CASE STUDY

National Tire Supplier Prepares for Compliance Deadline with Spirion-First Approach

About American Tire Distributors

ATD is one of the largest independent suppliers of tires to the replacement market, with 140-plus distribution centers and 5,000 associates in the U.S. and Canada. The company delivers an vast range of inventory, fast delivery, and value-added services to its tire and automotive customers.

“Spirion helped us overcome our immediate PCI-DSS compliance challenge — as well as tighten up our overall data security and compliance.” 

Lee Bergmann, DLP SME Engineer, American Tire Distributors

Download PDF

Challenge 

In early 2019, American Tire Distributors (ATD) was facing a PCI-DSS audit deadline due to a transition from in-house to outsourced credit card processing. The company had to find all credit card data living in its systems and begin on-premise remediation.

Solution 

The tire supplier took a Spirion-first approach to rapidly discover all credit card data living within over 70 terabytes of data on hundreds of endpoints in eight different computing environments.

Results 

The tire supplier took a Spirion-first approach to rapidly discover all credit card data living within over 70 terabytes of data on hundreds of endpoints in eight different computing environments.

The Mission: Rapid internal discovery and remediation of all consumer credit card data

In early 2019, American Tire Distributors (ATD) was facing a Payment Card Industry-Data Security Standard (PCI-DDS) audit with only two months to prepare. Missing the deadline could result in serious consequences, including steep penalties. The company’s data security team had tried various methods to discover all of its credit card data, but had limited and inconsistent results.

Not only did the data scan need to be completed within a short timeframe, but also it had to cover a vast enterprise, with over 70 terabytes of data and eight different computing environments — along with four servers, 20 VDI workstations, and over 3,000 endpoints.

To accomplish this daunting task, the company deployed Spirion. ATD had already brought Spirion in for testing. But now the company needed to rapidly launch the application and execute its mission of scanning its complete data-at-rest inventory. The security team was given the green light to escalate the Spirion launch.

ATD Scans 70 TB of Data in 8 Weeks

With a two-month audit deadline looming, the company began the massive data discovery project by automating several functions in Spirion that had been performed manually by staff members — including data classification, archiving, and trashing. ATD also leveraged several of Spirion’s pre-designed workflows.

These capabilities accelerated data discovery across the company’s desktops, laptops, servers, databases, file servers, and cloud storage — and eight computing environments, including SharePoint, Exchange, Confluence, Box.com, Oracle, Linus, Apple, and Windows.

Throughout the process, the ATD team of 24 engineers used Spirion every day to monitor and report results using customized dashboard metrics for tracking data discovery and classification, reducing white noise and false-positives, and tweaking policies.

“The results were phenomenal,” said Lee Bergmann, DLP SME Engineer. “Our Spirion-first scan put us in good standing with PCI-DSS. Now we’re positioned where we need to be to meet the compliance regulations.”

Spirion Meets ATD’s Business Goals

While its first Spirion project faced immense timepressure, ultimately, upgrading to a sophisticated data discovery, classification, and protection application provided a valuable step in the company’s evolution into a more mature data security posture.

“As ATD has grown, we’ve continuously worked to mature our data security,” explained Bergmann. “It’s critical that we deploy the right technologies to ensure controls are in place to reach our business goals, one of which is to stay in compliance with all relevant regulations.”

ATD had important considerations in matching its business goals with Spirion including:

  • Configurability to meet the company’s need
  • Not require a lot of agent resources on the endpoints
  • Easy for admins to move in and out of the application
  • Able to perform multiple tasks within a single solution

Spirion Supports Compliance Mission

Along with rapid data discovery, ATD also gained responsive support from Spirion. “I give Spirion an A+ in support — from knowledge transfer to training,” said Bergmann. “The support team contributed to our overall success in preparing for our PCI-DSS audit.”

ATD is already planning for the future with Spirion. “We are continuing to mature our data security policies, and will execute discovery and classification for more datasets, such as PII, IP, and CCPA. Spirion has definitely helped us meet our ultimate goal — maturing our data security and compliance capabilities.”

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →