Pegasus was in need of a solution that would provide enterprise-grade security in the cloud, rather than on-premises. Forcepoint’s solution has enabled the aviation provider to have greater visibility over user activity, enabling it to apply cloud security correlated to individual employee needs depending on how they operate.
Founded on the idea that everyone has the right to fly, Pegasus Airlines launched its scheduled services in 2005 and in a little more than a decade has become Turkey’s leading low-cost airline and one of the region’s front-runners. Today, Pegasus Airlines flies to a growing network of 108 destinations, including 38 cities in Turkey and 70 cities in 41 countries across Europe, Russia and the Caucasus, the Middle East, North Africa and Asia.
Pegasus offers its guests competitively priced, comfortable and punctual point-to-point and transit flights operated with the newest aircraft under the auspices of its low-cost model. In 2012, Pegasus made Turkish civil aviation history with its order of 100 new Airbus aircraft (approximately US$12 billion), the largest ever at the time.
Like other major airliners, Pegasus Airlines receives and stores a vast amount of customer data. In addition, the company supports workforce productivity by allowing its employees to work from anywhere using personal devices to access email and browse the web. This enablement created the following challenges:
Protecting mobile workers › Pegasus Airlines previously protected data using on-premises web and email security products. Since permitting employees to work outside the office, security teams had identified an increased amount of malware from malicious applications.
Maintaining regulatory compliance › Pegasus Airlines collects and stores the personal data of citizens inside the European Union and is therefore responsible for upholding the mandates of the General Data Protection Regulation (GDPR). The GDPR has strict penalties for companies that cannot quickly identify, report and respond to data loss incidents.
Pegasus leadership wanted a solution that would provide enterprise-grade security in the cloud rather than on-premises. It insisted on selecting a vendor with a roadmap that could one day help Pegasus integrate other solutions to improve its ability to more robustly protect users and data.
After some consideration, Pegasus leadership made the decision to use Forcepoint Cloud Security. Rollout of the Forcepoint solution was smooth with no major issues arising during the implementation period.
Taking advantage of Forcepoint’s far-reaching global cloud infrastructure, Pegasus Airlines has gained enterprise-grade protection for mobile employees. Forcepoint Cloud Protection offers Pegasus real-time threat analysis and the ability to analyse full web page content, active scripts, web links and executables. Its advanced threat dashboard clearly displays who was attacked, what data was targeted, the data’s intended endpoint and how the attack was executed for both inbound and outbound communications. ThreatSeeker Intelligence technology, included within Forcepoint Cloud Protection, prevents employees from accessing dangerous URLs or files before they can be downloaded and protects company email channels from spam and phishing attempts to more advanced threats like ransomware.
Pegasus leadership was surprised to see almost instant results after the implementation. The company has realised a significant increase in productivity, both from employees who spend less time reporting malware and more time focused on their roles, and their security teams who are able to focus their attention on more critical issues.
Going further, Forcepoint Cloud Security allows Pegasus to follow a path to true human-centric security. A simple integration with Forcepoint’s analytics engine will provide Pegasus with the capability to see and correlate user activities in order to gain context into how employees interact with critical data. This will allow Pegasus to apply cloud security individually for each user, enhancing productivity by enforcing web browsing and email policies more specifically and only when needed.
Pegasus leadership is investigating the integration of other Forcepoint technologies to bolster its current cloud capabilities and help it align with the GDPR. These technologies include Forcepoint UEBA, which provides deep insight into high-risk activity; Forcepoint CASB, which provides control over cloud use within the enterprise; and data loss prevention (DLP), which provides the ability to enforce data controls down to the user level.