Spirion Resource Icon
WHITE PAPER

National Tire Supplier Prepares for Compliance Deadline with Spirion-First Approach

National Tire Supplier Prepares for Compliance Deadline with Spirion-First Approach

American Tire Distributors logoBusinesses are struggling to solve for GDPR and CCPA style regulation requirements and Spirion Compliance Manager meets those privacy disruptors to position organizations for compliance and operational efficiencies.

Key takeaways include:

  • Data Association. Identifies the data relationships between documents and locations associated with the same person to fulfill reporting requests related to CCPA and GDPR compliance
  • Subject Inventories. Builds an inventory of discovered subjects for fast reporting to fufill DSAR, SRR reports within compliance window
  • Subject request processing. Visually connects personal data across systems to create Subject Request Reports (SRRs)
  • DSAR/SRR fulfillment report generator. Build and generate subject reports containing summary of data

Customer Challenge

In early 2019, American Tire Distributors (ATD) was facing a PCI-DSS audit deadline due to a transition from in-house to outsourced credit card processing. The company had to find all credit card data living in its systems and begin on-premise remediation.

Spirion Solution

The tire supplier took a Spirion-first approach to rapidly discover all credit card data living within over 70 terabytes of data on hundreds of endpoints in eight different computing environments.

Spirion Results

The tire supplier took a Spirion-first approach to rapidly discover all credit card data living within over 70 terabytes of data on hundreds of endpoints in eight different computing environments.

“Spirion helped us overcome our immediate PCI-DSS compliance challenge — as well as tighten up our overall data security and compliance.”
Lee Bergmann, DLP SME Engineer, American Tire Distributors

The Mission: Rapid internal discovery and remediation of all consumer credit card data

ATD is one of the largest independent suppliers of tires to the replacement market, with 140-plus distribution centers and 5,000 associates in the U.S. and Canada. The company delivers an vast range of inventory, fast delivery, and value-added services to its tire and automotive customers.

In early 2019, American Tire Distributors (ATD) was facing a Payment Card Industry-Data Security Standard (PCI-DDS) audit with only two months to prepare. Missing the deadline could result in serious consequences, including steep penalties. The company’s data security team had tried various methods to discover all of its credit card data, but had limited and inconsistent results.

Not only did the data scan need to be completed within a short timeframe, but also it had to cover a vast enterprise, with over 70 terabytes of data and eight different computing environments — along with four servers, 20 VDI workstations, and over 3,000 endpoints.

To accomplish this daunting task, the company deployed Spirion. ATD had already brought Spirion in for testing. But now the company needed to rapidly launch the application and execute its mission of scanning its complete data-at-rest inventory. The security team was given the green light to escalate the Spirion launch.

ATD Scans 70 TB of Data in 8 Weeks

With a two-month audit deadline looming, the company began the massive data discovery project by automating several functions in Spirion that had been performed manually by staff members — including data classification, archiving, and trashing. ATD also leveraged several of Spirion’s pre-designed workflows.

These capabilities accelerated data discovery across the company’s desktops, laptops, servers, databases, file servers, and cloud storage — and eight computing environments, including SharePoint, Exchange, Confluence, Box.com, Oracle, Linus, Apple, and Windows.

Throughout the process, the ATD team of 24 engineers used Spirion every day to monitor and report results using customized dashboard metrics for tracking data discovery and classification, reducing white noise and false-positives, and tweaking policies.

“The results were phenomenal,” said Lee Bergmann, DLP SME Engineer. “Our Spirion-first scan put us in good standing with PCI-DSS. Now we’re positioned where we need to be to meet the compliance regulations.”

“With Spirion, we discovered where all of our at-rest data lives with amazing speed. Now we have utmost control.”
Lee Bergmann, DLP SME Engineer, American Tire Distributors

Spirion Meets ATD’s Business Goals

While its first Spirion project faced immense timepressure, ultimately, upgrading to a sophisticated data discovery, classification, and protection application provided a valuable step in the company’s evolution into a more mature data security posture.

“As ATD has grown, we’ve continuously worked to mature our data security,” explained Bergmann. “It’s critical that we deploy the right technologies to ensure controls are in place to reach our business goals, one of which is to stay in compliance with all relevant regulations.”

ATD had important considerations in matching its business goals with Spirion including:

  • Configurability to meet the company’s need
  • Not require a lot of agent resources on the endpoints
  • Easy for admins to move in and out of the application
  • Able to perform multiple tasks within a single solution

Spirion Supports Compliance Mission

Along with rapid data discovery, ATD also gained responsive support from Spirion. “I give Spirion an A+ in support — from knowledge transfer to training,” said Bergmann. “The support team contributed to our overall success in preparing for our PCI-DSS audit.”

ATD is already planning for the future with Spirion. “We are continuing to mature our data security policies, and will execute discovery and classification for more datasets, such as PII, IP, and CCPA. Spirion has definitely helped us meet our ultimate goal — maturing our data security and compliance capabilities.”

Related Resources

resource
The Quiet Revolution, Part III: What You Need to Know About U.S. State Privacy Laws
resource
10 Data Protection Tactics To Act On For Remote Working
resource
How Spirion Advances Compliance with New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
resource
What are the Business Costs of Ignoring or Heeding GDPR?
resource
Gartner Predicts 2020: Embrace Privacy and Overcome Ambiguity to Drive Digital Transformation
resource
National Tire Supplier Prepares for Compliance Deadline with Spirion-First Approach