U.S.-based IT Consultancy Firm Partners with IriusRisk to Implement Threat Modeling Solution for Major U.S. Airlines Company
Company Background:
The IT Consultancy Firm is based in the U.S. with more than 10,000 employees and provides custom software and IT services globally. Their client, a major U.S. Airlines, needed secure design requirements as part of a cloud migration.
Challenges:
The Airlines company was engaged with the Consultancy firm for a cloud migration who determined that threat modeling would help with their secure design requirements. The Airlines company were already heavy users of existing scanning tools but were lacking in secure design. The IT Consultancy enforces secure design as part of its cloud migration strategy and had prior experience threat modeling with IriusRisk as a partner.
Solution:
IriusRisk’s threat modeling is hosted on-prem at the Airlines company with the IT Consultancy firm performing threat modeling tasks along with reports and results-sharing with the Airlines. This is performed through shared virtual desktop infrastructure (VDI) hosted by the Airlines. Customization including new libraries have been created along with additional integrations coming in the CI/CD pipeline.
Benefits:
The customization has allowed greater flexibility in threat modeling applications more quickly than initially anticipated. The shared libraries have broken down silos between internal teams at the Airlines - and in one case, has saved up to three months of work. The current threat modeling solution in place puts the Airline company in a good position to manage the tool should business priorities and strategy shift in the future. Additional applications are looking to be added for threat modeling in the future as adoption increases.