ACV Auctions
- Security exposures across a sprawling cloud environment
- New apps gathering sensitive customer data, requiring data security and privacy
- Monitor and manage the data landscape and security controls to protect the business
- Hardened data security posture across their AWS cloud
- Gained full visibility and deep data context enables ACV to ensure data security and privacy
- Delivered continuous insight into sensitive data, with actionable guidance to remediate exposures
Company
ACV, NASDAQ: ACVA, is a technology and data company specializing in the buying, selling, and management of used vehicle inventory. Its flagship product offering is ACV Auctions which provides a leading digital marketplace for wholesale vehicle transactions and data services. The company enables dealers and commercial partners to buy, sell, and value vehicles confidently and efficiently. Cyera enabled ACV to quickly gain a full picture of their cloud data landscape, improve their security posture, and optimize their cloud costs.
Challenges
ACV is bringing new trust and transparency to the wholesale automotive industry, by empowering dealers and commercial partners with data insights and technology innovations. As part of this mission, the company collects and stores data regarding dealers and their transactions in the Amazon Web Services (AWS) cloud. This data is important to ACV’s business, and ACV takes its responsibility for safeguarding the data seriously. As ACV expands its business and market share, the amount of data information they manage will continue to increase.
Trust and transparency are part of ACV Auctions’ mission, which makes it imperative for the security team to track the different types of data stored in cloud environments as well as always understanding where that data is located. Cloud environments change rapidly, and the amount of data generated and collected continues to rise, increasing the challenges for ACV to manage and secure that data. ACV’s security team faces additional challenges in ensuring the data is protected by appropriate security controls. The security team is always striving to improve its security posture, prioritize issues based on the impact of data risk, and get actionable information to quickly remediate issues relating to data.
Solution
That’s why ACV chose Cyera’s cloud data security platform to perform a data risk assessment on the ACV Auctions environment to help establish a baseline and ensure that the security team was well-positioned to respond to any incidents in their large and expanding cloud environment.
Cyera helped to ensure ACV’s security team:
- Understood the security posture of data across their cloud environments
- Were able to identify and monitor changes to the data landscape
- Received actionable guidance to implement security controls to protect the business
Cyera worked collaboratively with the company’s security team to maximize ACV’s security posture and controls without impacting ongoing business operations. The risk assessment enabled ACV to quickly evaluate its current security posture and understand the controls that needed to be implemented. And, ACV Auctions also needed continuous visibility of any new data stores or data across datastores and clouds to understand, manage, and secure their ever-changing cloud data landscape.
ACV Auctions provides a leading digital marketplace for wholesale vehicle transactions and data services. The company enables dealers and commercial partners to buy, sell, and value vehicles confidently and efficiently. Cyera enabled ACV Auctions to quickly gain a full picture of their cloud data landscape, improve their security posture, and optimize their cloud costs.
Results
Improve security posture
Cyera’s rapid identification of publicly accessible records and the encryption state of data assists in ACV’s efforts to dramatically improve the overall security posture. Today, the company uses Cyera to identify all cloud data stores, classify the data inside of each store, and show the identities with access to that data. Along with the principles of zero trust architectures and least privileged access, ACV continuously strives to limit data access to applications and accounts based on a well-defined business purpose for accessing data.
Increase context to improve vulnerability management
ACV’s Security team leverages Cyera's Data Insights API to enrich their Vulnerability Management Pipeline and Incident Response capabilities. Cyera issues, classifications, and context are aggregated and correlated in a central vulnerability management system. These help to establish the risk, severity, and priority of a signal or issue or asset by providing data context on the blast radius and potential business impact. Relevant teams and stakeholders can then make intelligent business decisions and resolutions depending on the situation at hand. Additionally, the Threat Detection and Response Team can leverage the Cyera signals to gauge the potential exposure from a threat signal detected by the SEIM.
Minimize data and optimize costs
The principle of data minimization means the objective is to limit the collection of information to what is directly relevant and necessary to accomplish a specific purpose.
Data stores that no longer exist can comprise up to 30% of cloud storage volume. 56% of those data stores contain sensitive data.
Data minimization is also a critical aspect of cloud cost optimization. Because cloud resource consumption dictates price, reducing overconsumption and unnecessary storage costs helps ACV Auctions contain cloud costs. Cyera’s platform helps ACV Auctions discover, understand, and remediate overconsumption from:
- Stale data - by identifying the overall volume and number of sensitive records in sensitive data stores, helping data owners minimize the storage of data that is no longer in use, optimizing costs
- Ghost data - by identifying the compliance and security risks ghost data represents and eliminating snapshots of data stores that no longer exist
- Copy data - by identifying copies of backup data and eliminating it safely
ACV relies on Cyera to understand its cloud data, assist in meeting requirements, and manage cloud costs. "When we implemented Cyera, we got a full picture of our cloud data landscape. Cyera showed us that we had a lot of ghost data that was not being accessed or used. Eliminating all of it would save us over $50,000 per year in cloud storage costs," said Erik Bataller, VP of Information Security at ACV. “Cyera also helps me show our executive team and other business stakeholders how we are managing, governing, and securing our data, and how we are keeping it private.” As cloud use increases and cloud data continues to proliferate, it is more important than ever for ACV to identify, protect, and eliminate data when appropriate to control costs and increase overall security.