Security Spotlight: Rent-A-Center (Mike Santimaw)

1. Thank you.

2. Thank you.HOW RENT-A-CENTER STAYS SECURE AND
COMPLIANT ON AWS WITH ALERT LOGIC
MIKE SANTIMAW – VP OF INFORMATION
SECURITY, RENT-A-CENTER

3. About Rent-A-Center
Company Profile
▪ One of the largest rent-to-own retailors with
3000+ stores and 1200 partner locations
▪ 21,000 employees
▪ Founded in 1986
Consumer Experiences
▪ Brick and mortar
▪ E-commerce
▪ Financial partnership

4. Complex Environment
Footprint
▪ Traditional data centers
▪ Multiple cloud providers
▪ SaaS and internal web services
▪ Mobile and e-commerce environments
Compliance
▪ PCI DSS, SOX, etc.
Development
▪ Traditional development
▪ DevOps
▪ Internal & external global resources

5. Challenge
▪ Continuing to expand points of commerce and drive transformational innovation to
create the next evolution of the leased ownership sector
▪ Securing our core while also addressing the cyber risks within rapid business
development methodologies
▪ Report on Compliance Initiatives
▪ Minimal InfoSec staff within a team that primarily grew organically
▪ Unable to staff our InfoSec team 24x7x365
▪ Being a silent partner to the organization

6. Build SOC Capabilities Internally
▪ Toolset investments and ongoing maintenance
▪ Threat intelligence feeds
▪ Develop the staff with appropriate skills
▪ Year on year training
▪ Staff salaries
▪ Private facilities
▪ Staff 24x7x365

7. The Solution
▪ Work with an industry leader and who is focused on innovation, on the same
journey as our primary cloud service provider, AWS.
▪ Our solution uses AWS and Alert Logic products and services.
▪ Rent-A-Center began the journey with Alert Logic with our on-prem data center
locations.
▪ Incorporating Alert Logic via AWS Marketplace with a single pane of glass for
security.
▪ Alert Logic solutions included Alert Logic® Cloud Defender™ and Alert Logic® Active
Watch™

8. Alert Logic has analyzed 374 TB of our network traffic!
Detected 566,668 events
and identified 220 actions

9. Secret Sauce? People
▪ The Alert Logic Security Experts instantly matured the RAC InfoSec team.
▪ The collaboration that exists today is truly an extension of our team.
▪ Alert Logic helped drive the security journey for our CI/CD process within the
RAC DevOps team.
▪ Knowing that Alert Logic‘s people, processes, and technology are protecting
RAC 24/7, we are able to focus on other critical initiatives.

10. Stronger Cloud Security Posture
Customer Data
Platform, Applications, Identity & Access Management
Operating Systems, Network & Firewall Configuration
Client-side Data Encryption &
Data Integrity Authentication
Server-side Encryption (File
System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
AWS Global
Infrastructure
Compute Storage Database Networking
Regions
Availability Zones
Edge Locations
Rent-A-Center
& Alert Logic
Shared Responsibility for
security “in” the cloud
AWS
Shared Responsibility for
security “of” the cloud

11. Where is Rent-A-Center going next?
▪ Maintain our compliance posture.
▪ Expand points of commerce and drive transformational innovation
for Rent-A-Center in accordance with our strategic plans.
▪ Continue building out our automated, event-driven security
program.
▪ Continue maturing our DevOps and DevSecOps culture
▪ Keep the collaboration going with getting Alert Logic engaged in
innovation sessions regarding new development/delivery

12. Recommendations
▪ Organizations should look for a seamless security solutions provider that focuses
on the cloud as well as the journey to get there.
▪ Ensure the partner you choose has expertise on, in, and around the cloud with an
appetite to expand.
▪ Security and well as compliance maturity
▪ Actionable security best practices are the keys to success.

13. Thank you.