Case Study
Reimagining PKI + CLM for a Top 5 U.S. Airline
Working with a top U.S. airline struggling with adhoc, manual certificate management to implement visibility and control over their keys and certificates.
Case Study
Working with a top U.S. airline struggling with adhoc, manual certificate management to implement visibility and control over their keys and certificates.
This leading airline company operates a wide range of flights, including both domestic and international, offering a comprehensive air transportation service. With operations spread across the globe and the critical nature of air travel, the airline maintains an extensive cybersecurity team dedicated to safeguarding its digital and physical assets.
Industry: Commercial Aviation
IT Environment: Multiple data centers secure 8,500+ employees, customer portals, and various partner access.
Business Challenges
The national airline’s network infrastructure supports a workforce of over 10,000 employees, including 8,000 mobile devices used by flight crews, ground personnel, and customer service teams. This infrastructure extends beyond internal operations to provide secure access for alliance partners, enabling seamless collaboration on flight operations, shared services, and ticketing systems. In addition, the airline’s customer-facing web portals manage critical services like ticketing, reservations, and payment systems, ensuring a secure experience for millions of passengers globally.
Given its extensive global presence, the airline operates multiple data centers in key regions, with stringent cybersecurity measures in place. A critical part of this security framework is the implementation of a Public Key Infrastructure (PKI). The airline’s cybersecurity team uses PKI to secure communications, authenticate users, encrypt sensitive data, and facilitate trusted connections across its geographically dispersed network. PKI also supports essential services such as mobile device management, secure communication for alliance partners, and customer transactions on their digital platforms, ensuring the integrity and confidentiality of the airline’s global operations.
The airline’s security team was preparing to significantly expand the use of Public Key Infrastructure (PKI) to secure its expanding network, which includes web services, multifactor authentication (MFA), mobile devices, and VPN access. However, this increased reliance on certificates and keys came with substantial challenges, primarily due to an underdeveloped certificate management practice.
One of the primary challenges was lack of visibility over the airline’s existing digital certificates and cryptographic keys. While the team was manually managing hundreds of certificates, they were aware that many more were issued across the airline’s global infrastructure, supporting thousands of employees and various business-critical applications. Without centralized control, the team struggled to identify how many certificates existed, where they were deployed, who issued them, and whether they adhered to the latest security standards.
This lack of visibility led to operational inefficiencies and increased the risk of critical system outages. Certificates approaching expiration often went unnoticed, resulting in sudden expirations that could disrupt essential services, from online ticketing platforms to internal communications. These outages posed a direct threat to business continuity, causing potential downtime, customer frustration, and financial losses.
Additionally, the airline’s growing reliance on certificates without proper lifecycle management made it difficult to ensure that cryptographic algorithms were strong enough to resist modern threats. The use of outdated or weak encryption could expose critical systems and sensitive customer data to breaches, a particularly alarming concern given the rise of trust-based attacks and the airline’s global customer base.
Furthermore, the airline’s manual certificate management practice created a heavy administrative burden on its IT and security teams. With upcoming projects requiring even more certificates for new systems and services, the team quickly realized that continuing with this manual approach would not be scalable. Managing thousands of certificates without automation led to human error, inconsistent certificate configurations, and compliance issues with industry regulations like PCI DSS and GDPR.
Finally, without a centralized solution, the airline’s security team lacked the ability to enforce a standardized security policy across all certificates and keys. This gap heightened the risk of misconfigurations, non-compliant certificates, and weak encryption practices, leaving the organization vulnerable to both operational failures and sophisticated cyberattacks.
In summary, the airline was facing pressing challenges related to the visibility, scalability, and security of its certificate management processes. Without a robust certificate lifecycle management (CLM) system in place, the organization was vulnerable to outages, compliance failures, and security breaches, all of which could negatively impact its global operations.
Facing mounting challenges around certificate visibility, management inefficiencies, and the increasing security risks from expired or improperly configured certificates, the airline sought a solution that would bring greater control, automation, and security to its Public Key Infrastructure (PKI). After attending a Gartner conference and consulting with a technology partner, the airline was introduced to Accutive Security, a firm known for its expertise in key and certificate lifecycle management (CLM), and its strong partnerships with top cybersecurity vendors.
Recognizing the urgency of addressing the gaps in certificate oversight and management, the airline engaged Accutive Security to provide a comprehensive suite of services tailored to their specific needs. Accutive Security began by conducting a thorough assessment of the airline’s current certificate landscape, leveraging advanced scanning tools to identify every certificate deployed across the network. The scan revealed that the airline was not just managing hundreds of certificates, but thousands, many of which were found to be high-risk, either due to approaching expiration or the use of weak cryptographic algorithms.
With this newfound visibility, Accutive Security helped the airline address the following challenges:
1. Centralized Certificate Management: The first step was to implement a centralized Certificate Lifecycle Management (CLM) platform that provided full visibility into the airline’s entire PKI environment. This solution allowed the security team to track all certificates issued by internal and external Certificate Authorities (CAs), understand where certificates were deployed, and manage their renewals proactively.
2. Automating Certificate Renewals: To eliminate the risk of unexpected certificate expirations causing outages, Accutive Security implemented automated renewal processes. This ensured that certificates, especially those supporting critical services such as VPN access, mobile device authentication, and customer-facing platforms, were automatically renewed well before expiration.
3. Risk Identification and Prioritization: Accutive Security’s scan identified 430 high-risk certificates that required immediate action. These certificates either had weak encryption or were at risk of expiring soon, potentially exposing critical airline systems to cyber threats or service disruptions. By quickly prioritizing and replacing these certificates, Accutive helped reduce the airline’s exposure to operational and security risks.
4. Strengthening PKI for Multifactor Authentication (MFA) and VPN Security: With the goal of expanding the use of PKI to support multifactor authentication (MFA) and secure VPN access, Accutive Security worked with the airline to ensure that certificates used for these services were securely issued, properly configured, and regularly monitored to support future growth and security needs.
5. Ongoing Support and Monitoring: Recognizing that certificates would need continuous oversight, Accutive Security implemented tools for real-time monitoring and alerting. This allowed the security team to quickly identify potential issues, such as certificate misconfigurations or new vulnerabilities, before they could cause downtime or expose the airline to cybersecurity risks.
By implementing these solutions, the airline not only gained greater control over its certificate management process but also improved its operational efficiency, reduced the risk of costly outages, and ensured that it remained compliant with industry standards and regulations. Accutive Security’s expertise and commitment to continuous improvement have positioned the airline to confidently scale its PKI environment while maintaining the highest levels of security.
By partnering with Accutive Security, the airline transformed its certificate lifecycle management (CLM) and PKI operations, addressing critical visibility, automation, and security gaps.
1. Full Visibility and Control Over Certificates
Previously managing hundreds of certificates, with the specific number unknown, the airline discovered that its infrastructure included over 10,000 certificates. With Accutive Security’s centralized CLM platform, the security team gained complete visibility, identifying and managing all certificates, reducing blind spots and aligning them with security policies.
2. Automated Certificate Renewals
Automating the renewal process drastically reduced unplanned outages from 10 per month to just 2 per year. IT resources were freed from manual tasks, allowing them to focus on strategic priorities.
3. Improved Security and Compliance
Accutive Security identified 430 high-risk certificates, which were immediately addressed. The airline enhanced PKI security for MFA and VPN projects, ensuring compliance with PCI DSS and GDPR and reducing vulnerabilities related to outdated certificates.
4. Reduced Administrative Burden
The implementation of role-based access control (RBAC) and a self-service portal reduced manual workloads by 50% and decentralized certificate management, empowering departments while maintaining security and scalability.
5. Long-Term Optimization
Accutive Security became the airline’s Center of Excellence for CLM and machine identity management, providing continuous support and optimization. This partnership ensured proactive adjustments to meet evolving security needs and infrastructure growth.
Overall Savings
Accutive Security’s solutions helped the airline achieve $400,000 in annual cost savings, significantly reduce certificate-related outages, and improve overall operational security, positioning the company for future growth with a scalable, automated infrastructure.
With Accutive Security’s key and certificate discovery services, the airline’s security team gained full visibility into its previously fragmented certificate environment. This discovery process provided a comprehensive inventory of all keys and certificates, enabling the team to assess each asset’s risk level and importance to the organization. With this clarity, the team could immediately prioritize securing their most critical keys and certificates, especially those supporting customer-facing services, VPN access, and multifactor authentication systems. Accutive Security’s solution allowed the airline to quickly identify high-risk areas, reduce vulnerabilities, and eliminate the risk of unexpected certificate expirations.
The implementation of a risk-based approach to certificate management was a game-changer for the airline. By aligning their security measures with the value and criticality of each asset, the team was able to allocate resources more effectively. Instead of treating all certificates equally, the airline now prioritizes the protection of high-value assets—such as those supporting sensitive customer transactions or internal communications—while maintaining compliance with regulatory requirements like GDPR and PCI DSS. This proactive, tiered approach has significantly improved the airline’s security posture, reducing the likelihood of downtime and potential cyberattacks tied to certificate mismanagement.
When certificate issues now arise, the airline relies on Accutive Security as its center of excellence for key and certificate management. This relationship allows the airline to rapidly identify and address vulnerabilities beyond what their general-purpose vulnerability scanners can detect. Accutive Security’s platform, specifically designed to handle cryptographic assets, provides deeper insights into the health of the airline’s keys and certificates.
Since partnering with Accutive Security, the airline’s cryptographic posture has significantly improved. The platform’s specialized capabilities enable rapid discovery and remediation of certificate-related vulnerabilities, ensuring that potential security gaps in their infrastructure are promptly addressed. This proactive approach has fortified the airline’s encryption practices, minimized exposure to risk, and strengthened the security of critical assets such as customer data and internal communications. Through this enhanced remediation process, the airline now maintains a far more resilient and secure cryptographic environment, reducing both downtime and potential security breaches.
The Accutive Security team has integrated the PKI solution as a core component of the airline’s broader security ecosystem, significantly enhancing its defenses against trust-based attacks. With Accutive Security’s expertise, the airline now ensures that high-risk systems are safeguarded by strong cryptography and that the authenticity of certificates is continuously monitored.
The airline’s security team uses the Accutive Security partner platform to validate that the certificates installed on each system are the ones originally issued, providing a crucial defense against potential attacks. Any certificate mismatch signals a possible compromise, such as a man-in-the-middle (MITM) attack, where certificates may have been replaced by a malicious actor. When discrepancies are detected, they are immediately flagged, allowing the PKI team to respond swiftly and mitigate risks before they escalate, ensuring that the airline’s most sensitive systems remain secure from trust-based vulnerabilities.
By leveraging Accutive Security’s services, the airline’s security team has been able to efficiently identify and prioritize high-risk SSL/TLS certificates, allowing them to allocate resources where they will have the greatest impact. This targeted approach to certificate management has not only strengthened the airline’s overall security posture, but also ensured that mission-critical systems are safeguarded against potential threats.
Additionally, Accutive Security’s expertise has enabled the airline to seamlessly protect its growing number of mobile certificates. As the demand for multiple certificates per user increases due to the expansion of mobile devices and cloud-based services, the airline faced a challenge that would have been unsustainable through manual certificate management methods. With Accutive Security’s support, the security team has successfully scaled its use of keys and certificates, ensuring that all systems and users remain protected while maintaining efficiency and control over the growing cryptographic landscape. This scalability has empowered the airline to innovate and grow without compromising security.
With over 10,000 certificates now under active management, the airline has made significant strides in securing its most critical SSL/TLS keys and certificates. The immediate next step involves expanding the focus beyond these essential assets, aiming to secure all 1,000 SSL/TLS certificates and 8,000 mobile certificates. This comprehensive approach will ensure that every key and certificate in the organization is fully accounted for and protected, reducing risks associated with overlooked or improperly managed certificates.
In parallel, the airline’s security team plans to extend its efforts to secure SSH keys, another critical component of the organization’s cryptographic infrastructure. This will ensure end-to-end security for all internal systems and connections, safeguarding sensitive operations from potential exploitation of unmanaged SSH keys.
Moreover, the airline intends to leverage Accutive Security’s API driver integration, which will enable seamless integration with other security tools and appliances. This will streamline the management of keys and certificates across various platforms and improve interoperability within their security ecosystem. The ultimate goal is to incorporate these security insights into a centralized security dashboard that provides real-time visibility into key and certificate health, integrating them into the Security Operations Center (SOC) for continuous monitoring.
By feeding this data into their SOC, the security team will be able to rapidly detect and respond to certificate-related incidents, ensuring faster remediation and reducing the risk of operational disruptions. This expanded integration will provide the airline with a holistic view of its cryptographic landscape, enabling better decision-making and operational efficiency as they continue to scale their security posture across the globe.