With Lives at Risk, the 5th Largest U.S. Company Trusts Thales eSecurity's Healthcare Solutions for Reliability and Integrity

As America’s oldest and largest healthcare services company, McKesson Corporation provides a broad range of pharmaceuticals, medical supplies and information technologies to customers in every segment of the industry. The publicly traded company achieved sales of $191 billion in 2016, making it the 5th largest company in the U.S.

Business Challenge

McKesson is subjected to an enormous number of regulatory standards for securing data found in every one of the segments in which it operates. Sabastian High, senior manager for Product Development Standards and Innovation at McKesson, commented, “We needed to identify an enterprise-wide solution for encryption and key management that could be easily deployed across our business units without impacting operations or security

“An aspect that is of utmost importance to us is the responsiveness of a vendor’s tier-2 phone support and the resulting speed of escalation to engineering. Our requirements for resolving issues are pretty unique: If we’re doing encryption of data at rest for an application that is involved with supporting critical care activities, the notion of having a non- operational system is just unacceptable. It literally can be a life or death situation.”

Technical Challenge

McKesson has grown both organically and through acquisitions for 180 years. This very successful strategy has led to an accumulation of multiple disparate environments, technologies and data repositories spread through-out the company.

High and his colleagues created a detailed set of criteria to identify and select the optimal solution for the McKesson environment. “We had a large number of technical specifications for our key management and encryption solution; the top factors were ease of deployment, the performance impact of doing encryption, the strength of key domain capabilities across disparate file systems and file system agnosticism.”


Following a multi-month research and evaluation period, High and his team selected Thales eSecurity’s healthcare solutions. High noted, “Thales eSecurity’s implementation – especially the total separation of roles within a domain model and the ability to consistently provide robust key management across disparate file systems – was the best we saw. “

“The Vormetric Data Security Platform also exceeded all of our acceptance criteria for problem identification and resolution responsiveness,” High continued.

“Performance is a very critical factor for us. We conducted a proof of concept with several vendors’ solutions configured in parallel. We created a wide variety of scenarios, involving data warehousing, analytics, and informatics platforms: Vormetric consistently scored the highest marks. Every other encryption solution increased the file IO and data IO latency by a factor of 50 to 100. There was a really significant performance advantage using Vormetric when compared to the degradation we experienced with the other competitors.

“I also appreciated Thales eSecurity’s approach to encryption; I was never satisfied with the competitors’ strategies of encrypting individual tables or columns, both of which made no sense to us.”

Technology solution provider, Williams & Garcia, was tasked to help refine the overall implementation and support models, as well as to coordinate the massive deployment across the McKesson environment. The Atlanta, Georgia-based company is responsible for actively managing key domain for each business unit and providing ongoing operational maintenance and support.


Since beginning the enterprise-wide deployment, reliability of the Vormetric solutions has been impeccable. High described, “We’ve never had a Vormetric Data Security Manager appliance fail, or even falter. Agent reliability has been equally flawless.”

He continued, “The separation of key operators, key creator, policy, administrator, access controls, and the separation of duties model are all truly military grade; and I have a lot of experience in this field!”

The Vormetric solution provides full coverage of all regulated data throughout the McKesson infrastructure, including facilitating compliance with the HIPAA HITECH Act, PCI DSS, FDA and EPCS (Electronic Prescriptions for Controlled Substances) mandates.

“The flexibility of our Vormetric solution gives us an enterprisewide capability that enables business units to implement a service and support model that exactly works for them. We’ve been able use the Vormetric platform as the vehicle to implement robust key management practices that support corporate policies across the company, no other vendor can compete with the Thales eSecurity model; we love the technology,” concluded High.

Business Need

  • Identify enterprise-wide solution for encryption and key management
  • Zero permissible impact on operations, security and service delivery

Technology Need

  • Nominal performance impact ofdoing encryption
  • Industry-leading key domain capabilities
  • File system agnosticism


  • Healthcare Solutions from Thales eSecurity
  • Vormetric Transparent Data Encryption
  • Vormetric Key Management
  • Vormetric Data Security Manager


  • Impeccable reliability and performance
  • Policy and regulatory mandates implemented across diverse infrastructure
  • Military grade key management capabilities

About Thales eSecurity

Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group