CARR Auto Group is a family-owned business that sells and services Chevrolet, Subaru, Buick and GMC vehicles. The company has several locations across Northwest Oregon and Southwest Washington and serves customers local to the Pacific Northwest and well beyond.
In October 2021, the Federal Trade Commission issued amendments to the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA), which requested auto dealerships to toughen up their information security, and mentioned automated patch management among the requirements. The regulator set a deadline of June 9, 2023, for car dealers to comply with the updated Safeguards Rule.
For Matt Lutjen, system administrator at CARR Auto Group, keeping all endpoints up to date with the latest security patches was proving difficult and time-consuming. As the only person responsible for everything from basic desktop support to server and network security, he was using WSUS for patching, which provided no way for him to ensure updates were deployed successfully nor to obtain visibility into endpoints. To meet the updated guidelines, he had to spend 15 hours per week outside of work to get all his PCs up-to-date. “I would deploy updates, and I would not even know if the computer was getting these updates; then, I tried to troubleshoot it. It was just a mess,” says Matt. “I believe WSUS left us open to security vulnerabilities at times for sure; the reporting feature was not great either.”
To mitigate security and non-compliance risks, Matt started looking for a replacement for WSUS.
The Action1 Solution
Matt was looking for something that would do the job quickly and give him visibility into his endpoints. He ruled out PDQ Deploy, because it lacked reporting features. He chose Action1 because he appreciated its patching functionality, which is very straightforward, allowing him to automate deployment for both OS and third-party updates – a functionality WSUS lacked, too. Moreover, Action1 seemed more feature-rich, providing him with valuable extra capabilities, such as reporting, scripting, and a built-in remote desktop.
Reduced security risks and continuous patch compliance. Action1 provides Matt with complete visibility into the patching status across his remote and in-office endpoints, enabling him to develop intelligent policies for OS and third-party updates to automatically remediate security vulnerabilities as required by the updated Safeguards Rule. “Otherwise, when these guidelines are enforced, and if something should happen because of an unpatched vulnerability, we can be fined up to $46,517 per violation,” says Matt.
One more Action1 feature that CARR Auto Group uses to ensure GLBA compliance is reporting. Matt appreciates that reports help him document all key events across his endpoints and collect audit trail. “If something does happen, reports will help us piece together the whole picture and investigate the root cause,” explains Matt. “That’s why I can check off a couple of boxes with Action1.”
As a result, Action1 helped Matt establish cyber security practices in line with the FFIEC guidelines for GLBA compliance.
“Thanks to Action1, I am able to check off a couple of boxes on a GLBA compliance list. First, it helps us remediate security vulnerabilities in a timely manner, while saving us 15 hours per week on patch management. Second, it includes reporting functionality, which the Safeguards Rule also requires.
Matt Lutjen, system administrator at CARR Auto Group
Significant time savings. With WSUS, Matt had to confirm if each update he attempted was successful by physically going to each of his 200+ computers. He logged into three or four computers at night just to ensure they were updated. Action1 eliminates this tedious manual process, saving him 15 hours per week on patch management. “Action1 has become a no-brainer to me,” says Matt. “I spend 5 minutes a day on it, and that’s it.”
Full control over endpoints. Matt appreciates that Action1 provides him with a bunch of functionalities he did not expect to get. First, he enjoys the ability to run scripts from the cloud – for example, he can now remotely wipe data on a lost or stolen device through Action1’s script library. Second, Matt can now automate the deployment of applications through Action1’s AppStore. And finally, he can provide remote workers with IT support through the built-in remote desktop. “The tool we used before for remote desktop was internal; being able to access users’ desktops through the cloud remotely is very valuable,” adds Matt.