Case Studies

Sheetz Fuels Secure Business Growth with F5

Sheetz is a family-owned fuel and convenience retailer with approximately 800 stores in seven U.S. East Coast and Midwestern states. Rising cybersecurity incidents spurred the company to strengthen its app protection with a variety of F5 Distributed Cloud Services, including bot and DDoS mitigation. 

Business Challenge

Sheetz convenience stores are familiar to millions of U.S. motorists who make quick visits to the company’s locations to fuel up, whether that means filling their vehicle tanks or grabbing a fast beverage or meal. Hundreds of Sheetz convenience and fuel stops and a number of cafés and full-service truck stops dot Pennsylvania, Michigan, Ohio, Maryland, Virginia, West Virginia, and North Carolina.  For nearly 75 years, the company has evolved from a few Pennsylvania dairy stores to an early adopter of retail technologies such as touchscreen food ordering and RFID-technology payments.

Tyler Smith, Product Security Lead at Sheetz, says, “We’re focused on giving customers the food and drink they want and the fuel they need to keep going on their trips.” One way Sheetz delivers that service is through a mobile app customers can use to find locations, order food, pay for purchases, and track loyalty rewards. The company has deployed the F5 Application Delivery and Security platform in its data centers to help improve application performance while ensuring compliance with payment card security (PCI-DSS) requirements. Over recent years, IT staff noticed an increase in cybersecurity vulnerabilities and incidents, particularly DDoS attacks, automated logins, and brute force credential stuffing. The rising rate and sophistication of these attacks prompted the company to seek out additional solutions to remediate these attacks. 

“If a customer doesn’t use a strong password, you can’t make that customer have a better security practice,” Smith says about the credential stuffing attacks. “You can just protect what you offer them and make sure it’s actually the customer interacting with the application.” More importantly, increasing security should not add more friction or inconvenience for customers.

In addition, as the company and its customer base grew, it faced other growing challenges delivering the app at scale. Smith says, “We needed to deliver more, especially customer-facing cloud services at the edge, to deliver scale with higher security.”

Solutions

Sheetz deployed bot mitigation and other security solutions from the F5 Application Delivery and Security Platform with Distributed Cloud Services. The SaaS-based console managed by F5 enables Sheetz to deliver security and performance improvement solutions across multicloud, on-premises, and edge locations.

Smith says the convenience of a managed service and confidence that F5 provided the best security solutions were key factors in the decision. He notes that Distributed Cloud Services also surpassed other options in terms of working with existing systems, such as his company’s automated certificate management and web application firewall policies. 

“We’re leveraging a comprehensive range of features offered by the F5 platform across hybrid environments,” he explains. “These include Distributed Cloud Services such as Bot Defense, DDoS Mitigation, WAF, DNS, CDN, in tandem with solutions from BIG-IP that include LTM, APM, and ASM/AWF.”

Sheetz partner WorldTech IT assisted with the deployment of cloud-native solutions from the Distributed Cloud Services portfolio.

“We really wanted to dive in with two feet, which did lead to some growing pains,” Smith says. “You can expect those to happen with any new technology. The biggest theme of lessons we’ve learned is to really embrace strong road mapping. Look at the risks you’re trying to address and how you can best leverage the solutions offered in Distributed Cloud Services.”   

Results

Protect against automated attacks

The security capabilities of Distributed Cloud Services have relieved the pressure of an ever-expanding threat landscape. Smith says Sheetz is also exploring Distributed Cloud Web Application Scanning that would bolster the security team’s existing tool sets for identifying vulnerabilities. He says, “It’s a very low-cost option to enhance security, and why would you not want to turn that on when it’s easily available?”

Improve stability and reliability for customers

While security is crucial, Smith says perhaps the biggest improvement has been improved app stability and reliability for customers. 

“Sheetz is all about convenience and safety,” he explains. “So if our mobile app isn’t available, our digital experience is lacking, and that’s a huge problem for our customers. Distributed Cloud Services has been key in making sure our app is always working and delivering the experiences customers need.”

In fact, he says security and stability are equally top-of-mind when he thinks of F5. “With those two key things, we can make sure apps are going to work. Before, we frankly had to deal with a lot of DDoS mitigation ourselves. Now we have cloud-native redundancy and uptime, so our customers have quicker delivery of solutions, even if one point of presence (POP) goes down.” 

Quickly deploy new capabilities

One aspect of Distributed Cloud Services that Smith particularly appreciates is the speed and ease of deploying new functionality.  His team is currently exploring how Distributed Cloud Services can solve practical app delivery challenges such as CDN deployment, micro-caching, and putting Kubernetes microservices in the cloud. 

He says, “If I need a CDN today, I can use the CDN solution offered by Distributed Cloud Services, trust that it’s going to work, and quickly tailor the solution. It’s four clicks to turn on—as opposed to having to engineer our own CDN solution or look at a third-party vendor.”

He praises both F5 user groups and WorldTech representatives for helping Sheetz take full advantage of the F5 platform, both today and tomorrow. He says, “We’ve got a roadmap of additional features we want to enable, such as Distributed Cloud API Security and Web App Scanning.”

Speed app deployment and management

F5 has accelerated delivery of IT support to the business. Smith says, “Distributed Cloud Services has been great for expediting how we manage some of our solutions.”

He also finds it easy to implement, which can save IT staff time. “I'm an API speaker natively,” he explains. “I don’t like to use GUIs if I don’t have to. Distributed Cloud Services has enabled a lot of API-native functionality, so you don’t have to struggle as much to implement.”

Scale to support business growth

Pursuing an active growth strategy, Sheetz is investing in additional stores. Smith says, “the F5 platform absolutely plays a core role in delivering the scale we need as the number of our customers continues to increase.”

He adds, “Working with F5 as a company has been very beneficial for Sheetz. Distributed Cloud Services include many interesting solutions we can employ that will help serve our larger company goals of meeting more customers where they are.”

See all customer stories  ›

Sheetz logo
Benefits
  • Protect against automated attacks
  • Improve stability and reliability for customers
  • Quickly deploy new capabilities
  • Speed app deployment and management
  • Scale to support business growth
Challenges
  • Increasing cybersecurity incidents
  • A need for greater scale, especially at the edge
  • Better app protection without customer friction
Products

Distributed Cloud Services ›

Distributed Cloud Bot Defense ›

Distributed Cloud WAF ›

Distributed Cloud DNS ›

Distributed Cloud DDoS Mitigation ›

Distributed Cloud CDN ›

BIG-IP Access Policy Manager ›

BIG-IP Advanced WAF ›

BIG-IP Local Traffic Manager ›