Rent-A-Center uses Alert Logic's cloud security solutions to secure its complex IT environment spanning traditional data centers, multiple cloud providers, and mobile/e-commerce platforms while maintaining compliance. As Rent-A-Center expands its points of commerce through rapid development methods, Alert Logic helps secure its core and address new cyber risks. The collaboration with Alert Logic's security experts has strengthened Rent-A-Center's security posture and allowed its small internal security team to focus on other initiatives rather than building its own security operations center. Rent-A-Center plans to continue maturing its security program and DevOps culture with Alert Logic's ongoing engagement.

1. Thank you.

2. Thank you.HOW RENT-A-CENTER STAYS SECURE AND
COMPLIANT ON AWS WITH ALERT LOGIC
MIKE SANTIMAW – VP OF INFORMATION
SECURITY, RENT-A-CENTER

3. About Rent-A-Center
Company Profile
▪ One of the largest rent-to-own retailors with
3000+ stores and 1200 partner locations
▪ 21,000 employees
▪ Founded in 1986
Consumer Experiences
▪ Brick and mortar
▪ E-commerce
▪ Financial partnership

4. Complex Environment
Footprint
▪ Traditional data centers
▪ Multiple cloud providers
▪ SaaS and internal web services
▪ Mobile and e-commerce environments
Compliance
▪ PCI DSS, SOX, etc.
Development
▪ Traditional development
▪ DevOps
▪ Internal & external global resources

5. Challenge
▪ Continuing to expand points of commerce and drive transformational innovation to
create the next evolution of the leased ownership sector
▪ Securing our core while also addressing the cyber risks within rapid business
development methodologies
▪ Report on Compliance Initiatives
▪ Minimal InfoSec staff within a team that primarily grew organically
▪ Unable to staff our InfoSec team 24x7x365
▪ Being a silent partner to the organization

6. Build SOC Capabilities Internally
▪ Toolset investments and ongoing maintenance
▪ Threat intelligence feeds
▪ Develop the staff with appropriate skills
▪ Year on year training
▪ Staff salaries
▪ Private facilities
▪ Staff 24x7x365

7. The Solution
▪ Work with an industry leader and who is focused on innovation, on the same
journey as our primary cloud service provider, AWS.
▪ Our solution uses AWS and Alert Logic products and services.
▪ Rent-A-Center began the journey with Alert Logic with our on-prem data center
locations.
▪ Incorporating Alert Logic via AWS Marketplace with a single pane of glass for
security.
▪ Alert Logic solutions included Alert Logic® Cloud Defender™ and Alert Logic® Active
Watch™

8. Alert Logic has analyzed 374 TB of our network traffic!
Detected 566,668 events
and identified 220 actions

9. Secret Sauce? People
▪ The Alert Logic Security Experts instantly matured the RAC InfoSec team.
▪ The collaboration that exists today is truly an extension of our team.
▪ Alert Logic helped drive the security journey for our CI/CD process within the
RAC DevOps team.
▪ Knowing that Alert Logic‘s people, processes, and technology are protecting
RAC 24/7, we are able to focus on other critical initiatives.

10. Stronger Cloud Security Posture
Customer Data
Platform, Applications, Identity & Access Management
Operating Systems, Network & Firewall Configuration
Client-side Data Encryption &
Data Integrity Authentication
Server-side Encryption (File
System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
AWS Global
Infrastructure
Compute Storage Database Networking
Regions
Availability Zones
Edge Locations
Rent-A-Center
& Alert Logic
Shared Responsibility for
security “in” the cloud
AWS
Shared Responsibility for
security “of” the cloud

11. Where is Rent-A-Center going next?
▪ Maintain our compliance posture.
▪ Expand points of commerce and drive transformational innovation
for Rent-A-Center in accordance with our strategic plans.
▪ Continue building out our automated, event-driven security
program.
▪ Continue maturing our DevOps and DevSecOps culture
▪ Keep the collaboration going with getting Alert Logic engaged in
innovation sessions regarding new development/delivery

12. Recommendations
▪ Organizations should look for a seamless security solutions provider that focuses
on the cloud as well as the journey to get there.
▪ Ensure the partner you choose has expertise on, in, and around the cloud with an
appetite to expand.
▪ Security and well as compliance maturity
▪ Actionable security best practices are the keys to success.

13. Thank you.