H&R Block: Protecting customer and corporate data with the PGP Encryption Platform

• Customer Profile: Tax preparation provider; 13,400 permanent & 120,400 seasonal employees
• Goals: Enhanced protection of customer privacy; regulatory compliance
• Solution: PGP® Whole Disk Encryption encrypts remote systems in branches
• Alternatives: Required physical access for setup; higher costs & downtime
• Deployment: 20,000 systems deployed in weeks
• Benefits: Security; regulatory compliance; brand & revenue protection

H&R Block strengthened its protection of remote systems and laptops with PGP Whole Disk Encryption within a matter of weeks prior to tax season.

As the world's largest tax services company, H&R Block has one-to-one relationships with millions of clients, helping them benefit from all the available deductions and credits and build a better financial future.

The Challenge

H&R Block Inc. is a leading provider of tax, financial, mortgage, accounting, and business consulting services and products. H&R Block is the world's largest tax services provider, having prepared more than 400 million tax returns since 1955.

Compliance. H&R Block must comply with a number of regulations. "From a compliance standpoint, we have a significant number of regulatory and corporate compliance drivers, including IRS guidelines, the Gramm-Leach-Bliley Act, plus California Senate Bill 1386 and similar breach notification laws in more than 20 states," says Dr. Daniel Fluke, senior project manager. "Regulations have certainly improved the visibility of security with the general population, in business, and within H&R Block."

Protecting brand value. The tax preparation and financial services industry is dependent on the trust of its clients. IT security helps protect H&R Block's intangible assets. As Dr. Fluke notes, "Our brand is widely known and trusted by our customers, so we continuously look for ways to strengthen our data security."

The Solution

The H&R Block team took a straightforward approach to tackling the problem. "We don't believe in overly complex strategies that no one can understand and act upon," Dr. Fluke says. "After reducing the amount of data stored on each server and PC, we focused our efforts on protecting what was left. We have approximately 20,000 remote systems in our branch offices and franchise locations."

The Results

The H&R Block team used full disk encryption to protect its remote systems and laptops. "We've successfully executed the encryption of data on all our field equipment, including laptops and retail tax office systems. We chose PGP Whole Disk Encryption because it was the easiest to deploy and the most flexible solution for this purpose," Dr. Fluke explains.

Automated deployment. It was important to the team that deployment was as seamless as possible. "We needed to ensure immediate deployment of PGP Whole Disk Encryption without any downtime," Dr. Fluke says.

Minimal user impact. The team didn't want to complicate the user experience. As Dr. Fluke points out, "We wanted to minimize the impact on end users. The only place where encryption is visible is at the system level, and the only time we have to enter the encryption passphrase is when the system reboots." PGP Whole Disk Encryption has had no impact on H&R Block's tax professionals because they don't have to enter a passphrase when they log in, which has greatly increased user acceptance. "They may not even recognize a change in the system," Dr. Fluke adds.

Experienced partner. The H&R Block team chose PGP Corporation as a partner because of its reputation and track record: "Based on our previous experience, we were confident PGP Corporation could deliver the solution we required. We've used PGP® products for other purposes and felt PGP Whole Disk Encryption was the best solution to meet our needs."

20,000 installations in a few weeks. Dr. Fluke was impressed the project was completed in such a short timeframe: "We deployed PGP Whole Disk Encryption to approximately 20,000 laptops and remote field systems, installing the majority within a matter of weeks prior to tax season. Prior to deployment, we worked with PGP Corporation to ensure we had the capability for remote installation. That meant we were able to use a combination of field technicians on-site and our systems management software to install a significant portion remotely during November and December."

Summary

Dr. Fluke is very pleased with the outcome of the whole disk encryption deployment, but realizes that security is a process, not a project.

Simplified process. Dr. Fluke appreciates the simplified process whole disk encryption provides: "If the whole disk is encrypted, the data is protected."

Low support impact. H&R Block's team also wanted to ensure any help desk costs related to the chosen solution were minimal. "Anytime you introduce an additional layer of password protection or software, you're going to have an impact on support, so our help desk naturally had concerns before we introduced PGP Whole Disk Encryption," explains Dr. Fluke. "We addressed these concerns and proactively worked with them to minimize any impact and to balance the security benefits of the solution. We haven't exceeded our estimated support requirements, and the time spent on support has been minimal because we planned in advance how to avoid support calls. Overall, I think our support organization would say we've been very successful."

The PGP® Encryption Platform. The PGP Encryption Platform reduces the complexities of protecting business data by enabling organizations to deploy and manage multiple encryption applications cost-effectively from a single management console. Deployed with the first encryption application, the PGP Encryption Platform makes installing a separate or additional infrastructure unnecessary when the organization needs other encryption applications. The PGP Encryption Platform supports the broadest range of integrated applications to secure email, laptops, desktops, instant messaging (IM), PDAs, network storage, FTP or bulk data transfers, and backups.