cybersecurity must be foundational for our business.

Respond fast to security incidents with help from ServiceNow.

ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Topics

  • Knowledge 2023 takeaways: a group of women raising their hands
    Events
    4 takeaways from Knowledge 2023
    Knowledge 2023 united thousands of ServiceNow customers and colleagues at the first single global user conference in three years. Here are four key takeaways.
  • DEI data analytics: group of diverse workers in conversation
    Culture
    Using DEI data analytics to know where we are and to strategize
    It's impossible to truly embody DEI without first knowing the current state through DEI data analytics. Find out how ServiceNow uses DEI data.
  • Wide view of thousands of people seated to hear the Knowledge 2023 keynote
    Events
    Knowledge 2023 keynote recap: Putting yes to work
    The Knowledge 2023 keynote in Las Vegas was standing room only. Against the theme of “Putting Yes to Work,” speakers shared well-honed insights. Learn more.

Trends & Research

  • ESG technology: green surrounding a river, woman smiling, 2 government employees in conversation
    Cybersecurity and Risk
    Survey says ESG technology drives results
  • RPA: group of workers gathered around a conference table looking at a laptop
    AI and Automation
    Forrester report: ServiceNow debuts as a Strong Performer in RPA
  • Digital innovation: three workers looking at a computer monitor
    AI and Automation
    Survey says digital innovation is the way to navigate macro uncertainty

Year