Customer Stories / Travel / UK
TUI Enhances Security Control Management with Automated Security Response on AWS
Learn how global travel company TUI Group accelerated innovation through security automation using an AWS Solution.
Enhances
security control management using Automated Security Response on AWS
156
workdays saved annually
85%
faster remediation
Overview
TUI Group is one of the world's leading tourism groups and operates over 400 hotels and resorts, 17 cruise ships, 130 aircraft, and 1,200 travel agencies worldwide. Maintaining strong security is not just a technical requirement—it’s a business imperative. TUI Group, headquartered in Germany, serves 20 million customers who travel to over 180 destinations worldwide. The company faced a challenge as its cloud footprint expanded as part of its focus to transform and grow its digital platforms.
To support its rapid growth, TUI Group implemented a comprehensive security framework using Amazon Web Services (AWS). The framework is based on Automated Security Response on AWS, an add-on solution that works with AWS Security Hub, a service that automates AWS security checks. This custom framework standardizes and simplifies remediation across the company’s entire cloud environment. TUI Group not only strengthened its security posture but also freed its engineers to focus on what matters most to the company: delivering innovative travel experiences.
Opportunity | Using Automated Security Response on AWS to Scale Security Management for TUI Group
Initially, TUI Group used a custom compliance framework to monitor and maintain security standards. This solution worked well for early cloud deployments, but as TUI Group grew its AWS footprint, the company needed a more scalable approach. Engineers had to check security findings region by region, making it difficult to maintain a full view of their security posture and taking time away from product development.
TUI Group made a strategic decision to employ more automation, using AWS native solutions to overcome these limitations and the overhead on developers on remediations. The company first selected AWS Security Hub for its ability to provide a unified, comprehensive view of security alerts across all accounts and regions. To streamline remediation processes through automation, the team then implemented Automated Security Response, which is available through the AWS Solutions Library.
Automated Security Response provides predefined response and remediation actions based on industry compliance standards and best practices for security threats. The open-source nature of this solution was particularly appealing for TUI Group; the company could incorporate custom code and create additional features that were tailored to its evolving security needs.
Our customized compliance framework, based on Automated Security Response, empowers TUI Group to enhance its cloud posture while reducing cognitive load on our engineers. This supports our goal of maintaining zero critical and high-priority findings against AWS best practices across our estate.”
Simon Mehigan
Chief Information Security Officer, TUI Group
Solution | Improving Security Controls Management
Using AWS Security Hub, TUI Group consolidates security insights from Amazon GuardDuty and other AWS native security services to protect AWS accounts, workloads, and data with intelligent threat detection. With these services in place, TUI Group gained a foundation for a unified interface to monitor security alerts across all AWS accounts and regions where it operates.
Building on this foundation, TUI Group customized the Automated Security Response solution to meet its needs. The company developed custom and prebuilt playbooks to automatically respond to and remediate specific security scenarios automatically, such as unauthorized configuration changes or non-compliant resources. The AWS product team played a key part in the process by introducing several feature improvements based on TUI Group’s requirements. A key area of collaboration between the AWS team and TUI Group was in the development of an integration feature with Automated Security Response and TUI’s security exceptions approval workflow for security policy compliance.
“Our customized compliance framework, based on Automated Security Response, empowers TUI Group to enhance its cloud posture while reducing cognitive load on our engineers,” says Simon Mehigan, Chief Information Security Officer at TUI Group. “This supports our goal of maintaining zero critical and high-priority findings against AWS best practices across our estate.”
Instead of requiring engineers to log on to each region separately to check security findings, the new framework consolidates data across regions to a single source. This consolidation provides a comprehensive view of TUI Group’s security posture across its entire cloud infrastructure, which empowers security teams to quickly identify, prioritize, and respond to potential incidents while keeping consistent security standards across all regions and AWS accounts. With these improvements, TUI Group has boosted its security control management with Automated Security Response.
Outcome | Accelerating Innovation by Automating Security Operations
By automating routine security tasks with Automated Security Response, TUI Group saves up to 156 workdays annually in resolving findings across the organization. The streamlined approach has reduced the time needed to remediate non-compliant resources by 85 percent, facilitating faster responses to potential threats. Most importantly, by reducing the time that engineers spend on security compliance, TUI Group has accelerated the delivery of new features and improvements that directly benefit its customers.
“By providing a unified security interface and solutions on AWS, we empower our internal teams to focus on their core products,” says Joaquim Santos, technology team lead of the cloud assurance team at TUI Group. “They can deliver solutions that maintain security and reliability, all while saving time and prioritizing business value.”
In the future, TUI Group will enhance its security framework by expanding its library of security playbooks. Because Automated Security Response is seamlessly deployable and customizable, the company has a flexible foundation for implementing new features as its needs evolve.
“With our compliance framework, we have improved trust in our security posture and moved the needle in the right direction,” says Yasin Quareshy, head of cloud technology at TUI Group. “Our engineers are more confident in terms of what compliance measures are in place for their services, so they get more time to build the right solutions for our customers.”
AWS Services Used
Automated Security Response on AWS
Automated Security Response on AWS is an AWS Solution that enhances AWS Security Hub by automatically addressing common security issues across your organization's AWS environment.
AWS Security Hub
Use AWS Security Hub to automate security best practice checks, aggregate security alerts into a single place and format, and understand your overall security posture across all of your AWS accounts.
Learn more »
Amazon GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
Learn more »
AWS Solutions Library
Organizations today are in search of vetted solutions and architectural guidance to rapidly solve business challenges.
Learn more »
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.