Andreas Eschbach, CEO, eschbac06.13.23
Moving to cloud-based applications for plant process management, shift handover and other plant operations offers significant benefits for pharmaceutical manufacturers—such as anywhere/anytime access to critical data, streamlined operations, and a lower IT burden for server and software management. But what about data security?
While keeping data close at hand on an enterprise network may feel like a safer option, a well-designed cloud-based application can offer significant advantages in terms of data security. Moving to a cloud-based plant process management system that complies with modern security standards and regulations can be an important part of a data security plan for pharmaceutical manufacturers. When choosing a service provider, it is important to ensure that the application has been designed with best practices in cloud security, including infrastructure design, software development methods, disaster recovery planning, security monitoring, and incident response.
• Loss or theft of valuable IP
• Disruptions to operations due to data loss or ransomware attacks
• Safety incidents caused by missing or altered data
• Regulatory compliance issues
• Financial loss and risks to business continuity
For all these reasons, data security is an essential consideration for PPM software. There are three important aspects of data security to consider. Is the data protected from unauthorized access? Is the data accurate and complete? And is the data available when and where you need it? These three pillars of data security—confidentiality, integrity, and availability—are commonly referred to as the CIA triad.
1. Confidentiality: Confidentiality refers to the protection of data from unauthorized access and disclosure. Confidentiality ensures that only authorized users or entities can access and view the data. This can be achieved through access controls, encryption, and other security measures.
2. Integrity: Integrity refers to the accuracy and completeness of data. It ensures that data has not been tampered with, altered, or destroyed in an unauthorized manner. This can be achieved through measures such as data validation and digital signatures.
3. Availability: Availability refers to the accessibility and usability of data. It ensures that data is available to authorized users when they need it and that it is not inaccessible due to system outages, network failures, or other disruptions. This can be achieved through measures such as backup and disaster recovery planning and redundancy.
To protect pharmaceutical companies from business disruptions and losses, the PPM solution must be designed to address all three elements of the CIA triad.
• Most pharmaceutical manufacturers are using legacy architecture for their networks, which may not be up to modern standards for cybersecurity. Known vulnerabilities in older legacy systems create a tempting target for cybercriminals.
• Third-party software installed on the network may create new and unknown security vulnerabilities, either by creating unanticipated back doors into other data and systems on the network or through intentional software supply chain attacks.
• IT staff may not have the resources or knowledge to keep software and systems up to date, monitor the security landscape, and respond to emerging security threats. As a result, software may not receive all the appropriate security patches and updates, and signs of a data breach or attack may be missed.
• If data on local servers is destroyed or damaged—or held hostage in a ransomware attack—there may not be an adequate disaster recovery plan in place to quickly bring systems and data back online. Local data that is not backed up elsewhere is vulnerable to permanent loss.
• Few pharmaceutical companies have enough dedicated cybersecurity expertise on staff to develop and implement a strategic global cybersecurity plan to keep sensitive data safe for the long term.
Cloud software can provide an added level of security through the browser by offloading much of the work and risk associated with running and updating software to the cloud service provider (CSP). When using cloud software through a browser, the user is accessing the software that is running on the CSP’s infrastructure rather than on their own network. This can provide several security benefits:
• Reduced attack surface: By accessing software through a browser, the user is not installing or running software on their own network, which reduces the attack surface for potential attackers. A secure cloud-based system also protects manufacturers against software supply chain attacks.
• Automatic updates: The CSP is responsible for updating and patching the software running on their infrastructure, which reduces the burden on the pharmaceutical company to keep their software up-to-date and secure.
• Secure architecture: Cloud software should be designed with security in mind and include built-in security features such as encryption, access controls, and threat detection.
• Centralized security management: By using cloud software, the pharmaceutical company can depend on the CSP’s centralized security management and monitoring, which will generally have an enhanced ability to detect and respond to security threats.
• Stronger security controls: Cloud service providers are often subject to strict security standards and certifications, such as ISO 27001, which can provide assurance that the CSP has implemented strong security controls.
A “Software-as-a-Service” (SaaS) model allows manufacturers to leverage the security capabilities of the CSP, reducing the burden on the pharmaceutical company to manage and secure their own software and providing a more centralized and secure approach to software management.
Architecture
Secure cloud architecture includes a combination of best practices, policies and technologies that work together to protect data, applications, and infrastructure in a cloud computing environment. Important elements of secure design for cloud applications include:
• Identity and access management for authorized users (e.g., password or multi-factor authentication systems, support for single sign-on or third-party authentication systems, role-based access control, etc.).
• Data encryption to protect data both during transmission and storage. For example, HTTPS should be used for encrypted communication between the web browser and the cloud application, and sensitive data should be encrypted on the application’s servers.
• Network security measures, which may include multiple levels of firewalls, intrusion detection technologies, and network segmentation to isolate customer data (multi-tenant architecture).
• Application-level security measures, such as secure coding practices and regular vulnerability assessments and penetration testing.
Software development practices
Secure software development integrates cybersecurity at every stage of development and operations—a practice known as “DevSecOps.” Cloud services for sensitive and mission-critical software used by the pharmaceutical industry should be developed using a DevSecOps approach. This includes:
• Implementing best practices in secure software development at the earliest stages of development.
• Using good security practices for software building and versioning.
• Creating processes for testing and evaluating security throughout the product lifecycle.
• Employing adaptive security measures that allow software to detect and respond to changes in the security environment.
• Securing the distribution channels for software updates and rolling out new versions to users post-deployment.
Backup and disaster recovery
Backup and disaster recovery planning is one of the keys to data availability and integrity. Where are servers physically located? How (and how often) is client data backed up? How is the application itself backed up? What is the recovery plan in the case that servers are physically destroyed or otherwise unavailable—for example, due to a natural disaster at the data center? Geo-redundant servers and database backups, in which data and applications are stored in more than one geographic location, significantly decrease the risk of catastrophic data loss. It is also important to have a backup schedule appropriate for the business and the type of data being stored. The CSP should have a fully documented backup and disaster recovery plan that outlines backup frequency, primary and backup server locations, automated recovery methods, security measures for backups, and recovery time objectives.
Security monitoring
Security monitoring for cloud-based PPM solutions should be ongoing, comprehensive, and multi-layered. A security monitoring program includes both external and internal monitoring:
• External threat surveillance: The threat landscape is continually changing as malware and attack methods evolve and new vulnerabilities are discovered. Threat Intelligence teams need to be aware of new threats that could impact their applications or the hardware and software ecosystem they connect to, such as the browser or device operating systems. Threat intelligence may include a combination of automated methods (such as “honeypots”) and manual monitoring of information available through open-source security forums.
• Internal threat monitoring: Real-time, automated monitoring of system health, availability and performance allows providers to respond quickly if a problem develops. This includes endpoint monitoring for the devices that connect to the service to detect unusual patterns of behavior that may indicate a breach.
Testing and analysis
Regular testing and analysis of the infrastructure and hosted application are crucial. This typically includes external black-box penetration testing and threat modeling for both the software and the infrastructure, as well as internal analysis to detect signs of current or past attacks. These tests are used to discover previously unidentified vulnerabilities and inform development of software patches or other mitigations to harden the system.
Incident management
CSPs also must have an incident management and response plan in the event that a problem that impacts data confidentiality, integrity or availability is discovered. This includes procedures for detection, communication, mitigation, and forensic analysis of security events.
In the U.S., you may also want to ask for a SOC 2 report. SOC 2 is a type of audit and report that provides assurance on the effectiveness of a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy.
When shifting process management to the cloud, security is essential. By implementing the right security measures, a cloud-based PPM system can provide the level of security and reliability that pharmaceutical companies need to effectively manage their processes and protect sensitive data.
Andreas Eschbach, CEO of the global software company eschbach and inventor of the award-winning plant process management (PPM) platform, innovated Shiftconnector to help production teams streamline shift-to-shift communications and enable a safer and smarter environment through better data sharing and workforce collaboration. Holding a degree in computer science, Andreas draws his practical experience from leading a variety of international software initiatives for major process manufacturing companies, especially in chemical and pharmaceutical industries.
While keeping data close at hand on an enterprise network may feel like a safer option, a well-designed cloud-based application can offer significant advantages in terms of data security. Moving to a cloud-based plant process management system that complies with modern security standards and regulations can be an important part of a data security plan for pharmaceutical manufacturers. When choosing a service provider, it is important to ensure that the application has been designed with best practices in cloud security, including infrastructure design, software development methods, disaster recovery planning, security monitoring, and incident response.
What’s the big deal with data security?
Plant process management systems and other networked applications contain a wealth of valuable data, making them a tempting target for hackers and data thieves. Manufacturers in 24/7 process industries such as pharmaceuticals also have unique vulnerabilities to operational disruption from cyberattacks such as ransomware attacks or software supply chain attacks. A data breach or data loss can put pharmaceutical plants at significant risk. Some of these risks include:• Loss or theft of valuable IP
• Disruptions to operations due to data loss or ransomware attacks
• Safety incidents caused by missing or altered data
• Regulatory compliance issues
• Financial loss and risks to business continuity
For all these reasons, data security is an essential consideration for PPM software. There are three important aspects of data security to consider. Is the data protected from unauthorized access? Is the data accurate and complete? And is the data available when and where you need it? These three pillars of data security—confidentiality, integrity, and availability—are commonly referred to as the CIA triad.
1. Confidentiality: Confidentiality refers to the protection of data from unauthorized access and disclosure. Confidentiality ensures that only authorized users or entities can access and view the data. This can be achieved through access controls, encryption, and other security measures.
2. Integrity: Integrity refers to the accuracy and completeness of data. It ensures that data has not been tampered with, altered, or destroyed in an unauthorized manner. This can be achieved through measures such as data validation and digital signatures.
3. Availability: Availability refers to the accessibility and usability of data. It ensures that data is available to authorized users when they need it and that it is not inaccessible due to system outages, network failures, or other disruptions. This can be achieved through measures such as backup and disaster recovery planning and redundancy.
To protect pharmaceutical companies from business disruptions and losses, the PPM solution must be designed to address all three elements of the CIA triad.
Comparing the risks: local network vs. cloud
Many organizations believe that keeping data on their own network is safer than trusting it to a cloud-based service provider. After all, you know exactly where your data is and how it is stored. However, storing data on your own network may not be as secure as you think. Locally hosted data and applications exist within a complex IT ecosystem that provides plenty of opportunities for data theft, loss, or tampering. Here’s why:• Most pharmaceutical manufacturers are using legacy architecture for their networks, which may not be up to modern standards for cybersecurity. Known vulnerabilities in older legacy systems create a tempting target for cybercriminals.
• Third-party software installed on the network may create new and unknown security vulnerabilities, either by creating unanticipated back doors into other data and systems on the network or through intentional software supply chain attacks.
• IT staff may not have the resources or knowledge to keep software and systems up to date, monitor the security landscape, and respond to emerging security threats. As a result, software may not receive all the appropriate security patches and updates, and signs of a data breach or attack may be missed.
• If data on local servers is destroyed or damaged—or held hostage in a ransomware attack—there may not be an adequate disaster recovery plan in place to quickly bring systems and data back online. Local data that is not backed up elsewhere is vulnerable to permanent loss.
• Few pharmaceutical companies have enough dedicated cybersecurity expertise on staff to develop and implement a strategic global cybersecurity plan to keep sensitive data safe for the long term.
Cloud software can provide an added level of security through the browser by offloading much of the work and risk associated with running and updating software to the cloud service provider (CSP). When using cloud software through a browser, the user is accessing the software that is running on the CSP’s infrastructure rather than on their own network. This can provide several security benefits:
• Reduced attack surface: By accessing software through a browser, the user is not installing or running software on their own network, which reduces the attack surface for potential attackers. A secure cloud-based system also protects manufacturers against software supply chain attacks.
• Automatic updates: The CSP is responsible for updating and patching the software running on their infrastructure, which reduces the burden on the pharmaceutical company to keep their software up-to-date and secure.
• Secure architecture: Cloud software should be designed with security in mind and include built-in security features such as encryption, access controls, and threat detection.
• Centralized security management: By using cloud software, the pharmaceutical company can depend on the CSP’s centralized security management and monitoring, which will generally have an enhanced ability to detect and respond to security threats.
• Stronger security controls: Cloud service providers are often subject to strict security standards and certifications, such as ISO 27001, which can provide assurance that the CSP has implemented strong security controls.
A “Software-as-a-Service” (SaaS) model allows manufacturers to leverage the security capabilities of the CSP, reducing the burden on the pharmaceutical company to manage and secure their own software and providing a more centralized and secure approach to software management.
Secure cloud applications: what to look for
Cloud security encompasses a number of best practices designed to ensure data confidentiality, integrity and availability. These include system architecture, software development practices, backup and disaster recovery planning, security monitoring, testing and analysis, and incident management.Architecture
Secure cloud architecture includes a combination of best practices, policies and technologies that work together to protect data, applications, and infrastructure in a cloud computing environment. Important elements of secure design for cloud applications include:
• Identity and access management for authorized users (e.g., password or multi-factor authentication systems, support for single sign-on or third-party authentication systems, role-based access control, etc.).
• Data encryption to protect data both during transmission and storage. For example, HTTPS should be used for encrypted communication between the web browser and the cloud application, and sensitive data should be encrypted on the application’s servers.
• Network security measures, which may include multiple levels of firewalls, intrusion detection technologies, and network segmentation to isolate customer data (multi-tenant architecture).
• Application-level security measures, such as secure coding practices and regular vulnerability assessments and penetration testing.
Software development practices
Secure software development integrates cybersecurity at every stage of development and operations—a practice known as “DevSecOps.” Cloud services for sensitive and mission-critical software used by the pharmaceutical industry should be developed using a DevSecOps approach. This includes:
• Implementing best practices in secure software development at the earliest stages of development.
• Using good security practices for software building and versioning.
• Creating processes for testing and evaluating security throughout the product lifecycle.
• Employing adaptive security measures that allow software to detect and respond to changes in the security environment.
• Securing the distribution channels for software updates and rolling out new versions to users post-deployment.
Backup and disaster recovery
Backup and disaster recovery planning is one of the keys to data availability and integrity. Where are servers physically located? How (and how often) is client data backed up? How is the application itself backed up? What is the recovery plan in the case that servers are physically destroyed or otherwise unavailable—for example, due to a natural disaster at the data center? Geo-redundant servers and database backups, in which data and applications are stored in more than one geographic location, significantly decrease the risk of catastrophic data loss. It is also important to have a backup schedule appropriate for the business and the type of data being stored. The CSP should have a fully documented backup and disaster recovery plan that outlines backup frequency, primary and backup server locations, automated recovery methods, security measures for backups, and recovery time objectives.
Security monitoring
Security monitoring for cloud-based PPM solutions should be ongoing, comprehensive, and multi-layered. A security monitoring program includes both external and internal monitoring:
• External threat surveillance: The threat landscape is continually changing as malware and attack methods evolve and new vulnerabilities are discovered. Threat Intelligence teams need to be aware of new threats that could impact their applications or the hardware and software ecosystem they connect to, such as the browser or device operating systems. Threat intelligence may include a combination of automated methods (such as “honeypots”) and manual monitoring of information available through open-source security forums.
• Internal threat monitoring: Real-time, automated monitoring of system health, availability and performance allows providers to respond quickly if a problem develops. This includes endpoint monitoring for the devices that connect to the service to detect unusual patterns of behavior that may indicate a breach.
Testing and analysis
Regular testing and analysis of the infrastructure and hosted application are crucial. This typically includes external black-box penetration testing and threat modeling for both the software and the infrastructure, as well as internal analysis to detect signs of current or past attacks. These tests are used to discover previously unidentified vulnerabilities and inform development of software patches or other mitigations to harden the system.
Incident management
CSPs also must have an incident management and response plan in the event that a problem that impacts data confidentiality, integrity or availability is discovered. This includes procedures for detection, communication, mitigation, and forensic analysis of security events.
Setting the standard for secure cloud applications
When selecting a SaaS provider, pharmaceutical manufacturers should ensure that the application has been developed in accordance with industry best practices and standards for cybersecurity. ISO 27001 is an international standard for information security management that provides a framework for establishing, implementing, maintaining, and continually improving security management systems, procedures, and policies. When evaluating PPM software for security, an ISO 27001 certification is a good place to start. This certification indicates that the provider has undergone a thorough audit and assessment by an independent certification body and shown that they are compliant with the standard. You can also look for an ISO 9001 certification, which indicates that their quality management systems are compliant.In the U.S., you may also want to ask for a SOC 2 report. SOC 2 is a type of audit and report that provides assurance on the effectiveness of a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy.
When shifting process management to the cloud, security is essential. By implementing the right security measures, a cloud-based PPM system can provide the level of security and reliability that pharmaceutical companies need to effectively manage their processes and protect sensitive data.
