IDEAS home Printed from https://ideas.repec.org/h/spr/mgmchp/978-3-319-95273-4_3.html
   My bibliography  Save this book chapter

Airline Application Security in the Digital Economy: Tackling Security Challenges for Distributed Applications in Lufthansa Systems

In: Digitalization Cases

Author

Listed:
  • Balázs Somoskői

    (Lufthansa Systems)

  • Stefan Spahr

    (Lufthansa Systems)

  • Erkuden Rios

    (Tecnalia Research & Innovation)

  • Oscar Ripolles

    (CA Technologies)

  • Jacek Dominiak

    (CA Technologies)

  • Tamás Cserveny

    (Lufthansa Systems)

  • Péter Bálint

    (Lufthansa Systems)

  • Peter Matthews

    (CA Technologies)

  • Eider Iturbe

    (Tecnalia Research & Innovation)

  • Victor Muntés-Mulero

    (CA Technologies)

Abstract

(a) Situation faced: In the era of pervasive digitalization, the airline IT software industry is facing a number of challenges from the combination of new distribution channels, social media, Big data, Cloud Computing, etc. One of the major challenges in creating smart and scalable software applications is how to tackle security challenges when components are distributed and operated in hybrid and multiple clouds, whose providers may be independent and heterogeneous. The difficulties reside not only in identifying and expressing the desired level of security in the application, but also in how the security guarantees are influenced by the cloud services used. (b) Action taken: We exemplify the case with a flight scheduling application prototype developed by Lufthansa Systems and explain how novel approaches are used to address security issues during the development of such a prototype by following the MUSA approach. MUSA stands for Multi-cloud Secure Applications and refers to an EU-funded research project that is developing an integrated solution for the development and operation of secure multi-cloud applications accounting for those security aspects from the beginning. We introduce the MUSA Security DevOps framework and lessons learned from using it. (c) Results achieved: Lufthansa Systems tested MUSA tools in an exercise to create, deploy and control a new secure application prototype. We describe how these tools were used in the context of the case study presented in this paper. We also analyze the impact that they had in the development, deployment, and operation of the multi-cloud prototype. This analysis is done by means of a user-centered evaluation using questionnaires and informal interviews. (d) Lessons learned: The most important lesson is the importance of a sound risk analysis from which the security decisions are taken. MUSA framework supports the automation of the risk analysis in a per component basis, helping to systematize the creation of the application risk profile. Another important aspect is how implementing a SecDevOps approach in a multi-cloud scenario proves that it is highly valuable to include security topics together with the regular DevOps methodology. Finally, we must underline the need for cloud standards which enable homogeneous cloud service descriptions that ease the comparison of the services and the offered security controls.

Suggested Citation

  • Balázs Somoskői & Stefan Spahr & Erkuden Rios & Oscar Ripolles & Jacek Dominiak & Tamás Cserveny & Péter Bálint & Peter Matthews & Eider Iturbe & Victor Muntés-Mulero, 2019. "Airline Application Security in the Digital Economy: Tackling Security Challenges for Distributed Applications in Lufthansa Systems," Management for Professionals, in: Nils Urbach & Maximilian Röglinger (ed.), Digitalization Cases, pages 35-58, Springer.
    • Handle: RePEc:spr:mgmchp:978-3-319-95273-4_3
    DOI: 10.1007/978-3-319-95273-4_3
    as

    Download full text from publisher

    To our knowledge, this item is not available for download. To find whether it is available, there are three options:
    1. Check below whether another version of this item is available online.
    2. Check on the provider's web page whether it is in fact available.
    3. Perform a search for a similarly titled item that would be available.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Thomas Kreuzer & Anna-Katharina Lindenthal & Anna Maria Oberländer & Maximilian Röglinger, 2022. "The Effects of Digital Technology on Opportunity Recognition," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 64(1), pages 47-67, February.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:mgmchp:978-3-319-95273-4_3. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.