Vivek Digumarti | Head-IT | SAI Life Sciences explains the security measures adopted and the rationale behind them
Q. How do you see security in the Indian pharmaceutical sector? Can you share what were the dynamics before and how is the scenario now?
Our security constitutes generally towards having only antivirus and disabling the controls like USB. These are small factors which have been considered from the security aspect. But over a period of time in the last 5 years there is a change in terms of security like how it has been driven and the importance the top management has started putting on security. That is where we were able to bring a lot of security controls in terms of email security, endpoint security, system control, how we can prevent e data leakage. There are a lot of ransomware attacks and phishing attacks which made the board to discuss on various parameters and how we can ensure we secure intellectual property and data protection. From that perspective, there is a lot of controls and products and services which we have implemented over a period of time.
Q. Could you give us a peek into SAI Life Science’s presence in the Pharma and Healthcare sector?
SAI life is a CDMO company which is a contract development and manufacturing organization. We cater a lot of third party companies across the globe especially in the contract manufacturing and contract research discovery. Our vision is to launch 25 new molecules by 2025. The top 10 Pharma companies are SAI Life customers. We are a 20+ years company and we have grown by leaps and bounds. Now there are a lot of focus given by a lot of companies in terms of security. So, day in day out, we get a lot of request from various companies in terms of security controls which we have implemented and our major focus deal on IP and how we secure this IP.
Q. Why cybercriminals target pharmaceutical companies? Why Pharmaceutical Companies Are Vulnerable to Cyberattacks & What You Can Do to Protect Your Company?
We deal with intellectual property and there are a lot of new molecules and discovery data, and a lot of experimental analysis that happens across the units. So if this data gets leaked out anyone can start a pizza shop and he can start manufacturing. This is against the integrity and hence we have to ensure we have CIA which is confidentiality integrity and availability of the information that is available to both the internal employees as well as sharing and collaborating the data with external customers. To ensure the CIA we have a lot of controls like only the necessary people will have access to the IP critical information and only they will be able to collaborate with them.
We have a lot of ISO security standard methodology which we have implemented through which we have disabled a lot of privileges and controls and to mitigate the risk we have implemented Cisco anti malware protection. Apart from the antivirus the endpoint protection, we have email security, we have also implemented proxy. Apart from that we have intrusion prevention system ideas, we have implemented the Cisco umbrella which blocks malicious website access and malicious content as well as user access both internally and externally so that we can ensure that he has VPN and all the data with access has been rightly protected through the various tools. We have also enabled two factor authentication across applications which help in preventing the hackers. We have implemented mobile device management on every employee laptops.
Q. What were the changes you had to make after lockdown?
Predominantly most of our employees have laptops. To reduce this space in our labs we always prefer laptop instead of desktop. So from that perspective it was easier for us to have our employees work from home. It was pretty easy also for us to manage in giving the required Internet dongle because we already have good number of dongles which we were able to activate and able to give to them. This was followed by the VP., We had necessary VPN prior as well before the lock down, however we increased our VPN count to cater the number of work from home users which has been increased tremendously 3/4 times higher than earlier. Apart from the VPN, the collaboration was more important as we started with various tools. Right now we have Microsoft teams, Cisco WebEx and Zoom. For Zoom we have put on hold the other tools have been extensively used for day-to-day collaboration with the team and with the external customers. Fairly right now this is going fine and this is going to be the new normal.
Q. What is the kind of technology adopted by the company for cybersecurity? What is your marketing strategy for Indian healthcare and pharma sector?
We outsource our activities to our third party. We have a dedicated business development team that caters across the globe. we have been using virtual reality technologies through virtual players to showcase our plants, labs and manufacturing to our customers. Going forward we will be using this for remote audit as well. So a lot of customers who could not visit our premise and do the audit, with this virtual classes they were able to make these remote audits. There are a lot of new technologies which we are bringing in in terms of the digitisation, and how we can make it paperless. All this process flow automation helps in the customer give more business towards which eventually are marketing team are able to cater to across the globe with these technologies.
Q. How do you advise organizations in post COVID19 scenarios about Mobility, Cloud, Employee collaboration and Advanced Analytics? What are the likely future efforts they should make for the improvement in the healthcare sector?
It is very critical and important to make real-time decision. Most of the Healthcare industry is working on this project wherein the entire data is getting more into cloud so that we can use the various analytic tools and derive the real-time dashboard so that they can take real time decisions. Also by implementing IoT to the production devices where it is not automated, we can extract the data real time through sensors so that all this data gets accumulated and these are pushed to the cloud and from there we can get a real time alerts and dashboard. This project is going on and it will take some more time to become mature but most of the companies have started working on this because there will be a production efficiency, cost reduction and effective people management and utilization as well.