Vormetric Encryption Helps Accounting Giant Secure All Data

Crowe Horwath LLP serves clients worldwide as an independent member of Crowe Horwath International; one of the 10 largest accounting organizations in the world. With 3,000 employees in offices throughout the United States, Crowe provides audit services to public and private entities, while also helping clients reach their goals with tax, advisory, risk and performance services. Its customers primarily consist of large – and mid-market public companies as well as sizable privately-held businesses.

Business Challenge

As a close partner to its own clients, Crowe has to abide by whatever requirements or regulations apply to those businesses. With its highly diverse customer-base, Crowe is subjected to a multitude of datarelated mandates that impact the way it holds clients’ information. For example, the data owned by any Crowe clients that fall under the Health Insurance Portability and Accountability Act (HIPAA) must be encrypted to the required standards, both in transit and at rest.

Andrew Sappenfield, assistant director for Security Compliance at Crowe Horwath, commented, “We often have to hold copies of client data, so have to ensure that we meet with the requirements that effect them, including regulations like the GLBA, SOX, HIPAA and Federal Information Processing Standards Data Encryption Standard (FIPS 140-2).”

Technical Challenge

Crowe’s approach had been to utilize legacy disk and database-level encryption but this was proving to be time consuming and cumbersome. Sappenfield elaborated, “They weren’t easy to administer and didn’t have good processes for managing keys. We needed to move to a centralized key management solution.”

The vast majority of Crowe’s workforce is mobile and the company standardized on laptops running Microsoft Windows® and a Microsoft SQL Server-based infrastructure. Crowe wanted a flexible solution that would provide data-level encryption regardless of hardware or file type.


Sappenfield noted, “As we started looking at possible encryption solutions Vormetric Data Security Manager caught our attention because it utilizes a FIPS 140-2 certified hardware appliance with true centralized key and policy management designed for distributed enterprises. It also provides enterprise encryption management for SQL Transparent Data Encryption (TDE), as well as offering storage for any other encryption keys.

Crowe ran a month long proof-of-concept (POC) evaluation of the Vormetric Data Security Manager appliance. “Everything was very successful, and to become fully operational we just expanded the POC,” recalled Sappenfield. “We leveraged Vormetric consultants for the final production environment roll-out. Today our SQL Server databases are encrypted using Vormetric and the data is backed-up in its encrypted format too.”


Reflecting on the purchase decision, Sappenfield stated, “During the POC we saw instantly this would be a solution we could deploy and it would immediately provide the coverage we wanted without having to be constantly managed. It’s a huge bonus because the low operational overhead means we haven’t needed any extra administrators, which is great.”

Crowe’s employees have been impressed too. “We have a couple of business units that provide solutions that are very closely monitored for throughput and response times. The stakeholders of those groups are always very vigilant about anything that could have a negative impact on their environment,” recounted Sappenfield. “We were quickly able to prove to them that not only was Vormetric a better solution for encryption than their legacy product, they actually would receive a measurable performance improvement.”

In the last few years Crowe’s growth strategy, in part, has focused on making a number of significant acquisitions. Sappenfield noted, “When we acquire a company we have to assimilate new data into our operation. Now we’re able to on-board all of the company’s stored information straight into Vormetricencrypted SQL databases and make it immediately accessible, knowing that is fully secured at the data-level: It makes this part of the process very simple.”

He continued, “We’re frequently asked about our encryption management strategy, both by existing accounts and prospective clients. As soon as we state that we use Vormetric, the conversation is pretty much over because of the solution’s excellent reputation throughout the industry.”

Encryption Made Easy

Sappenfield concluded, “For anyone considering an encryption solution I’d strongly recommend deploying Vormetric Data Security because firstly it’s solid and easy to manage, secondly it’s so beneficial to have data-level security regardless of file type, and finally, should you need it, Vormetric support is highly competent and quick to respond.”