Since 1990, Shelly Automotive Group has crafted world-class automotive retail experiences for customers seeking luxury vehicles in Southern California. The company operates a network of car dealerships that offer automotive services, specializing in renowned brands like Lexus™, BMW, Rolls-Royce™, Mercedes-Benz™, and Toyota™. With approximately 800 employees and partners accessing their systems and applications, the organization faced the critical task of building a robust security infrastructure to protect against cyber threats while also meeting compliance regulations.
Michael Price, Chief Technology Officer (CTO) at Shelly Automotive Group, has played a pivotal role in architecting that infrastructure. When Price joined Shelly Automotive in 2007, he came with a background as a Microsoft-certified systems engineer and a Cisco Certified Network Professional. He quickly became responsible for not only for company's entire IT infrastructure, but for securing it as well.
His hands-on approach allows him to navigate the complexities of the IT landscape and select best-in-class security solutions tailored to the company's industry-specific needs. “I’ve been fighting hackers my whole career, since the ‘90s,” says Price. “For me, security has always been important.”
A Call to Action—and Compliance
In response to the increasing prevalence and rising stakes of cyberattacks, strict security regulations emerged, including those imposed by cyber insurance providers, the California Consumer Privacy Act (CCPA), and the Federal Trade Commission (FTC), Shelly Automotive faced the critical task of fortifying their security infrastructure to ensure compliance with these regulations and to bolster their defenses against emerging threats.
Price recognizes the challenging environment they operate in. "It's just unfortunately the world we live in,” he says. “We're doing business in a war zone." Despite persistent threats, the organization's employees remain focused on doing their jobs, typically unaware of the potential risks lurking in the digital landscape. "They just want to do their job, but they don't even realize that we're under constant attack, or the potential of attack."
That’s where Price and his team come in. In response to the reality of operating in an always-connected world—as well as running a business that regularly processes large transactions—Price sought a robust and proactive security approach to protect sensitive customer data, ensure operational continuity, and achieve compliance. To meet those requirements," Price says, "I had to beef up our security structure with products to provide multi-factor authentication." Recognizing the critical role of multi-factor authentication (MFA) in thwarting unauthorized access attempts, Price sought a reliable solution that could protect against potential security breaches—without placing undue burden on the IT and security staff.
Choosing the Right Security Provider
When it came to selecting security solutions that would align with their security goals, Price approached the decision-making process with a discerning eye. After an extensive search, Price identified Cisco Duo and Cisco Umbrella as the ideal fit for Shelly Automotive. "I knew Cisco's a huge company and they would make a very reliable product," he says. Price also notes the need for a frictionless solution that would allow him and Shelly Automotive Group's employees to focus on their job without having to contact IT constantly or slog multiple time-consuming steps just to log on. Duo’s strong MFA, Price learned, would frustrate attackers rather than users, which aligned with the business's goal for a frictionless user experience.
Rolling Out With Users in Mind
To ensure a seamless, user-centric deployment, Price and the IT team opted for a gradual one-month rollout of Duo's authenticator mobile app, Duo Mobile. This approach allowed them to educate employees at different stores, supporting users hands-on, and minimizing disruptions to day-to-day operations. "It was a pretty simple rollout,” recalls Price. “It was very easy for me and my IT team." Price saw similar success with Cisco Umbrella, which the team deployed when it was still Open DNS. "It was the easiest rollout of any IT product I've ever had," Price says. "It was definitely a no-brainer."
Meeting Goals and Compliance
Duo's strong MFA added an essential layer of security, requiring employees to verify their identity through their mobile devices to help ensure that only authorized users could access critical systems and sensitive data. By implementing MFA, Shelly Automotive Group was able to demonstrate compliance with the FTC Safeguards Rule, which explicitly mandates MFA as a technical requirement.
Cisco Umbrella has also helped safeguard the auto group’s network and data for nearly a decade. Umbrella's DNS-layer security, which blocks malicious domains, IP addresses, and cloud applications before a connection is ever established, has proved its value daily. Enhanced with Cisco Talos advanced threat intelligence—supplied by the world’s largest non-governmental threat intelligence team—Umbrella has enabled Price’s team to block one out of every 25 website requests, effectively blocking potential security threats like malware, phishing, trojans, and other DNS-layer attacks. The scale of Umbrella's protection is vast, processing over 620 billion web requests and blocks more than 170 million malicious DNS queries every day. This extensive coverage fortifies Shelly Automotive’s defenses against a wide array of cyber threats, allowing the company to navigate the digital landscape with confidence.
Together, Duo and Umbrella have helped ensure the security and confidentiality of customer information, safeguard against threats that could put information at risk, and prevent unauthorized access to applications and data. "I feel comfortable with our security stack,” says Price, “because I know that I'm using the best products available for each job."
What once was a compliance requirement has, for Shelly Automotive Group, become a business imperative—creating a resilient and protected environment for employees, partners, and customers. The result? Everybody wins (except for attackers).
© 2023 Cisco and/or its affiliates. All rights reserved.