Zoll’s FTP Dilemma
Established in 1983 by Dr. Paul Zoll, Professor Emeritus of Harvard Medical School and former Chief of the Cardiac Clinic at Beth Israel Hospital, ZOLL Medical Corporation is best known as a leading producer of automated external defibrillators (AEDs).
As a business that deals with the research, development, and sales of medical devices, the secure transfer of files both within the company and externally a requirement. “We have compliance mandates that we must adhere to,” says Joseph Tennyson, Director of IT for ZOLL. “Really, there are three standards—Mass compliance, PCI (Payment Card Industry) which is the credit card standard and HIPAA—for the transmission of information in an encrypted format over a network, whether it’s via email or FTP.”
Before implementing Biscom SFT, ZOLL used Cisco’s secure email solution, IronPort, and secure FTP. “Both are relatively clumsy solutions for a user,” states Tennyson. “The problem with IronPort was that the registration process was awkward for users. Recipients had to register each and each and every time they used it.” Tennyson found that SFTP sites “can grow wildly and be difficult to maintain. You never really know within a pure FTP environment whether a user successfully got a file; there are no audit trails built into the product.” Even though ZOLL used FTP “significantly” SFTP requires software at both the client’s site and the user’s site.
Additionally, two groups in particular—technical service and customer service—occasionally had to send out patches or other executables. “I don’t think anyone allows executables or anything launchable anymore through email, yet users want us to send them. And users want one vehicle: email.”
Seeking a User-Friendly Solution Secure File Transfers
”Our goal was to have a tool that helped meet compliance in those three areas (HIPAA, PCI, and Massachusetts compliance). That was key,” says Tennyson. “The next key was to create a better user experience for utilizing email due to restrictions on attachment size limits and attachment types.”
In addition to the groups who needed to use email for secure data transfer, one particular group, Clinical Affairs “whose responsibility is to manage case studies with doctors’ offices and our product” needed a solution to manage communications relative to the study. “And that solution had to be a Web-based application and also had to have security standards,” according to Tennyson.
Biscom Replaces Two “Clumsy” Products
In terms of their primary goal of meeting compliance mandates and the secondary goal of creating a simpler user experience, Tennyson reports that “SFT has effectively met those goals.”
“Just meeting the compliance goals pays for itself in the time it’s saved me,” says Tennyson. “If we didn’t use SFT, I’d have to create some kind of audit trail or guarantee that we’re meeting compliance every time we send an encrypted document.”
Users at ZOLL leverage the Outlook add-in to send confidential data, “because email is what they use and what they know,” notes Tennyson. Attachment size limits are no longer a problem for senders or recipients and neither are the requirements for client software for SFTP transfers. Additionally, before SFT, according to Tennyson, “files would build up on the FTP network, and we’d still have no audit trail. Biscom has addressed all those needs.”
Since the SFT implementation, ZOLL retired Cisco’s IronPort. “We’ve totally eliminated it,” says Tennyson. “When someone asks us to set up an SFTP site, we automatically transfer the request from an SFTP request to an SFT request and set up Biscom for them.”
Not only are the end-users experiencing more ease-of-use, “it does what we wanted it to do, but it’s also working, and I don’t have to think about it,” Tennyson says with a laugh. “It’s usually the case that I do have to think about a solution, have resources allocated to it, and personally monitor it. That is definitely not the case with SFT.“
ZOLL Medical Corporation
- Required secure, auditable method for sending data in order to meet compliance mandates
- Current tools were “clumsy” for end-users
- Needed to send large files to recipients who had email attachment limits
- No audit trail for file transfers
Biscom Secure File Transfer
- Met three different compliance requirements
- Eliminated Cisco IronPort and replaced SFTP servers
- Achieved ease-of-use requirements for both internal and external end users