In the Cloud, Above the Clouds: Cybersecurity at Pentastar

Chad Robertson, Director of I.T., and Chris Wood, Network and Security Engineer

From staying connected in the skies to safeguarding customer privacy, aviation relies on a strong and secure network infrastructure. As a longstanding leader in private aviation, our commitment to safety is ingrained into every element of our operations. That includes protecting company and client information.

As a private aviation company, much of the data we store and work with is highly sensitive. We rely on information technology (I.T.) systems to schedule flights and personnel, manage customer bookings, communicate with air traffic control, and coordinate aircraft maintenance and logistics. Our clients value discreet, reliable, and seamless service — and we pride ourselves on exceeding their expectations. As an I.T. team, we contribute to this by implementing robust security measures, continuously monitoring our network infrastructure, and staying ahead of emerging cyber threats.

Defense in Depth 

At Pentastar, we operate under a practice called defense in depth (DiD). This strategy uses a multi-layered framework of security controls to protect an organization’s assets. We often explain this by asking users to imagine concentric walls surrounding a castle. In a DiD model, if an attacker penetrates one wall, they’re faced by another that is just as thick — if not thicker.

In recent years, the aviation industry has emerged as a target for cybercriminals. We’ve responded by fortifying our defenses, and our I.T. team utilizes multiple tools and systems to build our company’s “walls.” On the outer edges, these include firewalls that scan and filter traffic. Beyond this, we employ network detection and response solutions that leverage machine learning and behavioral analytics to recognize and react to abnormal patterns in user behavior. We also deploy endpoint protection, identity protection tools, and conditional access for cloud-based assets and apps.

However, new threats are always emerging, and we’re committed to arming ourselves with the solutions and expertise to respond. That’s why, along with having robust technical controls in place, we proactively educate our staff on security risks.

The Human Factor

Over the last 30 years, computers have become increasingly difficult for hackers to attack. There has been a concerted push across the I.T. industry to develop sophisticated cybersecurity solutions, from new firewalls to endpoint protection, but while these are valuable, they don’t address the most significant threat to cyber defense: people. Research shows that almost 90% of data breaches are a result of human error.

To combat this issue, we hold regular training sessions and simulations. These teach employees to recognize threats like phishing attacks and malicious links. By giving our users the context they need to identify suspicious activity, we can arm them against risks that are yet to emerge.

We are also investing heavily in end-user identity and account protection. This means that, even if somebody does fall prey to an attack, their account can’t be used as an access point to target others in their circle — for instance, by sending phishing emails to other Pentastar employees.

Protecting Peace of Mind

By necessity, Pentastar is a very security-conscious organization. Our clients and fleet are always on the move. As such, we need a flexible, secure infrastructure that enables effective communication while controlling access to sensitive information such as flight schedules and transaction data. We take the protection of our customer’s data extremely seriously, and our I.T. systems and protocols reflect that. We’re constantly researching policy changes and best practices in cybersecurity and building new layers of defense around our company.

Our proactive approach to safeguarding our systems encompasses every aspect of threat detection and response, from training staff to maintaining robust technical controls that can contain the effects of a potential breach. As a result, we’re able to nullify established risks and mitigate the impact of emerging threats — providing peace of mind to our customers as they take to the skies.