Pioneering a Massive Cloud-based Instance of SAP Secured by Thales eSecurity
Long known for being a pioneer in medical devices, today BD (Becton, Dickinson and Company) is a publicly traded company that manufactures and sells a wide range of medical devices, instrument systems and reagents. Founded in 1897 and headquartered in Franklin Lakes, New Jersey, it employs associates in more than 50 countries worldwide and is divided into segments: BD Medical and BD Life Sciences.
When BD wanted to enable quicker decision making and improve the agility of its business in a highly competitive marketplace, the company consolidated its operations onto a US-based single global instance of SAP with an Oracle database. The company transferred and consolidated data from multiple countries that required strict adherence to many regulations covering data control and security.
Damian McDonald, vice president of Global Information Security for BD recalled, “The security solution had to be transparent, meet our encryption requirements, and also support advanced logging and monitoring. Because this was a global consolidation, we also had to fulfill all of the data privacy and security requirements for each region in which we do business.”
Controlling access to data was a critical component of the consolidated environment. “We’re always very concerned about the possibility of intellectual property theft. And because we outsource some of our support, we knew we needed the flexibility to give approved third-party providers operating system- and file subsystem-level privileges, but simultaneously restrict access to the core data,” stated McDonald.
The Vormetric Data Security Platform from Thales eSecurity was selected because it works at the operating system level and is transparent to the application, which was critical to McDonald and staff because SAP does not support any changes to the database. “Our requirements for file level access control, simple key management, as well as being able to encrypt backup tapes made the Thales eSecurity platform the perfect fit for our needs,” he reflected. “Vormetric encryption is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Thales eSecurity.”
He continued, “A problem that we all face in the security world is the ‘urban sprawl’ of technology. Where possible, we strive to standardize and streamline controls to reduce our management overhead. Thales eSecurity has enabled us to do that because we can use the Thales eSecurity solution across all of our environments including our service provider infrastructure for cloud services.”
Today, BD’s single global instance of SAP is composed of more than 30 individual SAP modules running on premise as well as in the cloud on Microsoft Azure. “We’ve expanded the use of the Vormetric Data Security Platform to address a critical need in cloud security by leveraging Vormetric Key Management to maintain custody of keys, as well as managing the data,” explained McDonald. “We’ve had a lot of help from Thales eSecurity’s consultants with architecture and execution; now our IT teams have all the access and flexibility they need but not down to the data level.
“Thales eSecurity has been there whenever we’ve needed help: The support is excellent. It’s a true partnership; we have very close engagement with senior leaders in Thales eSecurity and we witness their desire to see us succeed.”
Encryption is No Longer a ‘Nice to Have’
McDonald observed, “Encryption is a fundamental requirement in the evolving threat scape. The new reality is that it’s virtually impossible to keep all threats out. Vormetric Encryption and other technologies like security analytics are essential elements of a properly engineered, multi-layered, defensive strategy: If a hacker eventually does succeed in getting through to the data they will also have to break the encryption in order to access the contents.”
To ensure business operations remain unimpeded, the company’s IT and security organization attaches great importance to the user experience. “The challenge with typical information security groups is that when they get involved, from a user perspective, it normally equates to whole new levels of restrictions and delays,” noted McDonald. “We’re very focused on ensuring that security is as transparent as possible to minimize the impact on each user’s experience. Vormetric Transparent Encryption enables us to apply security in a way that is invisible to the end user; in fact, it’s pretty much transparent from an administrative viewpoint too.”
He concluded, “The Thales eSecurity platform is a primary control against insider threats. The situation of someone hacking into the data is less of a worry because the Thales eSecurity solution’s preventative controls make a world of difference.”
BD Relies on Thales eSecurity for Global Encryption
- Identifying encryption solution that achieved compliance with multi-region data security mandates
- Deployment of a solution that can scale to support cloud services
- Ensuring IT personnel only have access to the information they need and not more
- Transparently encrypting a massive cloud-based single instance of SAP
Thales eSecurity Encryption and Key Management
- Vormetric Data Security Manager
- Vormetric Transparent Encryption
- Vormetric Key Management
- Flexible, transparent, enterprise-wide encryption with easy management of the custody of keys