airBaltic

Fast, smart, secure: How Cloudflare powers airBaltic’s innovation with reliable cloud solutions

With nearly 3,000 employees, a fleet of 50 aircraft, and operations in 70+ destinations across Europe, the Middle East, North Africa, and the Caucasus, airBaltic is a regional airline built on innovation. From pioneering new aircraft model to being the first European airline to roll out Starlink inflight connectivity, the company is always at the forefront of technological innovation.

Managing an airline’s IT infrastructure involves orchestrating a highly complex ecosystem spanning numerous operational units—each with distinct business processes, cultures, and technological requirements. “The company operates across a comprehensive spectrum of business functions, including Maintenance, Repair, and Overhaul (MRO), training organization, flight and ground operations, airworthiness, finance, marketing, e-commerce, and many more” explains Kaspars Kapenieks. “Each of these areas functions as a semi-autonomous unit with its own objectives and technology stack, ranging from legacy systems dating back to the 1970s to state-of-the-art platforms leveraging AI, blockchain, and cloud-native architectures.”

This intricate and distributed setup blends internally managed infrastructure—such as the airline’s website backend—with cloud-based solutions supporting functions like merchandising and booking, often powered by third-party vendors operating across European data centers. Coordinating these layers requires seamless integration across varied systems and careful management of external partnerships, making Cloudflare technologies a foundational pillar in maintaining agility, scalability, and resilience throughout the airline’s digital landscape.

The airline’s e-commerce platform faces especially high performance demands, with traffic spiking up to 20 times during major sales events. Ensuring scalability and reliable performance remains an ongoing priority for critical services like bookings, check-in, merchandising, and other key customer-facing functions.

To maintain control over digital operations, airBaltic strategically routes its most critical traffic through infrastructure environments that remain under its administrative control — such as services provided by Cloudflare — rather than relying solely on supplier systems and their direct integration between each other. This setup enables real-time performance monitoring, fine-tuned traffic management, and rapid responsiveness to dynamic conditions.

By directing key traffic through this controlled layer, airBaltic retains the agility to dynamically adjust caching strategies, prioritize specific types of requests, and swiftly react to traffic spikes or system anomalies. This proactive approach helps the airline optimize computing and network resources while ensuring consistent system stability and performance under high demand.

During peak periods, IT teams actively fine-tune caching policies, scale resource allocations, and refine load balancing to maintain seamless digital experiences. Unsurprisingly, cybersecurity remains a central focus. “We see a rising number of increasingly sophisticated attacks, from constant DDoS attempts and vulnerability scans to phishing,” says Kaspars Kapenieks. “Whether driven by geopolitical trends or the natural evolution of IT threats is unclear, but the imperative is the same—we must stay prepared and protected at all times.”

Ransom request sets 24-hour countdown

In 2015, airBaltic faced a severe disruption — one that no airline wants to deal with. A massive DDoS ransom attack hit their infrastructure, impacting not just their own systems but also the uplinks of their internet service provider (ISP)—the company responsible for providing airBaltic with internet access. As a result, airBaltic’s entire network was effectively cut off, leaving them unable to operate online services. With the ISP’s international uplinks overwhelmed, the provider resorted to blackholing airBaltic’s network, meaning no action on their side could mitigate the disruption.

Faced with a 24-hour ransom deadline and no time to explore multiple vendors or lengthy setup processes, airBaltic’s IT team needed an immediate solution. They turned to Cloudflare, known for fast deployment and effective DDoS protection. In less than an hour, they migrated the public DNS zone from self-hosted BIND servers to Cloudflare and activated Cloudflare’s CDN, WAF and advanced DDoS protection, and shielded their network from further attacks.

“We switched it on and held our breath. We were worried it might break things—after all, inserting a proxy into live traffic during an ongoing attack is risky. But it worked. And then… nothing happened. The attackers sent more threats, but our systems stayed online,” says Kaspars Kapenieks.

Cloudflare’s integration didn’t just mitigate the immediate crisis; it also provided a level of visibility and control over the traffic that the airline had never had before by providing comprehensive dashboards and analytics directly in the administration console.

Keeping bot traffic in check: How to maintain the right balance

As airBaltic continued to strengthen its security posture, the airline faced another major challenge: a growing volume of bot traffic that was overloading booking systems, scraping prices, and placing significant strain on backend infrastructure.

In the airline industry, bots are a double-edged sword. While some are legitimate — such as travel aggregators gathering pricing data — others are unwanted, e.g. competitors or even malicious, launching brute-force login attempts, slowing down booking platforms, and artificially inflating traffic loads. And even for good bots there are APIs available to all partners and aggregators as long as they are willing to obey rules of the platform as some of them were creating unnecessary load by generating millions of completely unreasonable requests. For airBaltic, the problem had escalated to the point where over 80% of its traffic was coming from bots, creating operational inefficiencies and unnecessary costs.

The airline’s initial response relied on manual interventions, such as blocking IP addresses or applying rigid firewall rules. However, as bots became more stealthy and sophisticated, these methods quickly proved ineffective. New threats constantly adapted, bypassing traditional security measures, requiring a more dynamic, automated approach.

In 2019, airBaltic went out hunting for bot management solutions, and Cloudflare hinted that they have a Bot management product in private beta. After testing a couple of other suppliers and having already experienced the value of Cloudflare’s protection, airBaltic chose to test Cloudflare’s bot management solution — even while the product was still in beta. airBaltic agreed with Cloudflare on PoC by transitioning from a basic Cloudflare Business plan subscription to an enterprise-level agreement, in addition to bot management airBaltic gained access to more security features, better SLAs and access to raw logs via logpush service which they extensively use in their internal log analytics platform and SIEM for more advanced traffic analytics and correlation with other events. This also laid the groundwork for a deeper, long-term security partnership.

What was the result?

• Advanced bot filtering reduced unnecessary requests, improving backend efficiency.
• Traffic analysis tools allowed airBaltic to distinguish between legitimate and malicious bot behavior.
• Customizable management enabled airBaltic to selectively allow certain bots while blocking others.
• After challenged with Cloudflare’s solution, some of the travel aggregators approached airBaltic and signed contracts for proper API access for mutual benefit.

Security and performance in one dashboard

Today, Cloudflare plays a critical role in airBaltic’s digital infrastructure, providing both security and performance optimizations that allow the airline to scale with confidence, protect key systems, and maintain a consistent user experience for millions of passengers worldwide.

airBaltic’s IT team relies on real-time dashboards and security analytics, powered by Cloudflare logs, to monitor network activity and respond proactively to potential issues. Cloudflare logs are built into airBaltic’s own security systems and used to build their own dashboards. During peak booking events, they use Cloudflare’s data insights to adjust caching rules and resource allocation in real time, ensuring uninterrupted performance—even during extreme traffic spikes.

To support its growing digital ecosystem, airBaltic now benefits from a comprehensive suite of security and performance tools, including:

• CDN – Strengthens backend infrastructure, reduces server load, and optimizes response times, especially during high-traffic events like Black Friday promotions.

• WAF (Web Application Firewall) & DDoS Protection – Provides real-time threat mitigation, securing customer-facing systems against targeted cyberattacks.

• Load Balancer – Improves performance and user experience by distributing traffic across multiple data centers, ensuring effortless failover.

• Cloudflare Access – Simplifies secure access to internal test environments without the complexity of VPN configurations.

• Bot Management – Helps detect and mitigate automated traffic, ensuring better security, reducing fraud, and optimizing website performance by leveraging bot scoring, custom rules, and detailed analytics.

• Cloudflare Workers – Enable to build and deploy serverless applications globally, enhancing performance, reliability, and scalability without the need to manage infrastructure.

Why airBaltic chose to continue working with Cloudflare

“What sets Cloudflare apart is their transparency. When something happens, we don’t just get a generic response—we get a detailed explanation of what went wrong, why it happened, and what’s being done to prevent it in the future. That level of openness is rare in the industry. Having a direct contact person also makes a huge difference. When we need something escalated, we know there’s someone who will actually push it forward,” says Kaspars.

airBaltic also values Cloudflare’s pricing model, which stands out in an industry where many providers charge per gigabyte of traffic. The ability to predict costs while still benefiting from enterprise-grade security and performance has made Cloudflare an integral part of airBaltic’s infrastructure strategy.

As airBaltic prepares for a potential IPO in the future, ensuring resilient, scalable, and secure digital operations has never been more important. With Cloudflare’s rapid pace of innovation, the airline sees the partnership as long-term, capable of keeping up with its evolving needs. Whether applying custom logic within a modern cloud environment, scaling security measures, or integrating new features, Cloudflare continues to be an essential part of airBaltic’s digital transformation.