Skyscanner

Skyscanner enhances global workforce security, simplifies internal access workflows, and boosts internal application performance using Cloudflare Zero Trust

SkyScanner is a global travel search platform with a mission to “become the world’s number one travel ally.” As a metasearch travel aggregator, Skyscanner helps users compare prices for flights, hotels, and car rentals from hundreds of travel sites. Founded in 2003 in Edinburgh, Skyscanner serves over 100 million customers monthly, providing information on over 80 billion prices daily, and operating in over 30 languages.

Challenge: Traditional on-premises architecture under strain

In recent years, post-pandemic, travel demand has exploded, and so has Skyscanner’s business. This rapid growth, combined with Skyscanner’s adoption of a hybrid work policy put increasing strain on the company’s traditional on-premises IT and security architecture, particularly its virtual private network (VPN), and made it challenging to respond to threats.

“With all our services hosted on-premises, we were expending huge amounts of time and resources just keeping everything online,” says Leonardo Almeida, Senior Engineer at Skyscanner. “Every time we exposed a vulnerability, we had to act immediately — usually out of hours. The complexity of managing all the infrastructure behind the scenes slowed us down, limiting our ability to develop new products for our customers.”

Skyscanner aspired to a more flexible architecture that could deliver “security by design — rather than as an afterthought.” To that end, the company prioritized modernizing remote access with Zero Trust controls delivered by Cloudflare, and replacing its legacy VPN. Implementing Cloudflare has helped Skyscanner:

• Strengthen security posture globally with least-privilege access
• Simplify its architecture by eliminating complex on-prem tools across multiple vendors
• Improve employee experiences by reducing latency across regions

“We wanted to re-architect our internal network and give our employees safe and scalable access to the systems they need to do their jobs from anywhere in the world,” says Jordan Craig, Principal Engineer. “Cloudflare was the perfect platform to deliver that seamless experience for our end users.”

Improving security with Zero Trust best practices

Replacing their legacy VPN, Skyscanner onboarded Cloudflare’s Zero Trust Network Access (ZTNA) solution. Now, the company enforces granular controls for specific users to specific apps, including verification based on Skyscanner’s corporate identity provider. Skyscanner now bases access policies on least privilege for specific user roles, groups, and application purposes legacy methods like IP addresses, ports, or device locations.

“Once we define and assign user, application, and network groups, Cloudflare is there, frictionlessly protecting us against breaches, unwanted data flows, or inappropriate use of resources,” says Almeida.

Replacing legacy tools and simplifying management

Transitioning to Cloudflare’s cloud-native solution has eliminated VPN-related operational inefficiencies, including frequent manual interventions and costly maintenance cycles.

“Cloudflare eliminated all the painful aspects of infrastructure management,” says Almeida. “Because our engineers are no longer fighting fires and micromanaging services, we can finally prioritize development. It is a huge improvement.”

Skyscanner have also prioritized automation throughout their IT environment, including their Cloudflare deployment. To that end, the company leverages Cloudflare’s Terraform provider to automate the configuration of new policies for apps and the onboarding of new users with infrastructure-as-code.

“Cloudflare is the connective tissue that helps us automate and scale protections across our global workforce,” says Craig. “Skyscanner engineers now manage access and security through the same processes used for application development. They apply the same CI/CD pipelines, follow the same review and deployment workflows, and use the same tools to enable rapid iteration. The shift has made it easier for Skyscanner to move quickly, operate securely, and scale new services with fewer dependencies.”

Improving user experiences with fast, consistent connectivity

Connecting to resources through Cloudflare has dramatically improved the day-to-day user experience for Skyscanner’s global workforce. With the VPN, traffic from users was backhauled through regional servers, which led to inconsistent performance and latency. Slow performance was especially challenging for users in Asia and Europe who were far from Skyscanner's offices.

Now, users connect to the closest point of presence on the Cloudflare network, which in 2025 spans more than 330 cities in over 125 countries. Being close to end users means connections are consistent and fast.

“Cloudflare cut connection times between Asia and Europe to less than 200 milliseconds,” says Almeida. “By reducing latency and delivering secure experiences, Cloudflare enables our people to do their best work.”

Looking ahead

Reflecting on their experience with Cloudflare to date, Skyscanner’s teams have been impressed.

“Cloudflare solved all the problems other vendors struggled with as we figured out how to scale their platform across our global estate,” says Craig.

As the company grows, it sees Cloudflare as a long-term partner, helping it scale securely, build resilient infrastructure, and take advantage of emerging technologies like AI.

“Cloudflare operates across the world without compromising on security or features,” says Craig, “Within the Cloudflare ecosystem, there are endless opportunities for us to collaborate and create an even more capable, secure, safe, and versatile platform for our users.”