McKesson and Okta: developing a roadmap focused on customer experience

Spencer Mott, SVP and global CISO at the McKesson, the global healthcare provider, said that the partnership with Okta was “an opportunity” to integrate modern technologies with security, while enabling the business.

One way for the largest enterprises to embrace digital is to bring in technologies and partners that helps drive the “business strategy and operation where it needs to go,” he said.

Andrew Zitney, the CTO for McKesson Technology pointed to the adoption of the cloud as an example of bringing in new technologies.

He is leading a major cloud-first strategy at McKesson, which will reimagine the infrastructure environment. “We’ll need to retrain our workforce or bring in the right talent to support this,” Zitney said.

In terms of a partner, Mott explained Okta has helped McKesson along in that journey, “in the sense of modern technology supporting the security and technology roadmap in our organisation”.

The roles and responsibilities of the CISO at McKesson

What are the roles and responsibilities of the CISO at one of the world’s largest healthcare providers? 

The right time

There’s no point in adopting a new set of technologies or partnering with another company, unless there’s a need for it. Don’t do anything for the sake of doing it.

In McKesson’s case, there was a very valid reason for partnering with Okta.

“We had a major B2C requirement,” said Mott. “That meant there was a timeframe around launching a platform that allowed us to engage with our large patient-consumer-physician database.

“We felt that we needed a ‘modern technology’ that would make that interaction not only seamless, but also give us great data insights in terms of how our products and services are being used.”

What is the role of the CTO at McKesson Technology?

Andrew Zitney explores his role as CTO at McKesson Technology with Information Age: how it’s changing and how to free up the IT department and developer teams. Read here

The right partner

When the need for a partner becomes clear, finding the right partner is, of course, paramount.

“We looked at a lot of products out there and Okta’s roadmap was very clear, in that it focused on the customer experience,” said Zitney.

McKesson needed a partner that would help them focus on retail B2C, away from their B2B business (for this offering), and a seamless experience was a priority.

“Okta was a nice fit from a technology perspective and then it satisfied all of Spencer’s security needs in-house,” he said.

“We both agreed, it was a win-win for us” — Zitney

Security at McKesson

“There are two sides to security,” said Mott.

The first, and the one he agrees with, is that the vast majority of an organisation’s security needs to operate behind the curtains. “If we’re getting in front of our consumers with steps or barriers, it’s not such a good thing and can drive consumers away from our offering,” he explained.

However, on the other side of that, Mott believes that there are occasions where you want to generate trust, especially on the enrolment process, “whereby there might be a rationale behind demonstrating you’re taking appropriate measures to protect identities, data and access etcetera.”

Most of what I want to do with Okta, regarding security, is in the background

By partnering with Okta, the bottom line is that the platform has separate capabilities, “depending on what you need to do at a specific time,” continued Mott.

This is what specifically appealed to him. “What I think they’ve done really well is extend the continuum of the identify life cycle at enrolment through the use of more advanced analytics,” he said

This was a space that traditionally, identity solutions were not very good at.

So, what’s the differentiator? This solution can identify a human and machine on enrolment and then make features available throughout that lifecycle; “where you might want to expose additional control or actually draw back and just make it maybe a password free access,” explained Mott.

In this area the analytics, automation and the intelligence behind that identity solution is critical.

“Being able to do that in a way that’s completely agnostic of the technology or of the entry point is really powerful,” he stated.

Trust at Oktane19: the new frontier in technology

At Oktane19 in San Francisco, Information Age explores the importance of trust and identity in supporting continued technological innovation. Read here

Technology and customer experience at McKesson

From Zitney’s perspective, it’s all about the customer experience.

Before, to try and tie the consumer and different business units together, from an identity perspective, was “almost impossible,” he said.

McKesson’s environment was very fragmented; “it was a federated model that we used to manage our own environments, so we had multiple identity systems out there,” Zitney continued.

“At every level of the stack, there were multiple systems that we needed to consolidate.”

Okta helped virtualise the complexity that was hindering the customer experience

And the partnership, according to Zitney, allowed for a seamless experience on “the front end of our business, while we started the consolidation on the back end,” he explained.

Moving to the cloud, digital transformation and prioritising zero trust security

Large organisations are adopting the cloud at an increasing rate. But what are the practicalities of moving to the cloud, how will this help with their digital transformation efforts and how will it help prioritise security. These pillars were explored on the second day of Oktane19. Read here

Culture at McKesson

Frictionless identity security and improved customer experience for McKesson’s end users — that is goal, and is why they partnered with Okta. And, it’s all dependent on the cloud.

But, for any large organisation, steeped in history, the adoption of the adoption of the cloud is going to present cultural hurdles.

McKesson’s culture took 190 years to build and “it’s not going to change overnight,” said Zitney.

But, they know what direction they want to go in, the know what type of culture they want. And now, one of things McKesson looks at with partners going forward is what kind of culture does the partner, in this case Okta, bring to the table.

“I call it a software engineering mindset,” continued Zitney.

By partnering with companies that have cultural priorities aligned in the direction McKesson wants to go, “that helps us change the way that we behave and the way we deliver products. It let’s us start thinking a lot differently”.

So, for Zitney, the right partners are really what’s driving the change in McKesson’s culture, from a customer experience perspective.

Cultural transformation: why change begins at home

Today’s business leaders are bombarded with commercial imperatives for changing the way they do things. Read here

The other cultural challenge that emerges in a huge organisation is that often, the business is made up of many businesses and many geographies, and they have “separate personas,” said Mott.

As McKesson introduced the Okta capability, while managing the change that came with that, “the narrative needs to be different for all our different business units,” he continued.

Referring to one of the organisation’s latest acquisitions, CoverMyMeds, Mott said that as “a fast-moving start-up culture they really related to tools like Okta, in terms of the developer rich environment and the ease of use.

“For our distribution business, however, which is more around resilience and maintaining availability of services, it’s a slightly different narrative in terms of how you position Okta in a sense of additional security, which would reduce the risk of an outage or a cyber incident.”

What Mott concluded, is that a lot work needs to be around whatever the value proposition is, when integrating a partner. Changing the culture is a different proposition in a company that’s as diverse as McKesson.

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.