Slashdot Mirror

← Back to Stories (view on slashdot.org)

TN BlueCross Encrypts All Data After 57 Disks Stolen

Posted by timothy on from the best-practices-are-best-practice dept.

Lucas123 writes "After dozens of hard disk drives were stolen from a leased facility in Chattanooga, potentially exposing the personal data of more than 1 million customers, BlueCross decided to go the safe route: they spent $6 million to encrypt all stored data across their enterprise. The health insurer spent the past year encrypting nearly a petabyte of data on 1,000 Windows, AIX, SQL, VMware and Xen server hard drives; 6,000 workstations and removable media drives; as well as 136,000 tape backup volumes."

1 of 140 comments (clear)

  1. Re:$6 million? by belthize · · Score: 3, Interesting

    I wouldn't take the $6M and 5000 man hours as directly coupled. The actual press release says:

    BlueCross invested more than $6 million and 5,000 man-hours in the data encryption effort, which included:

    - 885 Terabytes of mass data storage
    - 1,000 Windows, AIX, SQL, VMWare and Xen server hard drives
    - 6,000 workstation hard drives and removable media drives
    - 25,000 voice call recordings per day
    - 136,000 volumes of backup tape

    The 5000 man hours may only reflect actual labor and not reflect all the hours of planning/scheduling etc. What ever hourly rate for labor double it for overhead, the cost of a person is about twice their salary, at $100/hour that's $1M in labor. Another 500K in planning. I have no clue what software they used but I'm pretty certain it wasn't a single package. Each system may well have required a different package + licenses + contractor time from the vendor. For example they may have had to out source the voice call recordings to who ever provides their phone system. I kind of doubt they slap all the recordings onto a single box and mass encrypt.

    They're a very distributed organization so there's going to be a *lot* of duplication of effort, they may have had to do the phone bit at hundreds of sites.

    I don't know if it could have been done for $3M or if $6M actually represents a relatively reasonable price compared to a lot of the $XXX Mllion dollar utter failure projects. It strikes me as fairly reasonable considering the scope of the problem and usefulness of the result (assuming it's not a $6M whitewash).