Evolving security for a dynamic business environment
Headquartered in Cincinnati, Ohio, Cintas serves more than 1 million businesses in several industries across North America with innovative solutions and routine service visits. Cintas has a unique entrepreneurial business model—with almost 500 locations and over 14,000 delivery vehicles on the road—that creates a highly distributed security environment.
Cintas helps its customers get "ready for the workday" by offering products and services, including uniforms, floor care, restroom supplies, first aid and safety products, fire extinguishers, and testing and safety compliance training. "There should always be a balance between too many security controls and restrictions versus too little security vigilance," remarks Jacob Lorz, vice president and chief information security officer at Cintas. Lorz leads Cintas' security program by aligning security initiatives around business goals.
In evolving the security program, Lorz strives to keep the security strategy, goals, and objectives simple and aligned with industry standards. "For example, we align with the National Institute of Standards and Technology (NIST) cybersecurity framework and follow the Center for Internet Security (CIS) 18 Critical Security Controls. We measure ourselves against those industry standards and others, including the MITRE [Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)] framework," Lorz adds.
Cintas' mobile fleets with onboard equipment and personnel present unique security challenges. Lorz explains, "While servicing our customers, we must protect the onboard technology and data that rides along with our service trucks."
"Our service personnel carry personal route computers (PRCs) that store customer data. As an organization, we must protect not only the intellectual property associated with the data, but also its confidentiality. The risks to our data compound over time with different threats," Lorz adds.
Cintas needs visibility into its network traffic with the many third-party technologies used at its sites. "Besides provisioning our systems, workstations, or servers, we have a lot of vendor technology at our sites and distribution centers at our plant facilities. We need visibility on the traffic," comments Lorz.
Lorz's team invests in security solutions that can reduce cyber risk to information systems at an enterprise level without getting locked to a particular domain or vendor. Lorz comments, "Many companies try to bring together best-of-breed security solutions. This can lead to deploying different solutions that might work well in silos but do not interoperate with other vendor solutions."
Cintas trusted Cisco security solutions to protect its data and infrastructure at multiple layers, and the solutions easily integrate and interoperate with Cisco and non-Cisco vendor solutions. Lorz said that the interoperability capabilities of Cisco security allowed Cintas to "not only maintain our existing investment with Cisco but also enhance our deployments by leveraging additional Cisco security capabilities."
Implementing integrated and layered security
With the Cisco security portfolio, Cintas achieved visibility and the ability to block threats at multiple levels.
Cintas implemented Cisco Umbrella cloud-delivered security to protect its systems from any outbound requests to malicious destinations. "Our investment in Cisco Umbrella began with our interest in its Secure Web Gateway proxy component," Lorz remarks. "Umbrella helps to block connections to malicious or suspicious sites before the connection is fully created or even initially established."
Implementing Umbrella's secure web gateway (SWG) proxy and security functions at the Domain Name System (DNS) layer allows Cintas to protect its resources from malicious websites while giving greater visibility to the security team. "We wanted the ability to block threats at multiple layers, and Umbrella helped with that," Lorz continues. "Umbrella is part of our layered security approach since it works with any port or protocol and complements our deployment of Cisco Secure Firewall technology."
Umbrella's cloud access security broker (CASB) functionality also helps Cintas uncover and identify cloud SaaS applications provisioned outside of IT control. "Umbrella allows us to monitor these applications, identify the risky ones based on a risk score, and then block access to the applications that present a security risk to our organization," says Lorz.
Lorz explains that as Cintas transitions from using air-gapped legacy vehicles to internet-connected vehicles, "We're using Umbrella to inspect the traffic from the mobile vehicle and Cisco AnyConnect to secure the connectivity."