Implementing Cloud-Based Pharmaceutical Plant Management Software: Data Security Considerations
Cloud-based systems for plant process management (PPM)1 deliver significant benefits in terms of access, convenience, and easy management. But are they safe for sensitive industries like pharmaceutical manufacturing? The answer is yes…as long as they are designed with data security in mind.
- 1Important to Note: In the context of industrial processes and manufacturing, plant process management (PPM) refers to the systematic planning, implementation, and control of processes to ensure efficiency, quality, and productivity in a production environment. This involves optimizing workflows, resource allocation, and continuous improvement of processes to achieve desired outcomes. https://www.eschbach.com/en/resources/whitepapers/Black-and-white-Paper.php
Many pharmaceutical manufacturers are hesitant to trust their data to the cloud. But a well-designed cloud application that complies with modern security standards and regulations can actually be more secure than holding data on an internal network. Cloud systems provide additional security through the browser to ensure data confidentiality, integrity, and availability.
Local Hosting vs. Cloud Security: Confidentiality, Integrity, and Availability
When evaluating the security of a software application, there are three important elements to consider, collectively known in the security industry as the “CIA Triad.”
- Confidentiality refers to how data is protected from disclosure or unauthorized access. Who is allowed to view the data, how is access controlled, and what protections are in place to prevent unauthorized entities from breaking into the system?
- Integrity is about how accurate and complete the data is. How do we know that data has not been erased, changed or otherwise tampered with? How does the system prevent tampering by unauthorized users? Can data be easily restored if it is corrupted or damaged?
- Availability means that data is accessible and usable when and where we need it and will not become inaccessible due to system outages, network failures. or other disruptions. How is data backed up? Is there a disaster recovery plan? In the event of inaccessibility, a business continuity plan should be in place including potential production risks and decision tree. Furthermore, there should be an evaluation of the cloud service provider to verify potential impact to product quality and/or data integrity in the event of inaccessibility.
On all three measures, secure cloud-based systems can offer advantages over locally-hosted software. Few pharmaceutical manufacturers have the cybersecurity expertise on staff to design, implement, and sustain a comprehensive cybersecurity program. Legacy systems used by many pharma companies do not meet modern standards for secure system design and often lack critical updates to address new or emerging security threats. In addition, PPM software exists within a complex software ecosystem, which can create new and unknown access points and security vulnerabilities for sensitive plant data. A locally-hosted solution can be vulnerable to:
- Unauthorized access due to weak authentication systems or “back doors” that give hackers easy access to the system. This puts valuable IP, employee, or customer data, and other sensitive information at risk for theft, misuse, or unauthorized disclosure.
- Data tampering by unauthorized agents who gain access to systems. Corrupt or deliberately altered data put plants at risk for safety incidents, product quality issues, or other problems within the plant.
- Data loss if local servers are damaged or destroyed in a system outage, natural disaster, ransomware attack, or other loss event. Inadequate backups create the potential for significant disruptions to operations.
With a cloud-based PPM system, manufacturers can leverage the cybersecurity expertise of the cloud service provider (CSP). In a “Software-as-a-Service” (SaaS) model, the CSP takes on the job of maintaining security programs for the application and safeguarding data confidentiality, integrity, and availability. That includes ensuring compliance with current cybersecurity regulations and best practices, updating software as new security threats and vulnerabilities are discovered, and ongoing threat monitoring and detection.
- Data confidentiality is protected using strong security controls such as data encryption, firewalls, secure user authentication and access control, and other measures to limit access to the system to authorized users and prevent hackers from gaining access to unencrypted data.
- Data integrity is assured by limiting access, tracking changes, using data validation methods to look for anomalies, and monitoring for unusual patterns of behavior.
- Data availability is enhanced in a cloud environment because it is automatically backed up and available from anywhere, even if the manufacturer’s own facilities or servers are unavailable. Geo-redundancy adds additional protection for critical plant data.
What to Look for in a CSP
To ensure data confidentiality, integrity, and availability, secure cloud applications should adhere to current best practices and comply with all regulations for cloud cybersecurity. Information security management based on ISO 27001 or similar, which provides a framework for establishing, implementing, maintaining, and continually improving security management systems, procedures, and policies. CSPs should design their security programs in compliance with ISO 27001 or similar. You can also ask for an SOC 2 report, which provides an audit of the company’s controls related to security, availability, processing integrity, confidentiality, and privacy. Additional information on the Application of the SOC 2+ process assessment for GxP service suppliers can be found in this article:
Secure cloud application design and management includes several different aspects, including:
- System architecture
- Software development practices
- Backup and disaster recovery practices
- Security monitoring
- Testing and analysis
- Incident management
Software Development Practices
A secure cloud application starts with secure development practices. A DevSecOps approach, which integrates cybersecurity at every stage of development and operations, ensures that good security practices are used throughout the software lifecycle, including building and versioning, testing and evaluation, post-deployment updates and patches, and adaptive security measures that allow software to detect and respond to changes in the security environment.
Secure cloud architecture is a combination of data-, network- and application-level security measures to control access and protect data both during transmission and storage. Key elements of secure design include identity and access management for authorized users, data encryption for transmission and storage, network security measures such as multiple levels of firewalls and network segmentation, intrusion detection technologies, and secure coding practices. For example, HTTPS should be used for encrypted communication between the web browser and the cloud application, and the system should be designed with multi-tenant architecture to isolate each customer’s data.
Backup and Disaster Recovery
To ensure continued data availability, the CSP should have a fully documented backup and disaster recovery plan that outlines backup frequency, primary and backup server locations, automated recovery methods, security measures for backups, and recovery point objectives (RPO). Geo-redundant servers and database backups, in which data and applications are stored in multiple geographic locations, ensure that data will continue to be available even if there is a catastrophic loss at one data center or data is temporarily unavailable due to a server problem or natural disaster. Data should be backed up regularly on a schedule appropriate for the business and the type of data being stored.
Security monitoring for cloud-based PPM solutions should include both external and internal monitoring. External threat surveillance includes scanning the overall threat landscape for emerging malware, new attack methods and newly discovered vulnerabilities, either in the application itself or other software it connects to, such as the browser or device operating systems. Threat intelligence may include a combination of automated methods (such as “honeypots”) and manual monitoring of information available through open-source security forums. Internal threat monitoring involves real-time, automated monitoring of system health, availability and performance. Real-time monitoring allows providers to respond quickly if a problem develops. In addition to monitoring traffic and behavior for the system itself, the plan should include endpoint monitoring for the devices that connect to the service to detect unusual patterns of behavior that may indicate a breach.
Testing and Analysis
Testing and analyzing cloud-based systems is a critical aspect of ensuring the security and reliability of the system. Regular testing and analysis of the infrastructure and hosted applications should be conducted to detect and mitigate vulnerabilities, including external black-box penetration testing and threat modeling for both the software and the infrastructure. This process helps to identify previously unknown vulnerabilities and informs the development of software patches or other mitigations to strengthen the system.
A secure cloud application must have an incident management and response plan in place to quickly respond to security events that impact data confidentiality, integrity or availability. That includes procedures for detecting and communicating security events, mitigating their impact, and conducting forensic analysis to identify the cause and scope of the incident. By having a well-defined incident management and response plan, CSPs can quickly contain and resolve security incidents to minimize the impact on customers and their data.
Moving Data Security to the Cloud
Moving to a cloud-based plant process management system that complies with modern security standards and regulations can be an important part of a data security plan for pharmaceutical manufacturers. A cloud-based PPM adds an extra layer of security through the browser. By offloading security management to the CSP, implementing cloud-based PPM also reduces the burden on the manufacturer’s IT staff. A SaaS model is simpler to implement, easier to manage and scale, and more secure than keeping it all in-house.
It’s important to pick the right software partner, which should be ISO 27001 and ISO 9001 certified. Cloud-based software applications for shift handover should be developed according to current best practices and standards for cloud security.
As the pharmaceutical industry continues in its digital transformation, we expect to see more manufacturers adopt cloud-based solutions for PPM. Understanding the security implications of cloud-based solutions will help companies ask the right questions and make confident data security decisions.
iSpeak Blog posts provide an opportunity for the dissemination of ideas and opinions on topics impacting the pharmaceutical industry. Ideas and opinions expressed in iSpeak Blog posts are those of the author(s) and publication thereof does not imply endorsement by ISPE.