SlideShare una empresa de Scribd logo

Security Spotlight: Rent-A-Center

Alert Logic
Alert Logic

Security Spotlight: Rent-A-Center (Mike Santimaw)

Tecnología
1 de 13
Descargar para leer sin conexión
Thank you.
Thank you.HOW RENT-A-CENTER STAYS SECURE AND COMPLIANT ON AWS WITH ALERT LOGIC MIKE SANTIMAW – VP OF INFORMATION SECURITY, RENT-A-CENTER
About Rent-A-Center Company Profile ▪ One of the largest rent-to-own retailors with 3000+ stores and 1200 partner locations ▪ 21,000 employees ▪ Founded in 1986 Consumer Experiences ▪ Brick and mortar ▪ E-commerce ▪ Financial partnership
Complex Environment Footprint ▪ Traditional data centers ▪ Multiple cloud providers ▪ SaaS and internal web services ▪ Mobile and e-commerce environments Compliance ▪ PCI DSS, SOX, etc. Development ▪ Traditional development ▪ DevOps ▪ Internal & external global resources
Challenge ▪ Continuing to expand points of commerce and drive transformational innovation to create the next evolution of the leased ownership sector ▪ Securing our core while also addressing the cyber risks within rapid business development methodologies ▪ Report on Compliance Initiatives ▪ Minimal InfoSec staff within a team that primarily grew organically ▪ Unable to staff our InfoSec team 24x7x365 ▪ Being a silent partner to the organization
Build SOC Capabilities Internally ▪ Toolset investments and ongoing maintenance ▪ Threat intelligence feeds ▪ Develop the staff with appropriate skills ▪ Year on year training ▪ Staff salaries ▪ Private facilities ▪ Staff 24x7x365
The Solution ▪ Work with an industry leader and who is focused on innovation, on the same journey as our primary cloud service provider, AWS. ▪ Our solution uses AWS and Alert Logic products and services. ▪ Rent-A-Center began the journey with Alert Logic with our on-prem data center locations. ▪ Incorporating Alert Logic via AWS Marketplace with a single pane of glass for security. ▪ Alert Logic solutions included Alert Logic® Cloud Defender™ and Alert Logic® Active Watch™
Alert Logic has analyzed 374 TB of our network traffic! Detected 566,668 events and identified 220 actions
Secret Sauce? People ▪ The Alert Logic Security Experts instantly matured the RAC InfoSec team. ▪ The collaboration that exists today is truly an extension of our team. ▪ Alert Logic helped drive the security journey for our CI/CD process within the RAC DevOps team. ▪ Knowing that Alert Logic‘s people, processes, and technology are protecting RAC 24/7, we are able to focus on other critical initiatives.
Stronger Cloud Security Posture Customer Data Platform, Applications, Identity & Access Management Operating Systems, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) AWS Global Infrastructure Compute Storage Database Networking Regions Availability Zones Edge Locations Rent-A-Center & Alert Logic Shared Responsibility for security “in” the cloud AWS Shared Responsibility for security “of” the cloud
Where is Rent-A-Center going next? ▪ Maintain our compliance posture. ▪ Expand points of commerce and drive transformational innovation for Rent-A-Center in accordance with our strategic plans. ▪ Continue building out our automated, event-driven security program. ▪ Continue maturing our DevOps and DevSecOps culture ▪ Keep the collaboration going with getting Alert Logic engaged in innovation sessions regarding new development/delivery
Recommendations ▪ Organizations should look for a seamless security solutions provider that focuses on the cloud as well as the journey to get there. ▪ Ensure the partner you choose has expertise on, in, and around the cloud with an appetite to expand. ▪ Security and well as compliance maturity ▪ Actionable security best practices are the keys to success.
Thank you.

Recomendados

Backup lexington ky
Backup lexington kyBackup lexington ky
Backup lexington ky
DataRestoration
 
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014 "The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
RMS
 
Gss Company Profile
Gss Company ProfileGss Company Profile
Gss Company Profile
Paul O'Sullivan
 
Bloombase integration with eskm final w alliance cert logo 6_11_15
Bloombase integration with eskm final w alliance cert logo 6_11_15Bloombase integration with eskm final w alliance cert logo 6_11_15
Bloombase integration with eskm final w alliance cert logo 6_11_15
Bloombase
 
Bloombase integration with eskm final w alliance cert logo 4_9_15
Bloombase integration with eskm final w alliance cert logo 4_9_15Bloombase integration with eskm final w alliance cert logo 4_9_15
Bloombase integration with eskm final w alliance cert logo 4_9_15
Bloombase
 
Forensic Auditing
Forensic AuditingForensic Auditing
Forensic Auditing
Mitesh Katira
 
Future Commerce 2019
Future Commerce 2019 Future Commerce 2019
Future Commerce 2019
PT Datacomm Diangraha
 
SWATX Company Profile 190919
SWATX Company Profile 190919SWATX Company Profile 190919
SWATX Company Profile 190919
Seif Badawi
 

Recomendados

Backup lexington ky
Backup lexington kyBackup lexington ky
Backup lexington ky
DataRestoration
 
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014 "The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
"The RMS Cloud" - Presented at the RAA's Cat Modeling Conference 2014
RMS
 
Gss Company Profile
Gss Company ProfileGss Company Profile
Gss Company Profile
Paul O'Sullivan
 
Bloombase integration with eskm final w alliance cert logo 6_11_15
Bloombase integration with eskm final w alliance cert logo 6_11_15Bloombase integration with eskm final w alliance cert logo 6_11_15
Bloombase integration with eskm final w alliance cert logo 6_11_15
Bloombase
 
Bloombase integration with eskm final w alliance cert logo 4_9_15
Bloombase integration with eskm final w alliance cert logo 4_9_15Bloombase integration with eskm final w alliance cert logo 4_9_15
Bloombase integration with eskm final w alliance cert logo 4_9_15
Bloombase
 
Forensic Auditing
Forensic AuditingForensic Auditing
Forensic Auditing
Mitesh Katira
 
Future Commerce 2019
Future Commerce 2019 Future Commerce 2019
Future Commerce 2019
PT Datacomm Diangraha
 
SWATX Company Profile 190919
SWATX Company Profile 190919SWATX Company Profile 190919
SWATX Company Profile 190919
Seif Badawi
 
The Long Awaited Cloud Solution - Company Overview
The Long Awaited Cloud Solution - Company OverviewThe Long Awaited Cloud Solution - Company Overview
The Long Awaited Cloud Solution - Company Overview
PT Datacomm Diangraha
 
Nox strategic partnership presentation
Nox strategic partnership presentationNox strategic partnership presentation
Nox strategic partnership presentation
Rand Bleimeister
 
Uptime Group
Uptime GroupUptime Group
Uptime Group
MatsBluekens1
 
Jelecos Services Overview
Jelecos Services OverviewJelecos Services Overview
Jelecos Services Overview
Jessica Sheldon
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your Business
Joel Katz
 
Wowrack Cloud Services
Wowrack Cloud ServicesWowrack Cloud Services
Wowrack Cloud Services
Doug Cardinale
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
Amazon Web Services
 
Ten Type of Innovation - Universitas Indonesia
Ten Type of Innovation - Universitas Indonesia Ten Type of Innovation - Universitas Indonesia
Ten Type of Innovation - Universitas Indonesia
PT Datacomm Diangraha
 
Codero: The Future of IT is Here
Codero: The Future of IT is HereCodero: The Future of IT is Here
Codero: The Future of IT is Here
Codero
 
Azure Migration .pptx
Azure Migration .pptxAzure Migration .pptx
Azure Migration .pptx
sonalibiswas22
 
Cloud Technology: What is it? What can it do for your Association
Cloud Technology: What is it? What can it do for your AssociationCloud Technology: What is it? What can it do for your Association
Cloud Technology: What is it? What can it do for your Association
Associations Network
 
Revolutionizing ERP with in-Memory Computing using secure and Local SAP on Cloud
Revolutionizing ERP with in-Memory Computing using secure and Local SAP on CloudRevolutionizing ERP with in-Memory Computing using secure and Local SAP on Cloud
Revolutionizing ERP with in-Memory Computing using secure and Local SAP on Cloud
PT Datacomm Diangraha
 
The power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast IT
The power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast ITThe power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast IT
The power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast IT
Cisco Canada
 
Pyramid Technologies Capability Statement & Technical
Pyramid Technologies Capability Statement & TechnicalPyramid Technologies Capability Statement & Technical
Pyramid Technologies Capability Statement & Technical
Herbert Jones, PMP
 
Managed services web
Managed services webManaged services web
Managed services web
Dean North
 
Managed servoes 2mb
Managed servoes 2mbManaged servoes 2mb
Managed servoes 2mb
Lisa Thornton
 
Managed services web
Managed services webManaged services web
Managed services web
Mark Howie
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summits
 
Euromoney's integration journey: Selecting SnapLogic's self-service integrati...
Euromoney's integration journey: Selecting SnapLogic's self-service integrati...Euromoney's integration journey: Selecting SnapLogic's self-service integrati...
Euromoney's integration journey: Selecting SnapLogic's self-service integrati...
SnapLogic
 
Getting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-convergedGetting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-converged
Synapse360
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 

Más contenido relacionado

Similar a Security Spotlight: Rent-A-Center

Codero: The Future of IT is Here
Codero: The Future of IT is HereCodero: The Future of IT is Here
Codero: The Future of IT is Here
Codero
 
Pyramid Technologies Capability Statement & Technical
Pyramid Technologies Capability Statement & TechnicalPyramid Technologies Capability Statement & Technical
Pyramid Technologies Capability Statement & Technical
Herbert Jones, PMP
 
Managed services web
Managed services webManaged services web
Managed services web
Dean North
 
Managed services web
Managed services webManaged services web
Managed services web
Mark Howie
 

Similar a Security Spotlight: Rent-A-Center (20)

The Long Awaited Cloud Solution - Company Overview
The Long Awaited Cloud Solution - Company OverviewThe Long Awaited Cloud Solution - Company Overview
The Long Awaited Cloud Solution - Company Overview
 
Nox strategic partnership presentation
Nox strategic partnership presentationNox strategic partnership presentation
Nox strategic partnership presentation
 
Uptime Group
Uptime GroupUptime Group
Uptime Group
 
Jelecos Services Overview
Jelecos Services OverviewJelecos Services Overview
Jelecos Services Overview
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your Business
 
Wowrack Cloud Services
Wowrack Cloud ServicesWowrack Cloud Services
Wowrack Cloud Services
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
 
Ten Type of Innovation - Universitas Indonesia
Ten Type of Innovation - Universitas Indonesia Ten Type of Innovation - Universitas Indonesia
Ten Type of Innovation - Universitas Indonesia
 
Codero: The Future of IT is Here
Codero: The Future of IT is HereCodero: The Future of IT is Here
Codero: The Future of IT is Here
 
Azure Migration .pptx
Azure Migration .pptxAzure Migration .pptx
Azure Migration .pptx
 
Cloud Technology: What is it? What can it do for your Association
Cloud Technology: What is it? What can it do for your AssociationCloud Technology: What is it? What can it do for your Association
Cloud Technology: What is it? What can it do for your Association
 
Revolutionizing ERP with in-Memory Computing using secure and Local SAP on Cloud
Revolutionizing ERP with in-Memory Computing using secure and Local SAP on CloudRevolutionizing ERP with in-Memory Computing using secure and Local SAP on Cloud
Revolutionizing ERP with in-Memory Computing using secure and Local SAP on Cloud
 
The power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast IT
The power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast ITThe power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast IT
The power of orchestration - Inside Cisco IT - DC Cloud from IaaS to Fast IT
 
Pyramid Technologies Capability Statement & Technical
Pyramid Technologies Capability Statement & TechnicalPyramid Technologies Capability Statement & Technical
Pyramid Technologies Capability Statement & Technical
 
Managed services web
Managed services webManaged services web
Managed services web
 
Managed servoes 2mb
Managed servoes 2mbManaged servoes 2mb
Managed servoes 2mb
 
Managed services web
Managed services webManaged services web
Managed services web
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
Euromoney's integration journey: Selecting SnapLogic's self-service integrati...
Euromoney's integration journey: Selecting SnapLogic's self-service integrati...Euromoney's integration journey: Selecting SnapLogic's self-service integrati...
Euromoney's integration journey: Selecting SnapLogic's self-service integrati...
 
Getting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-convergedGetting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-converged
 

Más de Alert Logic

Más de Alert Logic (20)

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Security Spotlight: Rent-A-Center

  • 2. Thank you.HOW RENT-A-CENTER STAYS SECURE AND COMPLIANT ON AWS WITH ALERT LOGIC MIKE SANTIMAW – VP OF INFORMATION SECURITY, RENT-A-CENTER
  • 3. About Rent-A-Center Company Profile ▪ One of the largest rent-to-own retailors with 3000+ stores and 1200 partner locations ▪ 21,000 employees ▪ Founded in 1986 Consumer Experiences ▪ Brick and mortar ▪ E-commerce ▪ Financial partnership
  • 4. Complex Environment Footprint ▪ Traditional data centers ▪ Multiple cloud providers ▪ SaaS and internal web services ▪ Mobile and e-commerce environments Compliance ▪ PCI DSS, SOX, etc. Development ▪ Traditional development ▪ DevOps ▪ Internal & external global resources
  • 5. Challenge ▪ Continuing to expand points of commerce and drive transformational innovation to create the next evolution of the leased ownership sector ▪ Securing our core while also addressing the cyber risks within rapid business development methodologies ▪ Report on Compliance Initiatives ▪ Minimal InfoSec staff within a team that primarily grew organically ▪ Unable to staff our InfoSec team 24x7x365 ▪ Being a silent partner to the organization
  • 6. Build SOC Capabilities Internally ▪ Toolset investments and ongoing maintenance ▪ Threat intelligence feeds ▪ Develop the staff with appropriate skills ▪ Year on year training ▪ Staff salaries ▪ Private facilities ▪ Staff 24x7x365
  • 7. The Solution ▪ Work with an industry leader and who is focused on innovation, on the same journey as our primary cloud service provider, AWS. ▪ Our solution uses AWS and Alert Logic products and services. ▪ Rent-A-Center began the journey with Alert Logic with our on-prem data center locations. ▪ Incorporating Alert Logic via AWS Marketplace with a single pane of glass for security. ▪ Alert Logic solutions included Alert Logic® Cloud Defender™ and Alert Logic® Active Watch™
  • 8. Alert Logic has analyzed 374 TB of our network traffic! Detected 566,668 events and identified 220 actions
  • 9. Secret Sauce? People ▪ The Alert Logic Security Experts instantly matured the RAC InfoSec team. ▪ The collaboration that exists today is truly an extension of our team. ▪ Alert Logic helped drive the security journey for our CI/CD process within the RAC DevOps team. ▪ Knowing that Alert Logic‘s people, processes, and technology are protecting RAC 24/7, we are able to focus on other critical initiatives.
  • 10. Stronger Cloud Security Posture Customer Data Platform, Applications, Identity & Access Management Operating Systems, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) AWS Global Infrastructure Compute Storage Database Networking Regions Availability Zones Edge Locations Rent-A-Center & Alert Logic Shared Responsibility for security “in” the cloud AWS Shared Responsibility for security “of” the cloud
  • 11. Where is Rent-A-Center going next? ▪ Maintain our compliance posture. ▪ Expand points of commerce and drive transformational innovation for Rent-A-Center in accordance with our strategic plans. ▪ Continue building out our automated, event-driven security program. ▪ Continue maturing our DevOps and DevSecOps culture ▪ Keep the collaboration going with getting Alert Logic engaged in innovation sessions regarding new development/delivery
  • 12. Recommendations ▪ Organizations should look for a seamless security solutions provider that focuses on the cloud as well as the journey to get there. ▪ Ensure the partner you choose has expertise on, in, and around the cloud with an appetite to expand. ▪ Security and well as compliance maturity ▪ Actionable security best practices are the keys to success.