Skip to content
Close
SEARCH
Talk with Us
Talk with Us
Our Approach
Consulting Services
Cloud Security and Compliance
Cloud Adoption and Modernization
Cloud Capabilities and Engineering
All Partners
AWS
Google Cloud
Microsoft Azure
Schellman
News
Blog
Video Library
White Papers
Events
Open Source Projects
About Us
Who We Are
Our Clients
Our Team
Our Jobs
Contact Us
Zoro x ScaleSec Client Story

Zoro

Zoro NIST CSF Assessment & Roadmap
INDUSTRY
Retail
USE CASE
AWS NIST Cybersecurity Framework (CSF) Launch
LOCATION
Buffalo Grove, IL
WEBSITE
zoro.com

Zoro logo

PLATFORM

AWS

Zoro is a wholesale maintenance, repair and operations (MRO) distributor that markets exclusively to small and medium-sized business customers. The company has a simple mission: make it easy for customers to find, buy, and get everything they need. Zoro sells over 12,000,000 product SKUs from thousands of trusted brands, including tools, industrial equipment, business supplies, and more. It is recognized for carrying the hard-to-find MRO products, tools, and equipment customers need to support their facility, warehouse, or any other type of business.

Services Provided

ScaleSec provided security advisory services to Zoro regarding adopting and implementing NIST CSF. These services included documenting the current security controls within AWS and assigning a CSF profile tier. ScaleSec worked with Zoro to determine a target CSF profile tier and created recommendations to achieve the target tier.

ScaleSec is assisting Zoro in implementing these recommendations, including increasing logging and monitoring, hardening, encryption, IAM, and other security controls.

Engagement Outcomes

  • Zoro now has a full NIST CSF profile documented
  • Zoro has a roadmap to increase its NIST CSF scores to reduce risk
  • ScaleSec assisted Zoro with implementing many improved controls

 

NIST CSF five pillars


Background

Zoro approached ScaleSec for assistance with its internal governance framework. They decided to use NIST Cybersecurity Framework (CSF) as their primary framework. This is a great framework for companies to start with as it is easily mapped back to other frameworks, such as NIST 800-53, PCI DSS, ISO 27001, and SOC 2. ScaleSec has expertise with NIST CSF and worked with Zoro to help plan the implementation of controls to advance its CSF profile.

One Team of Subject Matter Experts to Advise and Remediate (Project Approach)

ScaleSec reviewed the information security posture of their entire AWS deployment, including computing, networking, storage, identity, and disaster recovery. The posture was mapped to NIST CSF controls, and recommendations for improving each were documented.

ScaleSec performed remediation work or guided the following AWS technologies:

  • AWS EC2
    • Hardening, Patching, and File Integrity Monitoring
  • AWS Marketplace
    • AMIs
  • AWS VPC
    • Security Groups and Access Controls
  • AWS IAM
    • SSO integration, Users and Roles
  • AWS RDS
    • Encryption and Disaster Recovery
  • AWS S3
    • Encryption and Access Control

 

The Value of a Trusted Partner and Ongoing Relationship

Working with the right partner is essential to the success of any NIST CSF implementation. Donna Mains, Senior Director of Technology Operations at Zoro, said ScaleSec was a great choice. ScaleSec and Zoro have collaborated on multiple cloud security and compliance initiatives for over a year.

“Our Zoro team absolutely loves working with ScaleSec and considers them one of our favorite vendors. They continuously add value and understand our business.”
Zoro
Donna MainsSenior Director of Technology Operations, Zoro

Results

Zoro has adopted the NIST CSF governance framework and is on a path to increase its current profile to a tier that meets its desired risk profile. Completing each recommendation will increase security risk mitigation as Zoro furthers its security-first approach to information technology.

An Ongoing Partnership is Solidified

ScaleSec brought a solid team of cloud security and project management specialists. They involved us enough to keep us on schedule with security efforts and daily work. We always knew where we were in the process, what was needed from us to keep progressing, and our expectations of when each task would be completed. We have found a true and ongoing partnership in security and compliance with ScaleSec.

– Donna Mains, Senior Director of Technology Operations, Zoro

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.
Connect