Data safety and data security are the cause of continuous stress for IT departments in pharmaceutical companies. Intellectual property such as research results, manufacturing processes, formulae, and even patient details have become attractive targets for cybercriminals. Networking with third parties and remote work-from-home users due to the pandemic are putting security officers to the test. Thanks to the SASE framework and the zero trust security architecture, these worries can be relegated to the past.
Digital transformation has already reached the pharmaceutical sector. However, IT infrastructures at pharmaceutical companies, especially the network environments that are critical to business, are often not prepared for an increasing number of remote access requests from home offices. Virtual Private Networks (VPNs) are commonly used for this. The problem is that this technology, developed by Microsoft in the 90s, was not designed to manage an increasing number of remote access requests, which results in latency and creates security issues. For some time now, VPN has been losing its reputation for being invulnerable. For example, unpatched remote access VPN servers enable cybercriminals to easily access a company’s network, meaning the same technology that is supposed to protect the network is vulnerable to attack. In addition, companies must strive to implement segmentation.
Juicy prey – the healthcare sector
This is a huge concern because cybercriminals are increasingly targeting the business side of the pharmaceutical industry, as clearly stated in the Zscaler study "2020 State of Encryption Report." The Zscaler cloud identified and prevented 6.6 billion threats between January 2020 and September 2020. The healthcare sector was in first place with nearly 1.7 billion attacks discovered and prevented. A particularly precarious issue was that the attacks were hidden in SSL traffic, namely, encrypted data traffic. In total, the number of SSL-based attacks in the period researched increased by 260 percent, according to another conclusion of the study.
The fact that the healthcare sector is particularly attractive to cybercriminals is no surprise. Besides new work strategies with home office regulations and bring your own device (BYOD) policies, obsolete and inadequate security mechanisms in system environments — combined with the increasingly perfidious methods of data thieves — continue to cause anxiety for IT security officers. In addition, cooperation between third parties — universities, partners, or suppliers — which is typical within the pharmaceutical industry, results in them having full access to parts of the network. These over-privileged users create a major risk, as the monitoring of devices and guidelines occur outside the area of control of the IT administrator. In practical terms, IT officers lack oversight of the access rights of external users to individual applications and services. For this reason, the attack surface area is exponentially larger.
Ultimately, the ever-present trend of mergers and acquisitions in this industry means that network structures and their security measures are often not up to current technology standards - independent of the fact that the integration of various IT topologies can take months or even years. M&As bring about increased security risk — already established infrastructures need to be dismantled and reintegrated within the context of merging organisations and configuring a new network. In addition, there is the typical problem of what is known as shadow IT, which exists alongside the official IT infrastructure and without the knowledge of the IT department. Read more about this in a recent blog to find out how Zscaler can help you to accelerate M&A processes.
SASE and zero trust: a safe haven for the pharmaceutical sector
For pharmaceutical companies, the Gartner Model SASE (Secure Access Service Edge) and ZTNA (Zero Trust Network Access) are a safe haven from these challenges — moving employee security and connectivity to the cloud. Simultaneously, productivity will increase, because employees can avoid the detour through a VPN and the server centre and use innovative solutions such as Microsoft 365 in an effective and secure manner. Zscaler’s ZTNA solutions make it possible to uncouple application access from network access, segment individual user access to the application, and provide both remote access to server centres and applications in hybrid and multicloud environments. In other words, the merging of networks can be considered something of the past, because zero trust eliminates the need to place users on the network.
Employees, as well as third-party companies and contractors, are only given secure, granular, and exclusive access to the specific applications. Therefore, instead of relying on physical or virtual appliances, Zscaler Private Access (ZPA) enables the use of a cloud-based solution. Based on a set of defined policies, the Zscaler Zero Trust Exchange seamlessly connects various users to specific applications by using inside-out connections. This results in fast and high-performance user connectivity to business-critical applications and continuous security for sensitive data. This enables companies to kill several birds with one stone: set up professional defence mechanisms to fend off cybercriminals, while employees and external users can access the information they need using a protected corridor. Moreover, mergers and acquisitions aren’t automatically stressful to IT officers.