
June 17, 2024
“It’s the kind of partnership I like to see with my vendors, because it makes it a lot easier, not only to get things accomplished and do what we need to do, but just makes it enjoyable to work together.” – Mike Mulligan, Head of Security, October Three
October Three came to Sidechain Security seeking a solution that offered both single file and volume encryption and could guarantee that their SQL data was totally encrypted, all within their allotted budget.
What were your biggest concerns in finding a solution to meet your needs, knowing that your business operations rely on accessing PII from benefit participants, complying with HIPPA, and undergoing annual SOC (Standard Operating Controls) 1 and 2 audits?
CIO Chris Kim: We had struggled for years to find an encryption solution that meets our unique needs – it had to offer single file and volume encryption, encrypted SQL data including backups, be a minimal burden on our IT team as an ongoing service and transparent to our users without them having to know what’s going on behind the scenes. We spent a lot of time and resources creating our own custom fixes to ensure security was prioritized but it wasn’t an ideal situation. It’s just not part of our day-to-day work that we want to have to think about, we don’t have a big IT staff and we really depend on our partners to be able to handle a lot of our infrastructure and security needs. So, when Sidechain came aboard and said, we’ll help monitor your system and take over the duties related to encryption, we were more than happy to let them do it.”
Sidechain: From Sidechain’s vantage point, we could see the perfect product to give them the flexibility they needed with single file encryption – it would allow them to move a file back and forth without breaking the encryption and decrypting the entire volume. We were able to give them the functionality of their piecemeal solution while taking the implementation and maintenance off their plate. The product that suited them best was CipherTrust, a Thales product that Sidechain is the foremost specialist in, both in terms of implementing and ongoing management. Did you have any bumps in the road with the implementation or changes within your own organization that needed to be reflected in your security needs?
Chris Kim: When October Three went through an acquisition, we needed to merge the new organization’s data infrastructure with our own existing data. Sidechain set up a parallel environment which allowed the data to be transferred without interrupting use of the data. It really made the acquisition easy. By the time we were ready to do the acquisition, there was really nothing we had to do, it was all basically done. We just flipped the switch and the encryption was all in place. Our executive committee was really happy with the way that went off and our buying partners were actually kind of amazed how well everything worked.
Sidechain: In addition to their databases, we’re currently helping October Three convert file share to the Sidechain solution so they can fully retire a legacy encryption product (PGP) and its upkeep. Our team worked closely with them to define a smooth process for transitioning the terabytes of data to the new solution and now we’re implementing the transfer. How has the ongoing relationship been for your team?
Mike Mulligan, Head of Security at October Three: Matt, Andrew, and the guys over there have been really good at answering any questions I have. I’ve asked them, how do we get off PGP and onto Sidechain? How does the Sidechain solution work, why is it configured the way it is, and how do we manage it? Things like that. They’ve been great about helping me come up to speed on the product. And it’s not just a black box, like, ‘Hey, this is this is our toy. Don’t touch it.’ They gave us some of the tools to go and look at it and validate what they’re telling us, so we can have that comfort that it’s doing what it’s supposed to do.
Sidechain: October Three has been a fantastic client to work with, they’ve trusted the process, been transparent about their needs and worked collaboratively throughout the implementation and the ongoing support we provide. We look forward to continuing to work with them , support them and most importantly give them the confidence that their most valuable assets are being safeguarded.
Chris Kim: That’s the story of security, you can never stop — it’s a constantly evolving thing. If you don’t try to at least maintain some changes to keep up with things you will fall behind, and falling behind is not acceptable. But with Sidechain, I just don’t have to worry about it anymore. We know and trust them, and their processes include all the upkeep and safeguards we need.