Breach, Critical Infrastructure Security, Data Security, Security Strategy, Plan, Budget

CASE STUDY: phion airlock in use at Herba Chemosan

Ordering from Herba Chemosan, the leading pharmacist wholesaler and service provider in Austria, used to be a fairly complex and expensive affair, because orders were submitted either by telephone or modem. Pharmacists were given access to 36 telephone lines with a free-of-charge number. This solution, developed originally by Herba Chemosan, was ideal for many years. However, the technology has become obsolete and no longer meets the high expectations placed on a service company.

The company therefore took the strategic business decision to completely modernize its entire order processing systems and convert to an internet-based solution.

The objective was to provide customers with a service portal that met the individual pharmacist's requirements and offered true added value. The portal should, on the one hand, work as a direct link to the Herba Chemosan merchandising system and on the other hand, also serve as an information hub.

Herba Chemosan Apotheker-AG, with a market share of 48 percent, supplies pharmacists throughout the whole country who buy their medicines directly from Herba Chemosan via an internet portal. The respective web applications are protected by phion airlock, which, the company says, ensures both the best possible security and availability.

Herba Chemosan is Austria's industry leader in pharmaceutical distribution. Almost every second medicine or health product sold over the counter in an Austrian pharmacist originates from one of the seven national Herba Chemosan logistics centers. This tightly woven logistics network ensures fast operational and simplified work processes and, as such, also improved quality controls, as well as higher delivery capabilities. The warehouse range comprises a total of over 42,000 different articles. The Herba Chemosan drivers make deliveries to over 1,000 pharmacists, doctors and hospitals every day; the deliveries are made within two hours after order receipt.

The web portal it planned required comprehensive protection, because otherwise it can become an easy target for attackers. This threat was identified at Herba Chemosan and the company gave careful consideration to the new system's security.

“It was clear for us that access to the web portal would have to have its own security to ensure that system access was really only given to authorized users”, explains Josef Pernecky, network and security administrator at Herba Chemosan. “So we decided to give the web applications the best possible protection with prior security functions in a web application firewall (WAF).”

Subsequent to careful evaluation of a suitable WAF solution, Herba Chemosan decided in favor of airlock. Determining factors in the decision-making process were the simple manageability, the expert consultation and, of course, the improvements in security at the application level.

“During the conversion to the new online system Herba Point – the service portal – it was really important for us to have support from a competent partner with a high degree of expertise and experience in the security field. A further important factor was the straightforward integration of airlock into our VMware environment”, adds Pernecky. “And apart from this, we were really impressed by the personal commitment and the professional approach of the phion employees on site.”

The entire implementation ran smoothly and according to plan. The new web portal went into productive operation subsequent to a short test phase. Since then, the web applications protected by airlock at Herba Chemosan are monitored around the clock.

All access requests are systematically monitored and filtered at all levels. Initially the identity and authenticity of the individual user is tested, only authorized connections by successfully authenticated users are then approved. Each request must run through a multilevel filer that automatically identifies and blocks any unauthorized access or manipulation attempts in a fraction of seconds.

Aside from this strong security network with the different filer levels, airlock also ensures optimum availability with cluster operation, application-level load distribution with failover, as well as hardware accelerated SSL termination.

As a preceding web application firewall, airlock relieves application servers from security related tasks, too. A further benefit is that the infrastructure can be optimized, because the operating system neither has to be configured nor administered and a modification or integration of client or applications software is not required. Overall, Herba Chemosan now has the most up-to-date and effective mechanisms at hand to guard the new pharmacists' platform, says a spokesman.

Since the launch of the web portal, the old modem ordering system has been gradually replaced. The objective was to complete the conversion by the end of 2008.

“Until now, our experience with the portal has been very good and the feedback from the pharmacists is extraordinarily positive”, says Pernecky. “It just takes a maximum of one or two seconds to place an order with the new solution, compared to minutes previously – not an insignificant factor with over 10,000 orders per day. And thanks to airlock we are now able to protect our portal optimally against unauthorized access.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.