Introduction
ACV Auctions is out to “fundamentally change the wholesale automotive industry by providing a level of trust and transparency that was once unimaginable.” Becoming the industry’s premier wholesale automobile auction site requires rapid innovation and software development lifecycles (SDLC) with continuous integration/continuous delivery (CI/CD) pipelines. The ACV information security team is tasked with protecting the software factory that drives their business, and they use Legit Security to help create and maintain a secure and sustainable process for developing new and innovative software.
Challenge
ACV Auctions was struggling to analyze, secure, and track changes across each stage of the SDLC. They needed an inventory of the SDLC systems and infrastructure in place, a deep awareness of operational security controls, an understanding of which regulatory requirements are being adhered to, and which may be drifting out of compliance.
ACV Auctions Needed
- Observability into their SDLC and CI/CD processes
- Relevant context to prioritize AppSec activities
- Visibility into security controls and compliance drift
- Automation of repetitive, lower-skill work
The Legit Solution
ACV Auctions selected Legit Security after a platform evaluation demonstrated their requirements for observability and security of their SDLC pipelines, systems and infrastructure along with real-time auditing and monitoring. Legit was able to immediately provide a range of capabilities that delivered what the ASM team needed—at a fraction of the cost that adding staff would have required.
Solution Requirements
- Integration with ACV Auctions’ existing tech stack
- Easy implementation and operation
- Continuous evaluation of application security posture
- Auditing for policy violations and compliance drift
- Automated communication and remediation
