Tuesday, January 07, 2020

SambaSafety’s Mission to Reduce Risk Begins in its Own Datacenter Security Partnerships


Transcriptof a discussion on how a driver riskmanagement software provider protects their business customers from risk byprotecting their own IT assets and workers using Bitdefender.
Listen to the podcast. Find it on iTunes. Download thetranscript. Sponsor: Bitdefender

Dana Gardner:Welcome to the next edition of BriefingsDirect.I’m Dana Gardner,Principal Analyst at InterarborSolutions, your host and moderator.

Security and privacyprotection increasingly go hand in hand, especially in sensitive industries likefinance and public safety. For driver risk management software provider SambaSafety protecting their businesscustomers from risk is core to their mission -- and that begins with protectionof their own IT assets and workers.

Stay with us now as we learnhow SambaSafety adopted BitdefenderGravityZone Advanced Business Security and FullDisk Encryption to improve the end-to-end security of their operations andbusiness processes.

To share their story, pleasejoin me in welcoming RandyWhitten, Director of IT and Operations at SambaSafety in Albuquerque, NewMexico. Welcome, Randy.

Randy Whitten: Thankyou.

Gardner:Randy, you have a very interesting company. Tell us about SambaSafety, how bigit is, and your unique business approach.

Whitten:SambaSafety currently employs approximately 280 employees across the UnitedStates. We have four locations. Corporate headquarters is in Denver, Colorado. Albuquerque,New Mexico is another one of our locations. There’s Rancho Cordova just outsideof Sacramento, California, and Portland, Oregon is where our transportation divisionis.

We also have a variety andhandful of remote workers from coast to coast and from border to border.

Gardner: Andyou are all about making communities safer. Tell us how you do that.

Whitten: Wework with departmentsof motor vehicles (DMVs) across the United States, monitoring the driversfor companies. We put a partnership together with state governments, andthird-party information is provided to allow us to process reporting for criticaldriver information.

We seek to transform that datainto action to protect the businesses and our customers from driver andmobility risk. We work to incorporate top-of-the-line security software toensure that all of our data is protected while we are doing that.

Data-driven driver safety 

Gardner: So,it’s all about getting access to data, recognizing where risks might emergewith certain drivers, and then alerting those people who are looking to hirethose drivers to make sure that the right drivers are in the right positions.Is that correct?

Whitten: Thatis correct. Since 1998, SambaSafety has been the pioneer and leading providerof driver risk management software in North America. SambaSafety has led the chargeto protect businesses and improve driver safety, ultimately making communitiessafer on the road.

Our mission is to guide ourcustomers, including employers, fleet managers, and insurance providers to makethe right decisions at the right time by collecting, correlating and analyzing motorvehicle records (MVRs) and other data resources. We identify driver risk and enableour customers to modify their drivers’ behaviors, reduce the accidents, ensurecompliance, and assist with lowering the cost, ultimately improving the driverand the community safety once again.

Gardner: Isthis for a cross-section of different customers? You do this for public sectorand private sector? Who are the people that need this information most?

Whitten: We doit across both sectors, public and private. We do it across transportation. We doit across drivers such as Lyftdrivers, Uber drivers, and transportation drivers -- our delivery carriers,FedEx, UPS, etc. -- those types of customers.
These transportation drivers are delivering our commodities every day -- the food we consume, the clothes we wear, the parts that fix our vehicles, all what's essential to our everyday living.

Gardner: Thisis such an essential service, because so much of our economy is on four wheels,whether it’s a truck delivering goods and services, transportation directly forpeople, and public safety vehicles. A huge portion of our economy is behind thewheel, so I think this is a hugely important service you are providing.

Whitten:That’s a good point, Dana. Yes, it is very much. Transportation drivers aredelivering our commodities every day -- the food that we consume, the clothes thatwe wear, also the parts that fix our vehicles to drive, plus also just to be ableto get like those Christmas packages via UPS or FedEx -- the essentialitems to our everyday living.

Gardner: So,this is mission-critical on a macro scale. Now, you also are dealing, of course,with sensitive information. You have to protect the privacy. People areentitled to information that’s regulated, monitored, and provided accordingly.So you have to be across-the-board reducing risk, doing it the right way, andyou also have to make your own systems protected because you have that sensitiveinformation going back and forth. Security and privacy are probably among yourtopmost mission-critical requirements.

Securing the sectors everywhere

Whitten: Thatis correct. SambaSafety has a SOC 2 TypeII compliant certification. It actually is just the top layer of securitywe are using within our company, either for our endpoints or for our externalcustomers.

Gardner: Randy,you described your organization as distributed. You have multiple offices,remote workers, and you are dealing with sensitive private and public sector information.Tell us what your top line thinking, your philosophy, about security is andthen how you execute on that.

Whitten: Ourtop line essentially is to make sure that our endpoints are protected, that weare taking care of our employees internally to be able to set them up forsuccess, so they don’t have to worry about security. All of our laptops areencrypted. We have different types of levels of security within ourorganization, so that gives all of our employees a way to ease their comfort sothat they can concentrate on taking care of our end customer. 

Gardner:That’s right, security isn’t just a matter of being very aggressive, it alsomeans employee experience. You have to give your people the opportunity to gettheir work done without hindrance -- and the performance of their machine, ofcourse, is a big part of that.

Tell us about the pain points,what were the problems you were having in the past that led you into a newprovider when it comes to security software?
We were seeing threats get through the previous antivirus solution, and the cost of that solution was increasing month over month. Every time we'd add a new license it would seem like the price would jump.

Whitten: Someof the things that we have had to deal with within the IT department here atSambaSafety is when we see our tickets come in, it’s typically about memoryusage as applications were locking up the computers, where it took a lot ofresources to be able to launch the application.

We also were seeing threatsgetting through the previous antivirus solution, and then just the cost, thecost of that solution was increasing month over month. Every time we would add anew license it would seem like the price point would jump.

Gardner: Iimagine you weren’t seeing them as a partner as much as a hindrance.

Whitten: Yes,that is correct. It started to seem like it was a monthly call, then it turnedinto a weekly call to their support center just to be able to see if we could getadditional support and help from them. So that brought up, “Okay, what do we donext and what is our next solution going to look like?”

Gardner: Tellme about that process. What did you look at, and how did you make your choices?

Whitten: Wedid an overall scoping session and brought in three different antivirussolutions providers. It just so happens that they all measured up to be thenext vendor that we were going to work with. Bitdefender came out on top and itwas a solution that we could put into our cloud-hosted solution, it was alsosomething that we could work with on our endpoints and also to be able toensure that all of our employees are protected.

Gardner: So youare using GravityZone Advanced Business Security, Full Disk Encryption, and theCloudManagement Console, all from Bitdefender, is that correct?

Whitten: Thatis correct. The previous solution for our disk encryption is just aboutexhausted. Currently we have about 90 percent of our endpoints for diskencryption on Bitdefender now and we have had zero issues with it.

Gardner: Ihave to imagine you are not just protecting your endpoints, but you haveservers and networks, and other infrastructure to protect. What does thatconsist of and how has that been going?

Whitten: Thatis correct. We have approximately 280 employees, which equals 280 laptops to beprotected. We have a fair amount of additional hardware that has to beprotected. Those endpoints have to be secured. And then 30 percent ofadditional hardware, i.e. the Macs that are within our organization, are alsopart of that Bitdefender protection.

Gardner: Andeveryone knows, of course, that management of operations is essential formaking sure that nothing falls between the cracks -- and that includes patchmanagement, making sure that you see what’s going on with machines and gettingalerts as to what might be your vulnerability.

So tell us about themanagement, the Cloud Console, particularly as you are trying to do this acrossa hybrid environment with multiple sites?

See what’s secure to ensuresuccess 

Whitten: It’sbeen vital for the success of Bitdefender and their console that we can log onand we can see what’s happening. It has been very key to the success. I can’t saythat enough.

And it goes as far as informationgathering, dashboard, data analytics, network scanning, and the vulnerabilitymanagement - just being able to ensure our assets are protected has been key.

Also, we could watch thealerting that happens to ensure that the behavior is not changing from machineintelligence or machine learning (ML) so that our systems do not get infectedin any way.

Gardner: Andthe more administration and automation you get, the more you are able to devoteyour IT operations people to other assets, other functions. Have you been ableto recognize, not only an improvement in security, but perhaps an easing up onthe man hours and labor requirements?

Whitten: Sure.The first 60 days of our implementation I was able to improve return oninvestment (ROI) quickly. We were able to allow additional team resources tofocus on other tickets and also other items that came into our work scopewithin our department.
Bitdefender was already out there managing itself. It was doing what we paying for it to do. It was actually a really good choice for us. The partnership with them is very solid, we are very pleased with it, a win-win situation for both of our companies.

Bitdefender was already outthere, and it was managing itself, it was doing what we were paying for it todo -- and it was actually a really good choice for us. The partnership with themis very solid, we are very pleased with it, it is a win-win situation for both ofour companies.

Gardner: Randy,I have had people ask me, “Why do I need Full Disk Encryption? What does thatprovide for me? I am having a hard time deciding whether it’s the right thingfor our organization.”

What were your requirementsfor widespread encryption and why do you think that’s a good idea for otherorganizations?

Whitten: Themost common reason to have Full Disk Encryption is you are at the store,someone comes in, they break into your car, they steal your laptop bag or theysee your computer laying out, they take it. As the Director of IT and Operationsfor SambaSafety, my goal is to ensure that our assets are protected. So having FullDisk Encryption on board that laptop gives me a chance to sleep a little easierat night.

Gardner: Youare not worried about that data leaving the organization because you know it’sgot that encryption wrapper.

Whitten: Thatis correct. It’s protected all the way around.

Gardner: As westart to close out, let’s look to the future. What’s most important for yougoing forward? What would you like to see improve in terms of security,intelligence and being able to monitor your privacy and your securityrequirements?

Scope out security needs

Whitten: Thebig trend right now is to ensure that we are staying up to date and Bitdefenderis staying up to date on the latest intrusions so that our software is stayingcurrent and we are pushing that out to our machines.

Also just continue to be righton top of the security game. We have enjoyed our partnership with Bitdefenderto date and we can’t complain, and for sure it has been a win-win situation allthe way around.


Gardner: Anyadvice for folks that are out there, IT operators like yourself that aregrappling with increased requirements? More people are seeing complianceissues, audit issues, paperwork and bureaucracy. Any advice for them in termsof getting the best of all worlds, which is better security and betteroperations oversight management?

Whitten: Definitelyhave a good scope of what you are looking for, for your organization. Everyorganization is different. What tends to happen is that you go in looking for asolution and you don’t have all of the details that would meet the needs ofyour organization.

Secondly, get the buy-in fromyour leadership team. Pitch the case to ensure that you are doing the rightthing, that you are bringing the right vendor to the table, so that once thatsolution is implemented, then they can rest easy as well.

Every company executive acrossthe world right now that has any responsibility with data, definitely securityis at the top of their mind. Security is at the top of my mind every single day,protecting our customers, protecting our employees, maki