Oman Airports ensures security compliance with Runecast

Oman Airports ensures security compliance with Runecast

Oman Airports is a state-owned company that manages all the airports of the Sultanate including Muscat International Airport, Duqm Airport, Suhar Airport, Salalah Airport. It is therefore essential that it operates with strict security protocol across the board to avoid falling victim to sophisticated cyberattacks. Basim Al Lawati, ICT Technical Senior Manager at Oman Airports, discusses how the organisation achieved security compliance and hardware compatibility in a large VMware environment with a single Runecast platform. Markus Strauss, Head of Product Management, at Runecast, offers insight into why Runecast is a reliable vendor for customers such as Oman Airports.

Can you tell us about your role at Oman Airports and what this looks like day-to-day?

I manage four main areas starting with the data centre, to ensure that the network is available across the airport in the wireless; the communication part of it from the telephony, the radio which is very important at the airport, as well as managing four data centres and two server rooms across four airports.

The second area is airport security. We take care of the 1000+ CCTVs across the airports, access control devices, X-ray machines, video analytics from the intelligence part of the airport, the operating systems and the core layer of it, which is the Active Directory, mailing services, the basic securities at the server level and the underlying infrastructure which is on the virtualisation, the storage, the backup, the physical service as well. So that’s the entire portal which I handle. I have around 60 people in my team with five dedicated to reporting to me.

Can you outline some of the cybersecurity trends you’re seeing across the Middle East region and how this impacts your strategic approach?

With COVID-19 we’ve seen a lot of cybersecurity attacks in the region and across the globe. The threat actors are having a lot of time to play. I’ve seen multiple attacks within the region or even the country, the majority of which are ransomware attacks.

What (security) challenges were you looking to address ahead of your work with Runecast and what attracted you to this particular vendor?

We chose Runecast mainly initially looking at the virtualisation layer that we have and ensuring compliance with the best practices that are released by VMware, or even by the other compliance providers like CIS. We saw that it’s extremely simple to configure and the results were very fruitful. We even expanded that scope to go to the operating system as well, so it’s not only covering the virtualisation layer, but we also started analysing our operating systems with Runecast.

How important is having a robust and resilient cybersecurity posture for an organisation like Oman Airports and how do you prioritise this?

It’s one of the top priorities. COVID-19 meant that senior management has given cybersecurity a lot of attention. They really support us in terms of budgets just to make sure that the security is a top priority. Before even implementing any IT project, it needs to go through a complete security assessment and the posture assessment of that application before launching it to production and again, Runecast helps us a lot with that by the compliance division to the vulnerabilities as well, which are there.

How do you ensure Oman Airports’ Digital Transformation goals align with the organisation’s ultimate business objectives?

Digital Transformation is in fact part of our strategy house that we have – it’s like a pillar, which runs across all the rest of our strategy’s main bullet points. We are going through a big Digital Transformation here at Oman Airports and this requires a lot of IT elements.

What long-term capabilities/advantages do you expect Runecast will provide you with?

In terms of long-term advantages, I would expect the automation to be further increased. It’s also about detection and response so maybe more integrations with the firewall of the ESXi itself or even the network firewall because Runecast detects the logs that you have on the ESXi. It analyses them and immediately reports any abnormalities. If we take that to the next level, by automating it and enabling the network firewall integrations, that’d be amazing to have.

What do you think the cybersecurity landscape will look like in 12 months’ time and where will Oman Airports be best placed to adapt?

The cybersecurity risks I would say are increasing day by day as is the demand for cybersecurity engineers. So, at Oman Airports, cybersecurity is one of the top priorities of our ICT department. Maybe 40% of our IT budgets from the last year and even next year are mainly on cybersecurity, to ensure that our availability is always intact and not impacted, particularly as we are serving passengers and as the gateway to the country. 

What advice would you give to those starting out on a journey like yours, prior to the commencement of your work with Runecast?

I would tell them to just go to Runecast’s website and download the trial version. You don’t need to call anyone from Runecast. Run it, it won’t take you more than half an hour to deploy and get your report in your hand. You will be amazed by the findings.

We always think that a lot of applications are secure by nature and by how they’ve been designed, but after deploying Runecast you really understand the gaps that you might have in your environment and it’s definitely an eye-opener.

We also caught up with Markus Strauss, Head of Product Management at Runecast, to find out more about how the vendor worked with Oman Airports and prioritised its business goals.

How far is Runecast a reliable vendor for customers such as Oman Airports – what is your unique selling point and how do you stand out from the crowd?

Oman Airports is one of our longest-standing customers and a good representation of what a lot of our customers are – meaning ones that are highly regulated.

How we stand out from the crowd really is probably the fact that we’re truly location-agnostic in the sense that it does not matter where you want to deploy Runecast, you can deploy it on-premises, or in AWS, Azure or GCP in a containerised fashion. So we really are location-agnostic and deployment-agnostic.

But equally in a lot of cases, we allow for complete dark site running, meaning Runecast does not require Internet connectivity. This is something that’s unique and many other vendors do not provide this level of ability to really shut down and be air-gapped and not require Internet connectivity.

How do you help your customers advance their digital-first strategies and accelerate their Digital Transformation agendas while prioritising security?

Digital Transformation, cloud migration, multi-cloud and hybrid cloud are part of the everyday language for most of our customers. Runecast helps customers in a very simple way – we allow them to have the same type of monitoring in terms of their compliance standards, in terms of their operability, throughout the entire journey, starting from the on-premises into potentially virtualised machines that are running in a cloud provider to containerised workloads in one of the hyperscalers, all with the view of having the same standards applied to that one workload.

What types of products are your customers in the Middle East adopting and how does this region differ from others?

I believe the Middle Eastern region is at the forefront of a lot of the security aspects and we’ve seen this time and time again in the market. Therefore, in a lot of ways, our customers in the Middle East are early adopters of a lot of the security practices and the way we consider security in the market, and we see this all the time.

To watch the interview, click the link here.

Browse our latest issue

Intelligent CISO

View Magazine Archive