Identifying and Remediating Key Risks for a Global Airline
A large North American airline approached Citihub following multiple technology failures that significantly impacted their operations. In addition to identifying and rectifying the issues that triggered the outages, the airline sought to conduct a detailed review of a specific core application and the infrastructure used to support it and many other business-critical applications.
Preliminary anecdotal evidence could not identify any noticeable pattern to the outages and the vendors who were brought in to inspect their products did not identify any glaring deficiencies.
How Citihub Helped
Using our Application Availability Assessment (AAA) methodology, Citihub began by collecting all pertinent information relating to the specific application and its production infrastructure. The information-gathering exercise detailed everything from incoming data feeds and core infrastructure supporting the airlines applications, performance and utilization statistics, architecture diagrams and service level agreements, all the way through to plans and policies governing configuration management, resiliency tests, security policies, release management, production acceptance tests, reboot cycles and more.
This information was then used as a basis for conducting a series of interviews with our clients SME’s to identify all risks relating to IT availability and performance. The interview phase of the project is where Citihub separates our value from other consultancies. Our people are all veterans of the IT industry and have held the same responsibility as the SME’s we interview. A level of trust is quickly established, making for productive conversations that quickly drive out underlying issues affecting our client’s IT ecosystem.
In conjunction with the interviews, our team conducted a hands-on inspection of Windows and Unix servers, databases, virtualization devices, network configuration and security, storage solutions and converged technologies. A “Trust but Verify” model ensures that we have a complete understanding of the environment prior to making any recommendations.
The documentation review, interviews and hands-on inspection all contributed to a risk log and remediation deliverable that categorized all risk findings into levels of criticality and by IT theme.
Citihub identified 60+ “quick win” remediations that could be implemented by mid-June prior to the start of their summer peak season.
A further 200+ risks were identified which had either short term tactical remediation solutions (but could not be achieved by mid June) or had much longer strategic solutions.
The risks were rolled into themes to assist the client in prioritizing the remediations and assigning them to the correct teams.
The biggest themes were architecture and design, monitoring and governance where the client had systemic, organizational and cultural issues.
As a result of this review the client has seen a reduction in the number of incidents for the aircraft communications application and are starting to see the benefits of the quick wins in other areas too.
In addition, the client has also started to restructure their organization and are putting plans in place to deal with the systemic and cultural issues.
Related Case Studies
Cloud Secrets Management Solution
A top 3 US Bank asked Citihub to implement HashiCorp Vault to provide a centralized secrets management solution for their very ...
NYU partnered with Citihub to offer a course on public cloud security technologies
Citihub was recently added as an industry partner to New York University’s (NYU Tandon) Cyber Security program. Exclusive to NYU Cyber...
Ian Tivey & Jim Oulton Named Technical Directors
Ian Tivey and Jim Oulton have been promoted to Technical Directors, a role reserved for senior leaders in Citihub who provide...
In the press
Using a ‘Three Lines of Defense’ Program to Balance Development Stakeholder Needs
Using the NIST three layers of defence as a framework, Citihub’s Glen Notman outlines how to leverage agile development capabilities and underpin them...
In the press
The Balancing Act
In this podcast, we will go into the details of how the “technical” automation-for-speed perspective is shifting to a “business-centric” perspective...
Life (and work) in the time of Corona
Less than two months after starting his job at Citihub, Senior Consultant Luis Carrazana, together with the rest of New York,...
In the press
Role of Security in a Digital First Enterprise
Join Citihub’s Glen Notman as he injects practical insights on how to enable security practices in a digital enterprise.
In the press
Compliance Challenges in a Lockdown World
The ongoing coronavirus crisis has changed business norms around the world, but as organisations struggle to come to terms with large-scale...
In the press
Institutionalizing DevSecOps in the Large Enterprise
Citihub’s Chris Zanelli, joined by several industry peers, will discuss topics across DevOps & DevSecOps, Enterprise Compliance as Code, Cloud Compliance...
Military Veterans are Welcome at Citihub Digital
This Memorial Day, when the rest of the United States of America will pay tribute to the military personnel who have...