Case Study

Sabre Relies on Prisma Cloud to Foster a Culture of Secure Innovation on Google Cloud

In brief

Customer

Sabre

Industry

Technology

Country

United States of America

Products and Services

Travel Technology

Organization Size

10,000

Challenge

Gain complete cloud visibility and centralize security management to confidently “shift left,” apply automation, and build a secure-by-design culture of innovation.

Requirements

  • Centralized security management
  • Automated security vulnerability and misconfiguration solutions
  • Implementation of a “Secure by Design” practice

Solution

Sabre selected Prisma® Cloud by Palo Alto Networks to centralize cloud visibility and security management across diverse infrastructure in a single pane of glass.
Introduction
Committed to delivering high-velocity solutions to meet the ever-evolving travel needs of its customers, Sabre turned to Google Cloud for newer, faster, and more open platform technologies. Sabre was able to easily migrate on-premises applications and develop new data-rich applications leveraging Google Cloud’s microservices and container technologies (e.g., Google Kubernetes Engine [GKE®]), ultimately helping Sabre optimize costs as well as increase development and business efficiencies. Using Prisma Cloud, Sabre gained a centralized view of its environment and resources. With this newfound visibility, the company also shifted security left—earlier in the development lifecycle—and effectively scaled security across multiple layers and instrumentation platforms. More importantly, these security achievements translated into tangible business outcomes for Sabre, including an elevated overall security posture and competitive edge: fewer critical vulnerabilities that required team attention and resources to remediate, and the ability to deliver products and services to market more quickly and securely than ever.

Prisma Cloud

CHALLENGE

With the cloud comes new opportunities

Sabre, a world leader in the personalized travel marketplace, is committed to delivering high-velocity solutions to meet the ever-evolving travel needs of its customers. To do this, the company turned to the newer, faster, and more open platform technologies of the cloud. Sabre is transitioning its airline, travel, and hospitality applications to the cloud. As Sabre is a multi-cloud organization, its strategic adoption of Google Cloud was key to delivering a new, personalized travel experience. From a market disruptor point of view, Sabre embarked into uncharted territory, and Google Cloud partnered with Sabre as a co-champion to develop new products and services. As part of this venture, Sabre is leveraging Google Cloud’s unique services to migrate on-premises applications and develop new data-rich applications leveraging Google Cloud’s microservices and container technologies (e.g., GKE). Sabre is taking a dual migration approach: Some applications are more monolithic and will be “lifted and shifted” into Google Cloud, while others will be containerized to help increase business and development efficiencies.
REQUIREMENTS

Cloud security is a shared responsibility

Security is a top priority for Sabre in the migration to the cloud, and the shared responsibility model is at the core of the company’s security approach. Three distinct security objectives ultimately led Sabre to implement a third-party Cloud Native Security Platform (CNSP)—in this case, Prisma Cloud—to ensure a secure-by-design culture of innovation and complete cloud security for the business and its customers.

  • Centralized Security Management. As Sabre integrated existing and new security instrumentation at each layer of its diverse infrastructure, a centralized way to manage security was necessary. Visibility and insight into Sabre’s security posture were critical, but without a single-pane-of-glass view, it would be difficult to understand the security environment, let alone remediate issues.
  • Automation. It’s not all that unusual for a software company to ask operations—be that security ops, cloud ops, or its developer community—to fix hundreds, even thousands, of security vulnerabilities or misconfigurations. Because of this, automation was critical for Sabre’s security operations. The company identified areas to automate, such as remediation, infrastructure as code (IaC), and application code, securely and without interrupting the business.
  • Implementation of a “Secure by Design” Practice. Being a thought leader in the cloud innovation and security space takes a keen focus on relationship building, both externally and within the company itself. The security team’s relationships with key teams, functions, and stakeholders (e.g., developer community) were critical catalysts of successful implementation. Sabre needed a security tool and approach to establish credibility and empower the development of its vision for cloud, application, data, and network security. Ultimately, this generated internal partner buy-in and support for the model. For Sabre, this process began with the ability to shift left.

"With Prisma Cloud by Palo Alto Networks, Sabre gained a centralized view of its environment and resources. With this newfound visibility, the company also shifted security earlier in the development lifecycle and effectively scaled security across multiple layers and instrumentation platforms."

SOLUTION

Shift left: The first step in the right security direction

Sabre has multiple development centers around the globe, with more than 4,000 developers. Dedicated DevOps teams utilize continuous integration/continuous development (CI/CD) practices and leverage multiple orchestration tools that support various application types. Translating and operationalizing shift-left, secure-by-design principles takes support from the business as well as development and tech communities. It also requires an understanding of what it means to code securely, or to build a network or database securely. Establishing guardrails and standards with the communities and providing security tooling to enable developers are both vital.

Much of Sabre’s modernized environment in Google Cloud is based on IaC and rooted in the CI/CD pipeline. Prisma Cloud is a catalyst of Sabre’s ability to shift left and realize a more harmonized security and operational development lifecycle. The platform provides complete insight where it wasn’t available before, so Sabre can now identify potential misconfigurations based on policy and remediate issues before they reach production. Furthermore, Prisma Cloud offers direct integration with compliance frameworks (e.g., GDPR, PCI, SOC 2) that Sabre can consistently review to maintain a compliant state. Based on these frameworks, the team can build policies inside Prisma Cloud to show where the company is noncompliant, and then follow simple instructions to fix any issues.
BENEFITS

Prisma Cloud: The Cloud Native Security Platform

With Prisma Cloud by Palo Alto Networks, Sabre gained a centralized view of its environment and resources. With this newfound visibility, the company also shifted security earlier in the development lifecycle and effectively scaled security across multiple layers and instrumentation platforms. As such, Sabre now confidently applies automation to rapidly remediate security vulnerabilities and misconfigurations.

These security achievements elevated Sabre’s overall security posture and competitive edge by reducing the number of critical vulnerabilities that required team attention and resources to remediate, as well as increasing production velocity, delivering safe and secure products and services to market more quickly than ever before.
Prisma Cloud
With many niche vendors to choose from, what stood out about Prisma Cloud was the roadmap and the Palo Alto Networks vision. It was important for Sabre to avoid the security tool sprawl and management complexity that come from having too many vendors and products in play. Palo Alto Networks was the only security vendor with a comprehensive CNSP to meet Sabre’s needs now and into the future.

To learn more about Prisma Cloud, visit paloaltonetworks.com/prisma/cloud.