Fitness Industry Giant Nautilus Elevates Its Security Posture With Vormetric Encryption from Thales e-Security
Nautilus, Inc. has been a leading proponent of the worldwide fitness revolution delivering fitness solutions through its globally recognized brands that include: Bowflex®, Octane® Fitness, Nautilus®, Schwinn® and Universal®.
The Vancouver, Washington-based company has always been focused on the health and wellbeing of its customers and this dedication extends to protecting the digital assets of all its stakeholders. Jon Wagner, senior manager of infrastructure and security, clarified, “It has always been our policy to treat customers as we would want to be treated. This is why we have a passion to protect all data, irrespective of source, as if it were our own.
“Data integrity is of critical importance across the whole company – from my direct reports, to our IT leadership, to our executives, to our board members – the company is committed to security and data protection.”
In part due to its involvement in direct sales operations, Nautilus has to comply with the Payment Card Industry Data Security Standard (PCI DSS) mandates, and as holder of a wide variety of other data the company also adheres to the Personally Identifiable Information (PII) security requirements. Wagner stressed, “We knew that to meet and exceed compliance with the various regulations we needed a commercial-grade encryption solution. Dealing with a lot of credit card information and handling large volumes of both PII- and PCI-related data; protecting our financial servers became a key consideration in the selection process.”
Nautilus has adopted a centralized model to secure its business interests around the globe; leveraging a dedicated security team located at its Vancouver headquarters. Having discovered the administrative burden imposed by some encryption solutions, the proof of minimal overhead from a new encryption solution became another important evaluation criterion.
Nautilus engineers have been leading the development of innovative fitness equipment for decades and they are constantly generating a significant amount of intellectual property, any fragment of which would be a highly-prized trophy for a cyber criminal. “Protecting our archived intellectual property is a company-critical imperative for us: If it fell into the wrong hands it would have a significant negative impact on our ongoing operations,” Wagner cautioned. “And we’re designing new equipment all the time using engineering design systems, including CAD, so the ability to encrypt a diverse number of file types, in motion and at rest, also became essential requirements for us.”
Wagner described the selection process, “We did a lot of research and used analyst recommendations to influence our decision on selecting the optimal encryption solution. We were looking for a vendor that was well known in the industry and could meet or exceed our set of requirements. Having evaluated a lot pf proposals we then narrowed down our list of viable candidates; all of our analysis confirmed that Thales e-Security stood out as the clear leader.”
With the decision made to implement Thales’ Vormetric Data Security Manager, Wagner described another big plus, “Even though we run a lot of virtual servers, Thales’ host-based licensing scheme enabled us to really simplify the whole process.”
Wagner recalled, “The deployment was very uneventful. When we did need guidance, the Thales team was really first rate and totally transparent in everything it did. We originally planned for a five-day implementation period but were able to get everything configured, tested and rolled out in just two. The whole project was a very positive experience.”
He added, “Daily administration and key management have been very straightforward; they really have exceeded all of our expectations.
“All of our credit card and customer information is safely encrypted, positioning us to be in full compliance with the applicable PCI and PII rulings. Similarly for the rest of our data, if a threat actor were somehow able to gain access to any of the servers, they would only find unintelligible, meaningless files.”
Wagner noted, “Thales e-Security has enabled us to unify our encryption strategy across all of our locations, including our engineering and manufacturing facilities in the U.S. and overseas. This encompasses data in motion and at rest, such as our archived CAD files and other forms of intellectual property.”
As a long-time industry leader, Nautilus knows the benefit of partnering with a company that is not only at the head of its own field but one that is making the necessary investments to ensure that it retains its leadership. Wagner concluded, “The Vormetric solution is ideal for us today and we’re also excited about the company’s direction, and the advanced functionality that’s in the works.
“I’m really proud of how our whole company is so committed to security. Our partnership with Thales e-Security is another great example of how seriously we take this responsibility.”