CAA Club Group

Industry: Insurance

Region: ON, Canada

Canada's most trusted brand strengthens data security

The CAA Club Group of Companies is comprised of two automobile clubs providing roadside assistance, travel, insurance services, and Member savings for over 2.2 million members.


Named the most trusted brand in Canada in 2021 by the Gustavson Brand Trust Index, CAA is serious about maintaining hard-earned customer trust. Driven both by fierce customer loyalty, as well as auditing and compliance requirements that govern the industries in which they operate, for CAA, having a strong data governance program is non-negotiable.

The ongoing process of discovering, classifying and categorizing the sensitive data entrusted to them by their members is essential to maintaining compliance. CAA’s information security team routinely scans data and maintains a complete and up-to-date inventory of sensitive data within the organization.

Additionally, in order to meet PCI compliance requirements, CAA enforces strict policies, including one that governs where personal information can be stored. While they had an existing tool in place to help meet compliance needs, maintaining it was labor and time-intensive.

With more employees working remotely, security scans needed to occur at lightning speed. “We have a limited time window when people are connected to the network,” says George.

“It was a lot easier when people were working on desktops and working from the office because we could scan on a 24/7 basis. Now, we need to be able to scan the majority of local drives within eight hours.”

“We needed a more nimble solution. Our existing tool required three servers to run. It had tremendous licensing costs associated with it, both for the software and the maintenance of the database. Additionally, there was a labor cost because it required multiple teams to administer the database.”

George and his team began looking for alternatives.


After careful consideration of the tools available on the market, George and his team chose Qostodian Recon.

“After running tests, we found we were able to get the answers we needed 10 to 50x faster, with less overhead, infrastructure, and maintenance activity required.”

More than just a faster scan, the installation and setup of Qostodian Recon were also easy. In fact, George was able to do the installation himself. It was as easy as installing a productivity app. I simply pointed it at the location that I wanted, and hit the scan button,” states George.

George and his team have also benefited from the cost savings of no longer needing to maintain major infrastructure. Unlike alternative products, Recon’s lightweight, modern technology does not require a costly setup to work. “Going from a very, very complex environment with web servers, database servers, and application servers to Recon was night and day.”

“With the other tools, it took us three months to set up the environment. If you’re paying a certain amount and you’re losing a quarter of that time on setup, you’ve lost a quarter of your investment.”

Using Recon’s reports, George’s team was able to contact individual managers and provide direction. “Recon simplifies my complex role by allowing me to use a tool that works with a lot of agents. The user interface is very well laid-out, and finding information is easy. The dashboard helps us quickly decide where to focus our time and attention.”


For George, the speed at which Recon delivers answers matters. Now, he receives results within a day, and can remediate problems quickly.

“My biggest concern is being able to identify risk as quickly as possible. Receiving answers quicker gives me the ability to prioritize and triage faster, and get to the real security issues.”

With less time and resources going towards maintenance, George and his team have increased productivity.

In addition to the ability to prioritize with confidence, CAA can also identify repeat offenders and enforce its internal compliance policy. “One of the things Recon helps us continually validate is that credit card numbers are not inadvertently stored on a notepad or a shared drive.”

A major win for George and his team, they’ve been able to simplify their workflows and meet audit requirements. According to George, “It’s a real game-changer for us at CAA.”

Read the latest on sensitive data risk management

Data governance best practices
Data Governance: Best Practices For Your Team
Data access governance
What is Data Access Governance?
qohash qostodian recon logo
Qohash Announces Major Update to Qostodian Recon's Scan Engine
Logo Qohash
By initiative
Regulatory compliance:
Find, classify and inventory all sensitive data, across every data source
Data breach prevention:
Monitor sensitive data 24/7, track data lineage, and enforce policies at endpoints
Microsoft 365
One easy-to-use platform to secure sensitive data on Windows workstations and M365
By regulation
Law 25
Why Qohash
Defy legacy limitations
What our customers say about us

Contact us​