Défis

Deliver office-like experiences anywhere by eliminating VPN hassles

Résultats

Enables 3,900 users to access business-critical private and SaaS apps securely, quickly, and easily from anywhere

Improves user satisfaction by 90% compared to legacy VPN

Processes 733 million transactions through Zscaler monthly

Minimizes the attack surface with least-privileged access to applications and data

Prevented 234 million policy violations and blocked 45,000 security threats in three months

Expedited deployment—just two weeks across the entire organization

Cebu Pacific Air Snapshot

Cebu Pacific Air pioneered its “low fare, great value” strategy to become the leading airline in the Philippines. The company operates flights to more than 60 domestic and international locations and has flown more than 200 million passengers since its start in 1996.

Industrie:

Transportation Services

Siège:

Metro Manila, Philippines

Taille:

3,900

Laureen Cansana, CIO

Laureen Cansana

CIO, Cebu Pacific Air
Our work environment is dynamic, and with Zscaler, employees can continue to work productively without hampering their ability to connect to the resources they need without compromising security.

Étude de cas client

Secure anywhere access to apps for everyone

Cebu Pacific’s zero trust journey began long before the COVID-19 pandemic when it embarked on a digital transformation initiative to improve business agility and operational efficiency. As it embraced a cloud-first strategy, a top priority for the IT team was to ensure that employees could securely and easily access their private or SaaS applications whether they were working at the metro Manila headquarters, at any of its seven operations hubs, or on the road.

“With the rise of sophisticated cybersecurity attacks, we knew traditional perimeter security was not sufficient to protect us against possible data breaches and unauthorized access,” said Glenn Amper, Director of Information Security at Cebu Pacific Air.

Moving to the cloud created new challenges for the traditional network-centric security architecture. IT could no longer rely on security practices built largely on perimeter-based protection and the assertion that users and applications were inherently trustworthy. In a cloud-first world, Cebu Pacific needed stronger, more nimble protection against fast-moving cyberattacks that could result in data loss, regulatory noncompliance, or tarnished customer trust.

Setting a course to true zero trust

A cybersecurity maturity assessment revealed that the company’s existing VPN solution could not properly secure users, especially when they traveled. With a growing risk that VPN usernames and passwords could be compromised, Cebu Pacific wanted stronger authentication and tighter controls for access to both private and SaaS applications that were critical for flight operations, crew scheduling, cargo management, and business operations.

“Our focus was on improving the user experience and boosting our security posture,” said Laureen Cansana, CIO at Cebu Pacific Air. “We wanted an end-to-end solution that would provide robust security and a good user experience.”

Cebu Pacific’s IT leadership was determined to provide employees with a better remote work experience, whether they were accessing private applications or SaaS apps. The legacy VPN software was sluggish and frequently dropped connections, which frustrated employees and impacted their productivity. The service desk was overwhelmed, handling a growing volume of tickets related to remote access. 

Moving to cloud with a perimeter-based security architecture also broadened the attack surface, making the company more vulnerable to potential breaches and other threats from external attackers. Additionally, internal users could intentionally or unintentionally act in a way that increased the organization’s overall risk. IT’s goal was to prevent compromise by reducing the attack surface. “We wanted to adopt the principle of least privilege to limit our risk exposure, especially for critical applications,” Amper explained.

Citation

Zscaler allows us to protect our corporate assets and ensure that only the right people have access to our applications and data.

Glenn Amper, Director of Information Security, Cebu Pacific Air

Rapid adoption accelerates protection

Cebu Pacific began to explore Zscaler as a way to improve the user experience with fast, secure access to the internet and SaaS applications from anywhere.

Cansana and Amper had both previously used Zscaler, and they knew the zero trust solution would provide a better experience for users and stronger security for the business. 

Cebu Pacific rolled out Zscaler Internet Access (ZIA) to provide employees with fast, safe internet access. All internet and SaaS traffic is protected by Zscaler, stopping ransomware, phishing, zero-day malware, and advanced attacks from disrupting the business and distracting users. 

Then, with fortuitous timing, Cebu Pacific was evaluating Zscaler Private Access (ZPA) to replace the VPN with zero trust network access when the pandemic swept across the world. Deployment was speedy. Within two weeks of the government-declared lockdown, the IT team delivered ZPA for secure remote access to 3,900 users, who could access their private applications and services from anywhere and on any device. The improvement in the experience was particularly notable for employees who previously used the VPN. 

“Rolling out zero trust with Zscaler was turnkey,” recalled Amper. “ZPA learned our traffic patterns for a few weeks, then we began to segment applications strategically so we had good visibility into what traffic was good and bad. We improved the user experience and made it possible for employees to work remotely without compromising any of our security policies.” 

 

Improving the employee experience

Thanks to Zscaler, employees can easily and safely access the internet and critical SaaS applications, whether they are working at the head office, at an airport, or from home. Staff can stay focused on their work, and the IT service desk has fewer support tickets. 

“Embracing Zscaler allowed us to improve both the user experience and our security posture,” said Amper. “We have continuous authentication and strict access controls without affecting the user experience.”

Amper estimates that using ZPA has improved employee satisfaction with the remote access experience by 90% compared to the legacy VPN. 

Following the principle of least-privileged access, the Zscaler Zero Trust Exchange platform evaluates the user identity in context with factors like location, device, application, and content, and then creates secure, direct connections between users and the individual applications they are trying to access. Users have a more responsive experience, and the latency inherent in backhauling traffic through centralized security controls is eliminated.

Citation

Zscaler equips us to better address modern cybersecurity challenges while supporting business agility.

Glenn Amper, Director of Information Security, Cebu Pacific Air

Safeguarding business continuity and customer trust

The Zero Trust Exchange continues to scale to protect Cebu Pacific’s business operations as post-pandemic travel resumes. Application traffic has increased 60% in a year. In just three months, Zscaler processed more than 159 TB of traffic, prevented more than 234 million policy violations, and blocked more than 45,000 security threats, including more than 1,500 threats hiding in encrypted traffic. 

“Zscaler allows us to protect our corporate assets and ensure that only the right people have access to our applications and data,” said Amper. “Zscaler also helps mitigate the risk of insider threats.”

A zero trust approach helps Cebu Pacific mitigate the risk of business disruption, protect data privacy, and avoid the consequences of a successful data breach, including regulatory noncompliance or fines. That’s particularly important as passengers return to the skies with Cebu Pacific. 

“If our environment is not secure, we risk exposing customer data,” said Cansana. “Solutions like Zscaler help us give our customers confidence that security is a top priority for Cebu Pacific. With Zscaler, we can protect our brand, our customers, and employees, as well as our data and applications.”

A simpler, consolidated security ecosystem

Zscaler has been easy to integrate with the company’s other best-in-class security solutions, enabling a more streamlined and coordinated security ecosystem.

Integration with CrowdStrike endpoint detection and response (EDR) provides zero trust access to applications based on device health. Together, Zscaler and CrowdStrike continuously assess the posture of employee devices before permitting access to Cebu Pacific’s applications. 

Cebu Pacific plans to integrate Zscaler with other security solutions, including data loss prevention and identity and access management. 

Zscaler also helped Cebu Pacific simplify and consolidate security infrastructure by eliminating VPN appliances and reducing its perimeter firewall fortifications, resulting in a smaller data center footprint and lower energy usage.

Citation

“As a cloud-based solution, Zscaler supports our company’s environmental and sustainability objectives.”

Laureen Cansana, CIO, Cebu Pacific Air

Continuing the zero trust journey

Cebu Pacific plans to expand zero trust with Zscaler. It is exploring how to achieve further consolidation and simplification with the adoption of Zscaler Digital Experience™ (ZDX) to rapidly detect and resolve application, network, or device issues and keep users productive. ZDX can give the airline’s IT support team greater network visibility to fix problems faster.

The company is also exploring Zscaler Workload Communications, which would extend zero trust protection to cloud workloads. The solution, built on top of the Zscaler Trust Exchange, establishes fast, secure cloud connectivity with consistent access policies—and without the hassle of network security appliances. 

Cloud security supports sustainability

Cloud and zero trust security helps Cebu Pacific prioritize environmental sustainability as it accelerates business growth. Cebu Pacific is introducing a modern, fuel-efficient fleet as part of its efforts to achieve net zero carbon emissions. The company’s environmental, sustainability, and governance priorities extend to IT.

“Our goal is to have zero servers in our data centers to minimize our IT carbon footprint,” said Cansana. “As a cloud-based solution, Zscaler supports our company’s environmental and sustainability objectives.” 

Cebu Pacific can not only reduce its own data center space and energy usage, but also be confident that Zscaler’s highly efficient, multi-tenant cloud platform is fueled by 100% renewable energy.

More from this customer

Creating a secure remote experience for 3,900+ employees
Read the Blog

Solutions

Zero Trust App Access
Zero Trust Cloud Connectivity
Secure Your Users