Case Study
Automotive Industry
Infrastructure Update and Implementing FTC Safeguards for a Car Dealership
A car dealership group representing over half a dozen manufacturers and employing over 1,000 people was experiencing pressure to modernize to remain competitive. If they did not stay up to date with the latest technologies and practices, they might have experienced operational inefficiencies, customer dissatisfaction, and a decline in sales.
The Challenge
The Federal Trade Commission (FTC) recently issued a mandate requiring car dealerships to meet specific standards for requesting, transmitting, and storing personally identifiable information (PII) when selling and servicing vehicles. To comply with these FTC safeguards and protect buyers' private information, sales and service centers need fast and reliable infrastructure both during the purchase and servicing of vehicles.
The Solution
The client had over 100 virtual machines (VMs) hosted on aging on-premise equipment, including Active Directory servers, print servers, parts lookup, key management, digital display systems, file servers, HR servers, phone servers, and industry-specific software servers for vehicle sales, finance, accounting, and service. The challenge was to move these VMs off-site to new equipment at a local data center. To ensure a seamless transition and maintain a similar end-user experience, Cypac worked with the client to establish dedicated circuits between the dealerships and the data center, enabling a smooth transition that was unnoticeable to end users.
To meet FTC safeguard requirements, Cypac performed a GAP audit and analysis of the client's existing infrastructure and workflow. They scanned the IT infrastructure to review least privilege access to files and shares and identified PII within the files. The new data center architecture was configured for encryption at rest, a requirement unmet by the self-hosted hardware, and ensured that all site connections were encrypted to comply with FTC standards for encryption in transit. Additionally, the client’s security posture was enhanced by enabling SNMP logging, implementing an endpoint detection and response (EDR) solution, and installing a 24x7 Security Operations Center (SOC) to monitor on-premise and cloud services, providing alerts for suspicious activity and outages.
The Impact
The activities carried out by Cypac provided valuable insights into what the client needed to achieve compliance and remain competitive in the automotive sales and service industry. After completing the server migration, the in-house data center was decommissioned, relieving the IT department of the complexities associated with maintaining an in-house data center, including cooling, power, vendor management, and service provider challenges. Additionally, by moving the VMs to a more resource-rich environment, the client was able to perform long-overdue software upgrades and expand system resources. This transition allowed employees to serve clients more efficiently and improved the quality of service through the new features provided by the upgraded software.
The automotive group later brought in Cypac as a trusted partner to expand their family of dealerships. We worked closely with their IT department to implement a secure and reliable solution to support their growth and success.
The productivity enhancements throughout the organization proved to be a valuable investment in IT and security, preventing costly productivity losses and potential fines due to non-compliance. This transparent approach enabled the client to identify potential risks related to employee activities, core business operations, and privacy regulations. Witnessing our collaborative efforts result in tangible outcomes that benefit our clients and ensure their adherence to privacy regulations is always rewarding.