Enterprise Desktop Encryption
Value: As a credit bureau with over 200 million sensitive credit files, Experian's business model demands good Information Risk Management. Prior to developing the desktop encryption service, many different departments were using their own individual encryption systems to send files. Even worse, some reported not using any encryption when sending sensitive information and did not realize the associated risk from this. I led a design team in developing a business case for a central solution based around an ISO compliant PKI Entrust implementation. The original budget was $1.5 MM, but this grew into $2.5 MM as senior management accelerated the implementation timeline to 6 months (due to a security breach at a competitor that reduced their market capitalization by over 20%).
People : The encryption service primarily enhanced the security of information shared with various banking clients of Experian's and made the encryption of information easy (a big driver in the design).
Impact: The solution was the smoothest PKI implementation any of the industry leading consultants (Entrust, EY, and Deloitte) had heard of, and served 4,000 desktops at launch. The core infrastructure was designed to scale and eventually this approach was extended to other parts of the world.
My Role: I led the development of the business case, writing of the ISO certificate policy, and led the implementation team through the accelerated timeline to deploy the Public Key Infrastructure, the heart of the service. As I was transitioning to another position, the final role-out of the desktop encryption clients was performed successfully and on time by the remaining team members.
Employer: Experian, Inc. (Subsidary of Experian PLC)