How Air Asia’s CIO Ensures Its 22,000 Employees Service Customers Efficiently and Preserve Security


Of your peers have already read this article.

2:48 Minutes

The most insightful time you'll spend today!

AirAsia, like many other enterprises, has relied on a legacy on-premises directory for many years. As the company has quickly grown and expanded to new markets and regions, it has to manage multiple servers across a number of on-premises data centers and the public cloud, which has proved costly, time-consuming, and a security threat. Here's how it fixed that.

At AirAsia, we operate a fleet of more than 270 aircraft across 23 markets, fly to more than 150 destinations and carry 100m guests each year. We’ve also been named the world’s best low-cost carrier for 11 years running. To accomplish all of this, we rely heavily on our 22,000 Allstars (employees). As AirAsia co-founder Tony Fernandes likes to say, “it has always been about the people.” 

In my role as CIO, it’s critical that I give our Allstars the tools and technology they need to get their jobs done, while at the same time ensuring that our company’s data is protected and secure. While this is challenging enough in normal circumstances, we’re also in the midst of rapidly moving from legacy on-premises technologies to the cloud. Google Cloud has been a critical partner for us on this journey.

Identity challenges
AirAsia, like many other enterprises, has relied on a legacy on-premises directory for many years. As our company has quickly grown and expanded to new markets and regions, we’ve had to manage multiple servers across a number of on-premises data centers and the public cloud, which has proved costly and time-consuming.

Our Allstars, located all across Asia, need to easily access a number of legacy on-premises apps in addition to a growing number of SaaS apps. As a business, we also needed a more seamless integration between our HR system of record and our identity solution for user provisioning and lifecycle management. Solving these challenges with our existing on-premises directory was simply not feasible for us.

In recent years, we partnered with Google Cloud to help drive our digital transformation, including moving dozens of workloads and apps to Google Cloud Platform (GCP), deploying G Suite as our collaboration and productivity solution for all of our employees, and replacing thousands of Windows laptops with fast and secure Chromebooks.

We brought up our identity concerns with the Google Cloud team, and after a number of conversations, we decided to deploy Cloud Identity, Google’s cloud-based identity, and access management solution, to help address the identity challenges we were facing. 

Why Cloud Identity for AirAsia?
We ended up choosing Cloud Identity for a few key reasons. Here at AirAsia, we are eager to move to the cloud as quickly as possible, and moving identity management to the cloud is a key enabler of this and our broader digital transformation. Managing identities from the cloud also enables us to have a single identity and set of credentials for each employee, which they can use to access all of the applications they need to be productive, both in the cloud and on-premises. 

In addition, deploying Cloud Identity is a key step towards enabling the BeyondCorp (or zero trust) security model, which we feel is the best approach to strengthen our security posture and fight modern threats. Cloud Identity also integrates seamlessly with our existing technologies, which includes not only Google Cloud products like GCP, G Suite, and Chrome OS, but also third-party tools like Citrix, Papercut, and others.

And finally, Cloud Identity offered us significant cost and resource savings. With Cloud Identity in place, our IT department can spend less time worrying about managing multiple on-premises directory servers and can instead focus on delivering value to our Allstar employees.

More Relevant Stories for Your Company


Beaconing Malware: How CISOs Can Catch it With Threat Analytics in Just a Few Clicks

Are you checking your network for beacon activity? If you aren't you are risking your business' reputation and customer data. Beaconing is the practice of sending short and regular communications from an infected host to an attacker-controlled Command and Control server, compromising internal information. These threats often go undetected but with


If You Don’t Have These Features in Your Cloud, You’re Missing the Mark on Security

At Google Cloud, we work tirelessly to give our customers increased levels of control and visibility over their data. We've come out with new capabilities for data encryption, network security, security analytics, and user protection designed to deliver on that promise.  External Key Manager: Store and manage encryption keys outside


The Many Risks of Ignoring the Impact of a Tighter Cloud Security Framework

The perimeter has disappeared and access to company data is no longer limited to your physical office or your employees. Instead, in today’s transformed workforce - increasingly connected, collaborative and in the cloud - the security perimeter has become dispersed and elastic, wrapped around each user and device. Moreover, ‘users’


How to Retrace the Steps of a Potential Phishing Attack with Threat Analytics

The majority of cyber attacks begin with phishing emails and websites. Attackers use many tricks, including by leveraging enterprise brand assets, such as company names and logos, to develop phishing websites that appear authentic and lure internet users to enter valuable information such as user names and passwords. Experts say