Fairplay Finer Foods takes pride in its multi-location, community-based operation in the greater Chicago area. Since its initial store opening back in 1975, the independent grocery retailer has steadily progressed in its mission to provide “quality foods at an affordable price along with exceptional customer service.”
Remaining a Chicagoland staple over the past 40 years has involved careful management of the company’s resources and operations. In 1993, Fairplay contracted with KCS Computer Technology, Inc., also a Chicago-based company, to establish a corporate IT network that could be managed both efficiently and cost-effectively across its chain of stores. And in 2014, Fairplay and KCS selected ControlScan as a Managed Security Service Provider, thereby leveraging best-of-breed technologies and unique expertise for unified security and compliance.
Like many grocery chains, Fairplay started out with a single store and added locations over the years. While each new store’s founding represented traction for the Fairplay business model and philosophy, it also introduced additional IT needs and information security risks. This issue presents a significant challenge for IT firms, because effectively identifying and mitigating every point of vulnerability (PoV)—especially in a chain store setting—requires the time and expertise of a security specialist.
“As Fairplay’s IT service provider, our primary role is to set up, manage and maintain their network systems and processes,” said Jason Kollar, lead network consultant for KCS. “Our expertise lies in maximizing efficiency and eliminating waste; therefore, we felt we needed to partner with a firm that’s focused on information security management.”
Retailers accepting credit cards and other forms of electronic payment are also required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS introduces an additional layer of complexity in managing the systems and processes that handle cardholder data; however, when fully and accurately implemented, the 12 requirements of the PCI DSS work together to bolster businesses’ defenses against internal and external information security threats.
Understanding the need for additional resources to properly address the security risks and compliance requirements chain stores face, Fairplay and KCS joined forces to identify a suitable solution.
KCS reached out to its IT industry connections for recommendations on how best to tackle the security resource and expertise dilemma it had with its client Fairplay.
“ControlScan’s name came up more than once,” said Kollar. “It was clear the company had a reputation for its security and compliance expertise as well as its ability to collaborate with IT people like myself.”
ControlScan presented KCS and Fairplay with a simple pricing model for a Managed Security Services (MSS) partnership, whereby ControlScan serves as an extension of KCS to deliver cloud-based security technologies and related support services:
Along with its MSS proposal, ControlScan suggested that Fairplay undergo a PCI Gap Analysis to compare current security controls with those required by the PCI DSS. Any "gaps" ControlScan discovered would then be converted into a detailed set of recommendations and options for remediating gaps, reducing PCI scope and, ultimately, achieving PCI compliance.
“It was easy to put our trust in ControlScan,” said Mike Kozlowski, vice president and partner at Fairplay, Inc. “They started the
discussion according to our technical level [at that time] and then outlined exactly how they would take us from there to where we really needed to be.”
ControlScan began by installing next-generation firewall appliances to protect each of Fairplay’s locations. Installation was completed overnight—in a single night—to minimize business disruption. And, because proper firewall installation and configuration are essential, a ControlScan technician was present every step of the way.
KCS and Fairplay quickly followed up with a PCI Gap Analysis. Walking through the assessment alongside one of ControlScan’s PCI-qualified Security Assessors, Kollar was able to get a clear picture and explanation of Fairplay’s PCI gaps as they were discovered.
With an expert’s recommendations in hand, Kollar had everything he needed to put Fairplay on a fast track to full compliance. And, to make sure no stone was left unturned, ControlScan dedicated the time and resources necessary to customize all of Fairplay’s IT and security policies.
“Throughout the entire implementation process and even now, I am able to pick up the phone and immediately receive support from ControlScan,” said Kollar. “What’s especially impactful is that I can talk with the same person every time—meaning they know me, my setup and what I’ve done previously—so I don’t have to waste time giving in-depth explanations of the situation.”
Taking a unified approach to data security and compliance, ControlScan guided the Fairplay Finer Foods chain to a stronger security posture. ControlScan’s Managed Security Services have allowed Fairplay to cost-effectively sustain a state of security that protects their business and the customers they serve. In addition, ControlScan’s in-depth knowledge of how secure technologies and processes work together to meet PCI DSS requirements reduces time and costs associated with maintaining continuous compliance.
More specifically, the MSS partnership with ControlScan brings Fairplay these benefits:
“The folks at ControlScan really are my go-to guys for the expertise and technologies that keep Fairplay out of harm’s way,” said Kollar.
“ControlScan’s Managed Security Services program was absolutely the right way to go for our organization,” said Kozlowski. “Their symbiotic relationship with KCS creates a seamless security, compliance and IT deliverable that allows us to focus on other areas of the Fairplay business.”