Download your copy of our State of Authorization: Playbook Edition Get it now »

What can the travel industry do to prevent another Southwest outage

The holiday season is one of the busiest travel times each year. As traveling picks up, organizations must prioritize modernizing their cybersecurity strategy.

The holiday season is one of the busiest travel times each year. But this often brings chaos for travelers and puts a strain on different applications that travel companies (airlines, hotels, etc.) use. As traveling picks up again across the globe, organizations must prioritize modernizing their cybersecurity strategy to keep up with today’s technology.

Cyberattacks cause a drop in earnings

In the travel industry, hotels are often further ahead with cybersecurity than airlines because of the due diligence many of these brands have had to do through the merger and acquisition process. Plus, hotels have learned a lot from the infamous Marriott breach in 2018.

But there is still work to be done for all parts of the travel industry.

A great example of this was the Southwest outage that happened during the 2022 holiday travel season. The FAA announced that the failure was due to outdated technology and that company had been struggling to update that technology for decades.

But systems shutting down are a part of the hazards of enterprises only modernizing the front end of applications while the back ends are left being on legacy systems.

This is partly because enterprises put a focus on what makes them money rather than on security. Whether it is lack of awareness or deciding to fix the system when it breaks it, both aren’t the best solution.

The cyberattack at Clorox this year was a great example of this, which caused wide scale disruptions across their business due to unauthorized activity. However, this attack proved that security can impact earnings as they reported a 20 percent drop in year-on-year Q1 net sales – they even went on to note that the decrease was driven by the cyberattack.

Another part is that companies have a lot of applications, some of them are new while others are still on legacy systems as was the case with Southwest. Many companies are worried that adding solutions to legacy systems will break them because they are old, but this is not the case.

Policy-driven authorization improves both security and user experience

Policy-driven authorization can add layers of verification in real-time as it is critical to ensure that people only have access to the data, resources, and applications needed to complete their task. This can reduce the risks around unauthorized access and works to modernize systems that organizations have in place.

Authorization can also improve the overall user experience of the applications. Many organizations have a mix of new and old applications and in some cases they require users to switch in between applications, which breaks the user experience.

However, policy-driven authorization can create a seamless user experience based on policies that the organization can put in place.

By adding authorization, organizations can grant customers access to lounges and rooms digitally through an application or key cards if a policy is in place based on location.

In the case of the 2023 MGM resorts breach, it could have helped to have policy-driven authorization in place.

In the breach, hackers used fraudulent phone calls to phish login credentials then used this information to access systems and deploy ransomware.

If policy-driven authorization had been deployed, even though the company had compromised credentials, they could have had further policies in place that checked other attributes of these attackers before allowing access. Some of the policies could have been if the user has logged in from that computer or location before.

Not to mention as organizations optimize their services with authorization more opportunities will present themselves that the organization can capitalize on.

Take the next step

Request a demo with one of our solution experts to see how policy-driven authorization can help improve upon the user experience and security within the travel industry.


  Join us on LinkedIn for more insights
Archived under:
About the author

Jim Barkdoll is the president and CEO for Axiomatics, leading the company’s overall vision, growth strategy and go-to-market initiatives. He has more than 20 years of leadership and business development experience with an established track record of successfully growing teams and revenues for partners and vendors of all sizes.