Skip to content

Zero-Trust: From Concept to Reality

How to be a pioneer in cybersecurity

Who is the organisation and what’s its context?

The organisation is a worldwide pioneer in the aerospace industry, operating in the commercial aircraft, helicopters, defence and space sectors. They design, manufacture and deliver aerospace products, services and solutions to customers on a worldwide scale, and employ more than 195 000 employees around the globe, across 455 sites. The Covid-19 pandemic increased the usage of remote workers who access sensitive data, user rights, identity management and software to be handled on a daily basis. The Aircraft division decided to initiate a zero-trust approach assessment to anticipate the new shape of the threat landscape.

What needs did the organisation face at the time?

The challenge, driven by their way of working (SaaS applications, remote workers, etc.), combined with a decentralised IS (CSP) and the acceleration of DevOps, brought to light the sensitivity of data, highly critical and subject to numerous cyber-attacks, which had to be protected. It became necessary to rethink how to secure data accessibility, with consistency, in line with new uses. As part of its new strategic plan, the Group’s management decided to adopt the zero-trust philosophy and paradigm, starting with governance processes and user workflows, from user to data.

What was the turning point where the organisation had no choice but to adapt its strategy?

After Covid-19, and given the number of cyber-attacks targeting employees and partners, the decentralised IT infrastructure and the accelerating shift to the cloud, the organisation decided to implement a new, innovative and pragmatic methodology, without outright technological revolution.

Which factors played an important role in the decision?

Bringing together all IT architects for the first time in the Group’s history, in order to have an optimal, global strategy, the decisive points of the project were as follows:

  • Shift cyber paradigm from initiative to program Translate ZT concepts to iterative program
  • Synchronise all IT stakeholders • Break down IT silos to achieve global coherence and build a zero-trust architecture
  • Reduce risk for the most critical applications
  • Levraging component to ZT features & capabilities
  • Support IT PSL (product service line) organisation
  • Ensure a balance between security and user-friendliness for 195,000 employees

What were the immediate benefits for the organisation and its employees?

  • Global standardisation of processes: identity, data, network, application, device/endpoint
  • Growing maturity of infrastructure applications when faced with ransomware
  • Rationalisation of cyber solutions • Optimisation security process and governance
  • 14 PSL workshops to enhance architects’ skills
  • Multi-year strategy roadmap

From theoretical initiative to pragmatic implementation programme.