Ryanair soars to new heights with ransomware protection from Veeam keeping data safe and secure

Safety and security have always been Ryanair’s top priority. The company is proud of its industry-leading safety record spanning nearly four decades.

Ryanair’s first flight was in 1985, and its first route was from Waterford, Ireland to London, England. By the following year, Ryanair had already flown 82,000 passengers. Today, Ryanair is Europe’s No. 1 airline by focusing on low fares, fast service and exceptional customer service.

Ryanair anticipates 225 million people will fly its airlines annually by 2026 and 300 million by 2034; therefore, managing the safety of passengers and employees is always critical. Protecting their data and the company’s operational data is critical as well. A severe cyberattack has the potential to impact Ryanair’s operations.

“That’s why we have a keen focus on cybersecurity and put best-in-class practices and policies in place,” said Paul Walsh, Senior Systems Engineer at Ryanair Labs. “We take data protection very seriously because we fly millions of passengers and we employ thousands of aviation professionals. Ryanair will always prioritize the safety and security of our passengers and our people above everything else.”

When Ryanair transitioned from a physical IT environment to a virtual one more than a decade ago, the company decided to restructure data protection because its backup solution didn’t support virtualization or provide an action plan for future backup.

“I didn’t work for Ryanair at the time, but my predecessors were spot on about what the new solution should include — the freedom to back up any workload anywhere without restrictions on hardware, software or environment,” Walsh said. “Back then, cyberthreats weren’t escalating like they are today, but my colleagues had the foresight that cyberthreats could and would increase, so in addition to a robust plan to protect data, the new solution had to provide multiple pathways for backing up endpoints and cloud.”

To ensure robust data protection is in place, Ryanair maintains compliance with several regulatory entities including the National Institute of Standards and Technology (NIST), the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley (SOX) Act and the General Data Protection Regulation (GDPR). Maintaining compliance requires comprehensive data protection as well as monitoring, reporting and analytics.

“No matter where you work, and I know from personal experience because I’ve worked at several places in the past 25 years, you have to know 100% that your data is backed up, safe and accessible in any situation, including an audit,” Walsh said. “My predecessors chose well. Every time Veeam comes up for renewal, we carry on.”

Even though Ryanair considered several replacements for the backup solution, only one delivered modern data protection. Veeam Data Platform Premium Edition provides secure backup and replication, fast and reliable recovery, industry-leading ransomware protection, proactive monitoring, reporting, analytics and proven recovery orchestration.

“We built our backup infrastructure on Veeam’s best practices,” Walsh said. “We shared them with our security team and they confirmed Veeam meets their standards.”

Data protection, ransomware resilience and recovery orchestration in Veeam Data Platform play an important role in Ryanair’s cybersecurity, business continuity and disaster recovery strategies. A combination of backup immutability and the freedom to recover exactly what, when and where it is needed helps Ryanair follow the 3-2-1-1-0 Rule for ransomware protection. Veeam also supports regulatory compliance with the NIST, PCI DSS, SOX and the GDPR.

“Veeam does exactly what we want it to do,” Walsh said. “Our data is backed up, replicated, immutable, safe, secure and recoverable in any situation, including ransomware.”

Veeam backs up and replicates approximately 150 TBs across 550 virtual machines (VMs) and 10 physical machines on-premises and off-premises to Amazon Web Services (AWS). Veeam makes backups immutable to protect against ransomware and offers best practices to prevent cybercrime such as encrypting backups, verifying recoverability, limiting access through multi- factored authentication, scanning backups to verify they’re free of malware and ensuring sensitive data is removed from backups before they’re restored. Additionally, Walsh said Veeam screen shots and logs have proven to be an easy and convenient way to demonstrate regulatory compliance.

“Something else that has proven itself time and time again is Veeam recovery,” he continued. “We can recover VMs, databases and files instantly and exactly where they need to be, saving time for the IT team and our users.”

Walsh said Ryanair also uses Veeam’s monitoring, reporting and analytics to stay one step ahead of issues that could turn into problems.

“We can troubleshoot performance issues and narrow down exactly where they’re occurring,” he said. “Sometimes our users will say they have an issue with an application developed by one of our outside vendors, and that’s when Veeam comes in with a big win. We pull historical data about VMs, hosts and networking to demonstrate the issue is with the developer’s application, not our environment. Veeam also sends an alert when a snapshot is too large, so we can remove it and avoid downtime. Veeam provides loads of technical functionality, but it’s also very easy to use and manage. Veeam meets every Ryanair requirement for data safety and security.”

• Fortifies cybersecurity, business continuity and disaster recovery strategies 
  A cyberattack has the potential to impact our operational data,” Walsh said. “I have peace of mind knowing Veeam is a pillar of our cybersecurity, business continuity and disaster recovery strategies.”
• Provides immutability to follow the 3-2-1-1-0 Rule for ransomware protection
  Immutable backups are every company’s last line of defense, and Veeam supports us 100%,” Walsh said.
• Supports compliance with the National Institute of Standards and Technology, Payment Card Industry Data Security Standard, Sarbanes-Oxley Act and General Data Protection Regulation 
  Veeam helps with compliance by keeping data secure, available, recoverable and documented. Built-in backup and replica recovery validation confirm data is in a consistent state to restore from quickly.