Customer Success Story: Regional Retail Grocery Chain
The Customer
Privately owned, regional retail grocery chain that has grown from a small business to one that Forbes Magazine ranked as one of "America's 500 Largest Private Companies" in 2007. Today, the chain runs state-of-the art grocery stores that provide customers a comprehensive range of products and leverage information technology to monitor and optimize business efficiency, as well as shopper spending and loyalty.
The Challenge
The grocery retailer has built a loyal and growing customer base by providing an unparalleled shopping experience – from farm fresh organic produce to the convenience of in-store food courts, pharmacies, and other one-stop-shopping conveniences. To achieve this exceptional retail shopping experience, the chain employs sophisticated information technology that enhances the in-store experience for shoppers, streamlines operations, and optimizes its supply chain. This technology is critical for running an efficient, competitive retail grocery business and maintaining customer loyalty. Naturally, protecting the customer and business data at the heart of the business is a top priority.
The Director of IT and his staff of over twenty run the grocery chain's information technology across the board – networking, database administration, security, quality assurance, EFT transaction processing, and IT compliance. This includes ensuring proper access for the grocery chain's fifteen terabytes of business critical data that is stored across hundreds of file servers and accessed by over one thousand users. As the Director describes it, "We have a real-time inventory system that allows us to adjust to ever-changing customer demand, a loyalty system that provides benefits to our frequent shoppers, card processing systems for customer payment convenience and health care-related data from our pharmacies. All of this information must be accessible instantly to those who need it, and protected from those who do not." This includes complying with both PCI DSS regulations for cardholder data and Health Insurance Portability and Accountability Act (HIPAA) regulations for patient data from the in-store pharmacies.
Evaluation Parameters
From the outset, the IT Director and the compliance team were looking for solutions to address their PCI DSS requirements. "Cardholder data is obviously business-critical because so many customers choose to pay with credit and debit. Protecting the relationship we've built with our customers is paramount and, of course, PCI has detailed rules that we must comply with as well", he noted. The grocery chain realized there is no single PCI solution that meets all PCI rules, so they wanted to maximize their IT spend by looking for solutions that allow them to comply with as many PCI DSS regulations as possible. They also wanted solutions that had the potential to be leveraged for protecting other business data and improving IT operations efficiency.
The Solution
The retailer chose Varonis® DatAdvantage® because it gave them depth of PCI DSS protection and had broad applicability to other compliance, data governance and IT operations tasks. Today, Varonis DatAdvantage is helping the grocery chain address 13 PCI DSS line-items in PCI DSS Section 10, "Track and monitor all access to network resources and cardholder data". The items include the following (taken directly from the PCI DSS requirements guideline).
Business Benefits
Automated audit log for regulatory compliance
The grocery chain must comply with PCI DSS requirements and strict internal controls. DatAdvantage provides the automated log they need to meet PCI requirements without disrupting operations or impacting server performance. And, DatAdvantage supplies the audit log details they need to monitor pharmacy-based patient data as well, simplifying compliance with both PCI and HIPPA.
Strong return-on-investment
Like most businesses today, the grocery retailer works hard to maximize the value derived from their IT dollars. DatAdvantage helps meet this objective, providing a single solution that can be used across multiple IT functions including compliance, security, storage, help desk, etc. The product's unique capabilities also provide a strong return on any given task, accelerating what would otherwise be a lengthy manual process.
Visibility of data permissions
The grocery chain's focus on a personalized shopping experience for its customers is central to the company's competitive differentiation. This means that customer data is an extremely valuable business asset for this retailer. Naturally, controlling access to this information is of paramount importance. Varonis DatAdvantage provides the visibility of which users can access data and where the permissions came from.
