Garb-Ko, Inc. case study

Background

Garb-Ko, Inc. franchises and operates more than 90 7-Eleven convenience stores in Indiana, Michigan, and Ohio. Like other retailers, the company is subject to the Payment Card Industry (PCI) Security Standard for protecting consumer data. But Garb-Ko faced an especially difficult set of constraints in meeting the requirements. Stores spread across a broad geographic area made hands-on systems management difficult. A two-person IT staff handled the responsibilities for all stores and the corporate offices. And the IT budget was exactly what one would expect in an industry that operates with razor-thin profit margins.

Garb-Ko needed extremely robust, highly manageable security at an affordable price. Only one security company delivered on all counts: WatchGuard®.

The Challenge

Garb-Ko desperately needed to replace an aging dial-up system that connected its stores. According to Jason Lee, System Administrator, "You can imagine, on dial-up, half the time it wouldn't work. It could be anything: the wiring, the weather outside... we were always having problems. If a computer went down, you lost everything. We were having to travel to stores 100 miles away and make six-hour trips, just to fix little things like the time on a computer."

The search was on for a high-availability VPN solution that could network the stores and enforce PCI-compliant security for card transactions. Lee also wanted to offer customers the convenience of a wireless public hotspot if possible. But finding such a solution on his budget proved a challenge. "At first, I went to a consultant and he recommended a Cisco appliance," he says. "It was their cheapest device, and it couldn't do public wireless and the VPN at the same time. On top of that, Cisco couldn't get their device to work with our firewall at headquarters. Their solution was to turn our firewall off, and I just flat-out told them no. Their next recommendation was a box that cost over $1000 each, and with our small margins, there was just no way.

"Then Sonicwall came into play. I told them what my budget was for our stores, and they came back with a price that was $8000 over. They sent me a unit to try, but I didn't even take it out of the box. If the pricing wasn't right, what would be the point of configuring it? I sent it back."

The Watchguard® Solution

Lee and Jeremy Waldron, Vendor Manager in charge of Garb-Ko's network restructuring and certified VASC tech, examined the specifications for every device that might be a possible fit. He came across the WatchGuard X10e-W. "I called my account rep and he overnighted one," recalls Lee. "It got here the next morning, and the WatchGuard field engineer was on the phone within two hours. Not even 24 hours after I ordered, we had a device configured and installed at a store location, with everything enabled and no worries about compliance. I was very impressed." Based on that experience, Lee placed the order for additional WatchGuard units and launched a rollout to all of Garb-Ko's stores.

Benefits

As the rollout proceeded, Lee and Waldron found that the WatchGuard units delivered all the advantages he was looking for - and a few others besides. He declares, "The more we find out about the WatchGuard appliance - well, it's just an amazing device."

PCI Compliance - and Beyond

Garb-Ko handles not only credit cards, but also transactions involving phone cards, Electronic Benefits Transfer cards issued by the Michigan Department of Human Services, and money orders. "I want to prevent even the slightest indication that we could have a breach here," says Lee, "so pretty much everything that impacts the business is running through the WatchGuard device."

Garb-Ko was able to use their legacy POS terminals by using simple converters supplied by their credit-card processor. These translate serial-based connections to TCP/IP over Ethernet. And, Lee explains, "It also adds a layer of encryption that's transmitted over the WatchGuard and processed through the VPN tunnel. That gives us another layer of security."

Public Access and Private Networking

While offering public Wi-Fi was one of the company's aims, it couldn't compromise the security of the VPN. The WatchGuard solution is able to isolate the wireless users and give them a straight connection to the Internet, while the POS terminals and store computers route through the VPN tunnel. "The credit card traffic's not sent across the wireless at all. That solves the compliance issue," declares Lee. "Some of the other devices had that capability, but not the ones in our price range. We would have had to pay a lot more for it. That was the icing on the cake for us."

Short-Term Savings, Long-Term Leadership

"Having the WatchGuard appliances installed has already saved us a ton of money," Lee says. "The stores are now basically branch offices, and their computers are attached to our domain and protected by group policies for patches and updates. I make a change in group policy, press Enter, and that's it. And as we're rolling this project out, we're also putting the stores on our backup system. When a computer fails, I pull one out of a box here and ship it to the store. They plug it in and their image just downloads.

"But the future is what we're really excited about. We have the opportunity to push forward, and maybe even become a technology leader in the C-store industry. We could control prices and inventories here in our office. If a store has a problem with its paperwork, accounting could press two buttons, get into a store online and train them. That would cut down on hotels, travel and training costs. There are a lot of things we can impact. We're setting our systems up for long-term growth, and with the WatchGuard security solutions in place, we're definitely ready for it."

For a Small IT Staff, the Ability to Manage It All

Lee counts up the challenges: "You have to imagine... 91 stores, 35 laptops, over 200 computers and network servers. And two people to manage it all. That's a little rough." Before moving to the WatchGuard devices, Lee and his partner had put in several 90-hour weeks. Which is why he appreciates the responsive support he gets. "It seems like WatchGuard's standard procedure is, take care of the customer. That's one thing I liked right away. I've heard nothing but, 'Yeah, we can do this, we can do that.' You can't find a better company, in my experience. I have their sales engineer on speed dial. But I also know if I call anybody at WatchGuard, whatever I need, it's going to get done."

« Return to top »