As America’s oldest and largest healthcare services company, McKesson Corporation provides a broad range of pharmaceuticals, medical supplies and information technologies to customers in every segment of the industry. The publicly traded company achieved sales of $123 billion in 2012, making it the 14th largest company in the U.S.
McKesson is subjected to an enormous number of regulatory standards for securing data found in every one of the segments in which it operates. Sabastian High, senior manager for Product Development Standards and Innovation at McKesson, commented, “We needed to identify an enterprisewide solution for encryption and key management that could be easily deployed across our business units without impacting operations or security.
“An aspect that is of utmost importance to us is the responsiveness of a vendor’s tier-2 phone support and the resulting speed of escalation to engineering. Our requirements for resolving issues are pretty unique: If we’re doing encryption of data at rest for an application that is involved with supporting critical care activities, the notion of having a nonoperational system is just unacceptable. It literally can be a life or death situation.”
McKesson has grown both organically and through acquisitions for 180 years. This very successful strategy has led to an accumulation of multiple disparate environments, technologies and data repositories spread throughout the company.
High and his colleagues created a detailed set of criteria to identify and select the optimal solution for the McKesson environment. “We had a large number of technical specifications for our key management and encryption solution; the top factors were ease of deployment, the performance impact of doing encryption, the strength of key domain capabilities across disparate file systems and file system agnosticism.”
Following a multi-month research and evaluation period, High and his team selected encryption and key management solutions from Vormetric, Inc. High noted, “Vormetric’s implementation – especially the total separation of roles within a domain model and the ability to consistently provide robust key management across disparate file systems – was the best we saw. Vormetric also exceeded all of our acceptance criteria for problem identification and resolution responsiveness.
“Performance is a very critical factor for us. We conducted a proof of concept with several vendors’ solutions configured in parallel. We created a wide variety of scenarios, involving data warehousing, analytics, and informatics platforms: Vormetric consistently scored the highest marks. Every other encryption solution increased the file IO and data IO latency by a factor of 50 to 100. There was a really significant performance advantage using Vormetric when compared to the degradation we experienced with the other competitors.
“I also appreciated Vormetric’s approach to encryption; I was never satisfied with the competitors’ strategies of encrypting individual tables or columns, both of which made no sense to us.”
Technology solution provider, Williams & Garcia, was tasked to help refine the overall implementation and support models, as well as to coordinate the massive deployment across the McKesson environment. The Atlanta, Georgiabased company is responsible for actively managing key domain for each business unit and providing ongoing operational maintenance and support.
Since beginning the enterprise-wide deployment, reliability of the Vormetric solutions has been impeccable. High described, “We’ve never had a Vormetric Data Security Manager appliance fail, or even falter. Agent reliability has been equally flawless.”
He continued, “The separation of key operators, key creator, policy, administrator, access controls, and the separation of duties model are all truly military grade; and I have a lot of experience in this field!”
Vormetric Data Security provides full coverage of all regulated data throughout the McKesson infrastructure, including facilitating compliance with the HIPAA HITECH Act, PCI DSS, FDA and EPCS (Electronic Prescriptions for Controlled Substances) mandates.
“The flexibility of our Vormetric solution gives us an enterprise-wide capability that enables business units to implement a service and support model that exactly works for them. We’ve been able use Vormetric as the vehicle to implement robust key management practices that support corporate policies across the company, no other vendor can compete with the Vormetric model; we love the technology,” concluded High.
Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, virtual and cloud environments. Data is the new currency and Vormetric helps over 1,400 global customers—including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application — anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence. For more information, please visit: www.vormetric.com.