Vice President - Infrastructure & Security at Oman Airports
Oman Airports Ensure Security and Compliance with Automation
Oman Airports is one of the leading airport authorities in the Middle East. As a state-owned company affiliated with the Oman Investment Authority, it manages all the airports of the Sultanate, including Muscat International Airport, Duqm Airport, Suhar Airport and Salalah Airport.
The company operates with the objective to upgrade and enhance Oman's airports in order to achieve the desired goals, as well as ensure a safe and unique travel experience for all users of its airports. The group provides a variety of services, from flight operations and passenger services to security protocol and hardware compatibility, in a large VMware environment.
We spoke with Basim Al Lawati, ICT Technical Senior Manager at Oman Airports, who offered us insight into how Oman Airports achieves security compliance and reliability for its customers. Mr. Al Lawati has around 60 people in his team, with five direct reports.
Challenges (prior to using Runecast)
Oman Airports had been facing a number of challenges in keeping up with the latest security compliance requirements and ensuring that their IT infrastructure was up to date. Manually managing their IT resources and mitigating any potential risks was time consuming and costly. The company was also having difficulty tracking and reporting on all the changes being made to the IT environment.
According to Mr. Al Lawati, “With COVID-19 we’ve seen a lot of cybersecurity attacks in the region and across the globe. The threat actors are having a lot of time to play. I’ve seen multiple attacks within the region or even the country, the majority of which are ransomware attacks.”
Mr. Al Lawati was managing four main areas starting with the data center, radio communications, and four data centers and two server rooms across four airports. Mr. Al Lawati stated, “Additionally, we take care of the 1000+ CCTVs across the airports, access control devices, X-ray machines, video analytics from the intelligence part of the airport, the operating systems and the core layer of it, which is the Active Directory, mailing services, the basic securities at the server level and the underlying infrastructure which is on the virtualisation, the storage, the backup, the physical service as well.”
Adding to these complex operations, Mr. Al Lawati added, “The cybersecurity risks are increasing day by day, as is the demand for cybersecurity engineers.”
Runecast provided a comprehensive security compliance solution for Oman Airports. The key was to automate and streamline their security compliance processes and enable them to identify and remediate any potential risks in their IT infrastructure. This keeps their IT environment up to date with the latest security standards and avoids any potential security vulnerabilities. The Runecast solution also allows Oman Airports to track and report on all the changes being made to the IT environment.
“We chose Runecast mainly initially looking at the virtualisation layer that we have and ensuring compliance with the best practices that are released by VMware, or even by the other compliance providers like CIS,” said Mr. Al Lawati. “We saw that it’s extremely simple to configure and the results were very fruitful. We even expanded that scope to go to the operating system as well, so it’s not only covering the virtualisation layer, but we also started analysing our operating systems with Runecast.”
One of the top priorities for Oman Airports in the wake of COVID-19 was to ensure a robust and resilient cybersecurity posture, and senior management is giving it a lot of attention. “Before even implementing any IT project,” said Mr. Al Lawati, “it needs to go through a complete security assessment and the posture assessment of that application before launching it to production.”
By using Runecast, Oman Airports have saved time, resources, and money. Implementation of a single-platform solution enabled them to automate their security compliance processes, reducing the time and cost associated with manually managing their IT resources. This has led to a significant reduction in IT operational costs. Additionally, they have been able to prevent any potential security vulnerabilities, such as Log4j, before they become a problem. The Runecast solution also allows them to easily track and report on all the changes being made to the IT environment, enabling them to remain up to date with the latest security standards.
Oman Airports now protects their complex infrastructure, providing its teams visibility not only for security compliance but also for vulnerability assessment, configuration management, alignment with best practices and more. They now have proactive visibility of any gaps that they might have in their environment.
In future-proofing their security compliance and ITOM, Oman Airports can now focus on more strategic initiatives rather than spending time on manual security compliance tasks, as well as stay ahead of potential security threats by identifying and remediating vulnerabilities quickly.
Runecast enables them to ensure they are always compliant with the latest security standards and regulations and reduce the risk of cyber-attacks (and minimize the impact if one occurs).
Additionally, it enables them to improve their:
- Overall IT infrastructure performance and availability
- Incident response time and minimize the impact of security incidents
- IT Governance and compliance posture
- Ability to track and report on changes made to the IT environment
- Overall security and compliance posture of the organization
Oman Airports have reported that using Runecast has led to a significant reduction in IT operational costs, especially those associated with security compliance, audits and incident response. The automation of their security compliance processes has enabled them to save time and resources, reducing the need for manual intervention.
Advice to other organizations
When asked what advice he would give to other organizations looking for a good security compliance solution, Mr. Al Lawati replied, “I would tell them to just go to Runecast’s website and download the trial version. You don’t need to call anyone from Runecast. Run it, it won’t take you more than half an hour to deploy and get your report in your hand. You will be amazed by the findings. We always think that a lot of applications are secure by nature and by how they’ve been designed, but after deploying Runecast you really understand the gaps that you might have in your environment and it’s definitely an eye-opener.”
• Automated security compliance processes
• Can now easily identify and remediate potential risks in IT infrastructure
• Significant reduction in IT operational costs
• Prevention of potential security vulnerabilities
• Tracking and reporting on all changes to the IT environment
• Automatically staying up to date with the latest security standards