Molina Healthcare (Molina) provides services for individuals who qualify for government-sponsored health care. Dr. C. David Molina founded the company in 1980 as a provider organization serving low-income families in Southern California. Today, the FORTUNE 500 enterprise operates health plans in 12 states across the nation and in the Commonwealth of Puerto Rico; serving a total of over 4.3 million members.
Given the nature of its activities, Molina must adhere to both the Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA) regulations for the protection of members’ information.
Bharani Krish, associate vice president of enterprise infrastructure, explained, “When it comes to security, we always strive to exceed the standards required by the governing regulations and mandates that apply to us. Encryption is a core component of our security architecture but we were always concerned that implementing a sophisticated solution might adversely impact the performance of our infrastructure and subsequently impede our ability to scale as we continued to grow.”
To ensure pervasive protection, Molina wanted to implement a standard operating procedure for encrypting all sensitive data, regardless of file formats and whether the data is in use or at rest. To adequately protect the information, Krish’s team developed precise requirements for encryption – including the need to protect encryption keys – with the aim that even with server access, a threat actor could not retrieve the data in a way that could lead to compromise. The solution also would need to facilitate the separation of roles, to comply with regulations preventing misuse by valid system users who were not authorized for data-level access to specific information.
Molina narrowed the field to a shortlist of solutions and conducted proof-of-concept (POC) trials; deploying each option on servers running Microsoft SQL, Cisco UCS, and Oracle SPARC. Applications were benchmarked on each solution/server combination to test for performance degradation. Of particular note was that throughout the evaluation, Krish’s team detected no performance impact with Vormetric Transparent Encryption in the Vormetric Data Security Manager (DSM) solution by Thales. A stark contrast to some of the other candidates.
In addition, Krish was impressed by the seamless key management and powerful security enabled by Vormetric Key Management.
Molina discovered the other solutions frequently had lengthy deployment processes that typically required an audit of all production-related data to specifically identify high-risk information to encrypt. Krish described, “The Thales solution really was in a class of its own; Vormetric Transparent Encryption is so efficient that we calculated from the POC that we would be able to encrypt all of our production databases in less time than it would have taken the team to manually sift through the data to categorize the sensitive information required by the other solutions just to start!”
Krish leveraged Thales Professional Services to encrypt the first database and demonstrate how to optimally implement Transparent Encryption in the Molina environment. He recounted, “The support was excellent; Thales had an engineer standing by every weekend in case the deployment ran into complications.”
The team elected to encrypt subsequent databases each weekend; planning for completion of each one by Sunday morning, then spending the rest of the day running extensive tests to identify any potential problems. At the conclusion of the project the team successfully encrypted 650 terabytes of data with zero issues.
Molina has developed a standard procedure for scaling security as its business expands. Krish outlined, “Our encryption process is now very clearly defined: Whether we acquire a company or expand through organic growth, all of our new production data is encrypted using Vormetric Transparent Encryption.” The company also has prioritized training for all of its employees to elevate awareness and knowledge of securityrelated topics.
The roles of the network administrators and users with access to encrypted data are now completely separated; administrators can manipulate and move files but cannot decrypt their contents. Krish noted, “Vormetric Key Management totally locks down the keys: There is no way they can be used in manner that puts data at risk.”
Vormetric Transparent Encryption satisfies all mandates for data-at-rest and active file protection, least privileged access, monitoring, and key management. The solution is optimized for low latency and has overcome Molina’s concern about the possibility of degrading application performance. Users have been unaware of the specific date of each database rollout and no negative feedback has been received about any aspects of the deployment.
Krish concluded, “Encrypting all of our production databases perfectly fits with our mission of going above-and-beyond what is required for compliance: Vormetric DSM made that possible.”
About Thales eSecurity
Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.Download