Multi-national pharmacy retailer

Global expansion prompts a security rethink

Global expansion plans meant that data protection for Personally Identifiable Information (PII) and Protected Health Information (PHI) became even more important. The organization also worried about the time and effort involved in audits and wanted a tool that would help reduce the audit scope. The team was aware that most vendor solutions only protected customers’ payment data. PCI data protection was clearly key, but it was felt the Format Preserving Encryption (FPE) capability could be expanded to protect consumer PII and PHI data. In addition, there was an opportunity to include internal application-based use cases, such as HR data.

With hundreds of millions of online transactions each year, Voltage’s unique FPE and SST support drastically reduces the risk of a data breach. The Hadoop integration provides secure PII and PHI data analytics to support strategic decision-making.

Voltage delivers massively scalable data analytics

It was clear that the project demanded a fresh and modern approach, and the organization’s DevOps team worked closely with the consultancy partner who recommended Voltage SecureData by OpenText™. OpenText™ Professional Services worked with the in-house teams to implement Voltage SecureData Payments by OpenText™ across the in-store POS card readers and associated ecommerce systems. This delivers Payment Card Industry (PCI) security compliance with end-to-end encryption and tokenization. It is integrated with the POS systems and encrypts sensitive credit card data immediately ensuring data protection throughout the transaction flow.

The organization later adopted Hadoop as its data lake and, after the success of securing payment data, it now looked at expanding Voltage SecureData usage to include integration with Hadoop for massively scalable data analytics. Voltage SecureData’s Format-Preserving Encryption (FPE) ensures that the pharmacy systems and back office data gathered in the analytics platform has full PII protection.

At an executive level, Microsoft was chosen as a strategic alliance partner, propelling the organization further on its path to digital transformation. Rather than maintaining its own data centers, the organization aspires to move their data to the Azure cloud environment. It was pleased to find that Voltage could encrypt Azure-stored patient data in use, in transit and at rest. In a high-profile project Voltage Key Servers were deployed in Azure, showcasing the versatility and flexibility of the Voltage solution set.

Reduced risk of data breach and full support of cloud strategy

The organization saw a reduced audit scope because Voltage SecureData removes live data from exposure at the source and protects it persistently through intermediate web tiers to the trusted backend host. Its FPE and Secure Stateless Tokenization (SST) capabilities enable data to be used and analyzed in its protected state.

The in-house Voltage-driven solution gives the organization independence and leverage with its payment partners. With hundreds of millions of online transactions each year, Voltage’s unique FPE and SST support drastically reduces the risk of a data breach. The Hadoop integration provides secure PII and PHI data analytics to support strategic decision-making. Leveraging Voltage’s flexible deployment options, the team could not only support an expanding cloud migration strategy without jeopardizing security, but also add use cases and improve its overall security posture. Audit cycles have been reduced and the organization is fully compliant with all industry regulations.

The organization had adopted Hadoop as its data lake and, after the success of securing payment data, it now looked at expanding Voltage SecureData usage to include integration with Hadoop for massively scalable data analytics.