Three Ways to Protect the Data Powering Summer Vacations

By Amit Shaked, CEO and Co-Founder, Laminar

The travel industry is in the midst of rapid recovery following the COVID-19 pandemic. In 2022, there were over 747 million passengers who took to the skies, a 125.9% increase from the year before. Experts predict that travel will recover to pre-pandemic levels before the end of 2023.

The hidden force behind each airline powering safety, travel paths, aircraft repairs, and the customer experience is data. It is estimated that the average aircraft creates more than 20 terabytes of engine information an hour — and this is only a portion of the story. From purchasing a ticket, to scanning an ID, and any meals or drinks bought on a plane, airline employees and customers are constantly creating and exchanging data. All of this data can be used to contribute to a better experience overall for pilots, flight attendants, and passengers. However, businesses must act judiciously to safeguard the security, privacy, and governance of such data.

The aviation industry has seen a steady rise of cyberattacks since 2020. At the beginning of the year, the Transportation Security Administration (TSA) said it was investigating a potential cybersecurity incident after a researcher discovered a copy of the 2019 no-fly list on an unsecured internet server. The list contained names and birthdays of individuals prohibited from flying on commercial flights going to, from, or within the U.S. Adversaries aren’t just interested in data pertaining to national secrets, they seek sensitive personal information too. Last year, threat actors also breached Pegasus Airlines and were able to access 6.5TB of sensitive data, which included source code, staff data, and electronic flight bag data.

As the busy summer travel season begins, it is critical that the aviation industry and its partners take the right steps to protect its most valuable assets: its data.

Cloud Apps in the Clouds

To stay competitive, domestic and international airlines are compelled to focus on two main elements of business: first, elevate the goods and services they provide to meet the ever-growing expectations of the modern traveler, and second, constantly innovate new ways to improve things like safety standards, on-time arrivals, comfort, price, and so on. In both of these instances, speed and freedom to innovate are essential.

When it comes to innovating the customer experience, it’s clear that in 2023, in-flight WiFi is just the beginning. Now, airlines are offering more ways of entertainment and convenience with a long list of cloud-based amenities. Passengers on a flight can connect with other passengers to compete against them in games and connect socially. Travelers can even shop for last-minute merchandise in the clouds to be picked up at their destination terminal. The extent to which airlines will go to please their customers is unmeasurable, yet it may come at a cost. These amenities, while alluring, contribute to the proliferation of data, often sensitive data such as payment information or access credentials. In this environment, it’s common for unknown or “shadow” data to lurk unknowingly throughout the organization’s network.

Visit any major airport around the world and you’ll notice travel has been one of the biggest beneficiaries of the world’s move to the cloud. Facial recognition, wearables, and virtual reality are all being applied by many airlines to improve travel experiences and make flying easier and safer for passengers. AI is also being used to help the industry advance sustainability efforts, such as the conservation of fuel, reduction of food waste, predicting logistical disruptions, and more.

The proliferation of data in the aviation industry translates to a higher risk of adversarial activity and has led to user data ending up in the wrong hands many times over. Unfortunately, data democratization, which has enabled the activities that create the biggest advantages for cloud-based businesses, are the same activities that introduce the most risk. This is mainly due to the fact that cloud data is extremely challenging to produce largely due to lack of visibility.

Taking Visibility & Security to New Heights

Over the years, cloud computing and digital transformation have expanded the exposed attack surface that IT teams need to defend. Developers using SaaS applications and cloud storage platforms don’t hesitate to deploy new databases without the consent of knowledge of IT, which leads to an extremely limited view of data across the environment. This problem is compounded by the fact that there is often a lack of context – whether the data is sensitive/confidential or not – that leads to inefficient allocation of resources.

The exposure of data across a hybrid or multi-cloud environment, combined with this lack of comprehensive visibility, makes it impossible for many organizations to assess their data security posture accurately. Not all data is created equally, some require more protection than others. Still, security controls are often applied uniformly for the entire environment rather than understanding the context and prioritizing data security efforts accordingly. The complexity of the environment also makes it virtually impossible to monitor for attacks in progress or detect data leaks effectively.

Protecting data across an increasingly complex web of platforms and applications is a challenge facing the aviation industry. However, it is possible to take advantage of the agility and scalability of cloud computing without sacrificing data security.

Elevating Data Protection

It’s clear that the cloud has significant benefits to the aviation industry, from improving travel safety to enhancing traveler comfort. However, today’s aviation industry must adopt modern cloud data security solutions in order to address the unique challenges of protecting its data in the cloud.

The aviation industry can create value by empowering developers and data scientists with stronger data protection techniques that safeguard sensitive, regulated, and proprietary data in the cloud while still offering a high level of speed, convenience and innovation. This is often referred to as agile cloud data security.

Agile cloud data security is built on four primary components: discovery, prioritization, security, and monitoring. Starting with discovery, organizations need complete data observability for everything in their hybrid, multi-cloud environments. They must know what data they have, who owns it, and where it is located. Data security and data governance both require that there is a way to find, characterize and classify known data and “shadow” or unknown data across the entire environment. That data must also be prioritized by understanding the context of the data and prioritize protection accordingly. Analyze the data and where and how it is used so that data security can be analyzed based on a variety of factors, including the sensitivity of the data, the current security posture, governance and compliance mandates and exposure.

Only after an organization’s data is discovered and prioritized can it then truly begin to strengthen its security posture. This entails a reduction and minimization of the attack surface and enforcing data security best practices and established data policies. Lastly, effective cloud data security requires vigilance. IT teams should be detecting new data assets or changes to existing assets and continuously monitor the environment for access anomalies and indications of data leaks or compromise.

The benefits of agile cloud data security are more control over data, a reduction in the innovation attack surface, and more secure support for the daily activities of the value creators. Most importantly, agile cloud security transforms the role of security teams from gatekeepers to gate openers, which is critical to enabling innovation in the aviation industry. With more innovation, the aviation industry can help protect its own bottom line as well as the millions of passengers it serves every year.

About the Author

Amit Shaked is CEO and Co-Founder of Laminar, the first agile data security platform that provides organizations the visibility and control they need to achieve data security, governance, and privacy in the cloud. The Laminar Data Security Posture Management (DSPM) solution continuously discovers and classifies all cloud data, structured and unstructured, across managed and self-hosted data stores, including unknown shadow data, without the data ever leaving the organization’s environment.

Prior to founding Laminar, Shaked served in Unit 8200, an Israeli Intelligence Corps unit of the Israel Defense Forces where he was focused on collecting signal intelligence and code decryption. In the military, Shaked earned a master’s degree in AI and deep learning. Following Unit 8200, Shaked went to large-stage startup Magic Leap which gave him valuable internal security experience.