OVERVIEW

With more than 50 years in the automotive market and dozens of dealerships spread across the country, the Saga Group represents 22 automakers, with its target audience being both end consumers, as well as fleets and tenders.

Founded by entrepreneurs from the State of Goiás, the group has a gross revenue of BRL $8 billion. It also operates in the shopping center segment through Saga Malls, which represents seven projects located in the Brazilian Midwest region, totaling around 400 thousand square meters of gross leasable area. In 2021, the Saga Group appeared in the “Valor 1000 Yearbook” as the 150th largest company in Brazil.

CHALLENGES

To become a leader in the market, the Saga Group adopted a strategy that involved a portfolio of brands. It restructured the company to reduce costs in order to gain scale, maintain satisfied employees, and diversity its business.

Part of the company’s strategy to deal with the dynamic automobile segment was to invest in a digital transformation that would bring agility and technological readiness to respond to market changes, and enable it to innovate.

Starting in 2016, the Saga Group began investing heavily in migrating its systems to the cloud. Along with this shift came the concern about the growth of cyber attacks and the need to have a security platform that protected digital assets, detecting threats with speed and efficiency.

WHY TREND

One of the biggest concerns was having visibility of the attack surface and keeping the cloud functional, with a comprehensive view of the environment. The security posture management tool Saga chose was Attack Surface Risk Management. “We needed to consolidate our tools into a platform that was scalable and protect our virtual and cloud environments. It also needed to be easy to deploy and use on a daily basis,” highlighted Gabriel Giannotti, head of infrastructure at the Saga Group.

Workload Security was also implemented to ensure flexibility and optimization, and avoid any interruptions to the company’s activities. “We chose Trend because we wanted a broad and robust solution, but with a simple and intuitive dashboard, to understand our weaknesses in adherence to the GDPL,” added Giannotti, referring to the General Data Protection Law, which came into effect in September 2020.

SOLUTION

Since beginning its migration journey to the cloud, the Saga Group has relied on consultancy from IPSense, a company specialized in cloud computing management and monitoring.

Orchestrating AWS resources through AWS Control Tower, IPSense developed a cloud strategy with the aim of improving the governance, security level and tangibility of all available resources, thus increasing the maturity of the Saga Group’s infrastructure.

From there, a landing zone was created and integrated into ASRM for Cloud, covering aspects of governance, connectivity, compliance, scalability, and security. The configuration provided automation, monitoring, and management capabilities for security policies. It is worth highlighting that all hiring was carried out via the marketplace, without any bureaucracy, with just a few clicks.

According to Giannotti, an important factor in choosing the Trend solution—in addition to its ease of use—was the centralized management from a single control panel, which shows the evolution of compliance on a day-to-day basis. “The [ASRM for Cloud] report provides me with one snapshot a day and this helps me sell my work. I can show the CEO what we have already accomplished and where we still need to work to move forward,” he explained.

Gianotti also highlighted his trust of IPSense’s team, which works daily in close collaboration with his IT personnel, “Choosing a partner with strong leverage is essential for our business. IPSense is committed to providing us with the latest technology, as fast as possible, and that is why we believe in the internal development of our solutions. We approach the market rather aggressively, and for that we must have access to the most innovative and disruptive tools available.”

RESULTS

The Saga Group has noted an increase in the quality of threat detection and responses since adding the ASRM for Cloud implementation. Shortly after installing workload security in its environment, the Group identified a latent threat that could have caused serious issues.

“Without visibility into the environment to analyze threats, the company would work in the dark and be exposed, putting its operations and reputation at risk. With [Trend], it is possible to detect failures and clearly see vulnerabilities and areas that can be improved in the cloud,” explains Head of Sales, Trend Micro Brazil, Rodrigo Garcia. “The support and strategy developed by IPSense were fundamental to Saga Group’s digital transformation process, presenting global cybersecurity trends and helping the company reduce risks, without losing operational efficiency,” he added.

ASRM for Cloud tools and reports have significantly simplified the company’s compliance work, as the platform not only identifies violations of adopted security and operational excellence frameworks, but also immediately recommends suitable remediation.

“Our roadmap has a strong focus on security. With the growth of data hijacking attacks, the GDPL sanction, and now account hijacking, we were extremely worried. Now we are 100% sure that we have greatly reduced our exposure to all of those risks,” concluded Gabriel Giannotti.