Strengthening cybersecurity in life sciences with IBM and AWS
Cloud is transforming the way life sciences organizations are doing business. Cloud computing offers the potential to redefine and personalize customer relationships, transform and optimize operations, improve governance and transparency, and expand business agility and capability.
Leading life science companies are leveraging cloud for innovation around operational, revenue and business models. According to a report on mapping the cloud maturity curve from the EIU, 48% of industry executives said cloud has improved data access, analysis and utilization, 45% say cloud has sped up delivery of new IT services and capabilities, and 44% say cloud has expanded sales channels across digital avenues.
In 2017, 94% of hospitals used electronic clinical data from their EHR. This digitalization and need to share medical data are driving the demand for precision medical technologies. Leading life sciences companies are discovering the power of cloud in enabling analytics and artificial intelligence (AI), shrinking innovation cycles, and standardizing processes across global operations, among other benefits.
Life sciences organizations are developing science/research/commercial clouds to automate mundane tasks associated with each of the areas, such as logging, monitoring, auditing, patching, and integration with an existing toolset, to name a few.
By providing virtually unlimited compute/storage and pay-as-you-go pricing models, and by being armed with advanced analytics and AI, global scale, and fast innovation, cloud is leveling the technical stage for newcomers and redefining the way disruptors can enter the market.
The role of AWS and cloud security in life sciences
However, with greater power comes great responsibility. With the growth in usage of digital technology and cloud in the life sciences industry, digital information is more readily available and at a greater risk for exploitation. According to IBM’s Cost of a data breach 2022 report, 83% of organizations studied have had more than one data breach, and 60% of these breaches caused organizations to pass price increases on to clients. Of these breaches, 45% were cloud-based, costing USD 10.10M on an average, per breach. With an average of 10 to 15 connected medical devices per patient bed in US hospitals, compromised customer data is a top concern for security executives, given the rise in cyberattacks (39%), followed by patient safety (20%) and stolen intellectual property (12%) as top threat vectors.
Most life sciences companies are raising their security posture with AWS infrastructure and services. From global pharma companies like Gilead, Pfizer, Roche, Moderna and AstraZeneca to innovative startups like Relay Therapeutics, life sciences organizations of all sizes and disciplines leverage AWS to transform every stage of their value chain.
With access to the largest secure global infrastructure, life sciences organizations are increasingly relying on AWS to enhance data liquidity, optimize for operational excellence, personalize customer engagement and raise the bar on security and compliance.
Overall foundational pillars of the AWS security framework include the following:
- Compliance: AWS provides a range of compliance certifications and attestations that are relevant to the life sciences industry, including HIPAA, HITRUST and GxP. Organizations like Moderna and Bristol Myers Squibb have chosen AWS to run their regulated workloads.
- Infrastructure protection: Leveraging its advanced techniques and sheer scale,AWS provides strong mechanisms to protect against infrastructure- and application-layer DDOS attacks.
- Data protection and privacy: Each AWS customer maintains ownership of their own data. AWS offers clients control over AWS services and geographical locations used to store/process data and encryption options for data in transit/at rest (including those who have access to their AWS accounts), with easy grants, management and revocation.
- Identity and access management (IAM): AWS IAM enables clients to manage user access to AWS services and resources by using role-based access controls, multi-factor authentication and other security features.
- Logging and monitoring: AWS provides a range of logging and monitoring services—including Amazon CloudTrail, AWS Config and Amazon CloudWatch—that enable clients to monitor and audit their AWS environments for security events and compliance.
- Network security: AWS offers many network security features—including Virtual Private Cloud (VPC)—that enable clients to create isolated virtual networks within the AWS cloud and security groups and network access control lists (ACLs) that allow clients to control traffic to and from their resources.
- Incident response: AWS has a variety of incident response services and tools—including AWS Security Hub, AWS Incident Detection and Response and AWS Trusted Advisor—that enable clients to quickly respond to and remediate security incidents.
Additionally, AWS security services and solutions are focused on delivering key strategic benefits critical to helping you implement your organization’s optimal security posture, as described here.
AWS Shared Responsibility Model
When it comes to security, AWS follows a Shared Responsibility Model between the customer and AWS.
AWS is responsible for the operation, management and control of the components from the host operating system and virtualization layer down to the physical security of the facilities in which the AWS services operate. The customer is responsible for the management of the guest operating system (including updates and security patches to the guest operating system) and associated application software, as well as the configuration of the AWS-provided security group firewall and other security-related features.
While this model greatly helps with the undifferentiated heavy lifting involved with running a secure, global operation, the customer is still responsible for application security, leveraging proper mechanisms/services for identification, detection, alerting and remediation of security incidents when leveraging AWS as their cloud hyperscaler. With the ever-evolving threat vectors, new AWS security services, evolving organizational security policies/skills and changing compliance regimes, maintaining a cutting-edge security posture on AWS can sometimes pose a difficult challenge for many life science clients.
Forging the secure path on AWS with IBM Consulting
While AWS is focused on providing clients with world-class security services and solutions aimed at strengthening organizational security posture, IBM Consulting is focused on helping clients leverage these building blocks and guiding businesses on their AWS journey, keeping their needs as the north star. IBM is working with clients to help create the optimal cloud security posture, leveraging a combination of AWS offerings and other security tools available in the market, in line with IBM Consulting’s broad experience and customers’ organizational security policies.
IBM is a Premier Consulting Partner for AWS, with over 19,000 AWS-certified professionals across the globe, 16 service validations and 15 AWS competencies. IBM is also the launch partner for the AWS Security Competency across all newly announced security categories, becoming the fastest Global GSI to secure more AWS competencies and certifications among Top-16 AWS Premier GSIs within 18 months.
At re:Invent 2022, IBM Consulting was awarded the Global Innovation Partner of the Year and the GSI Partner of the Year for Latin America, cementing clients’ and AWS trust in IBM Consulting as a trusted partner of choice when it comes to AWS. IBM is also a Level 1 MSSP Competency Partner, Premier Consulting Partner, Advanced Technology Competency Partner and ISV Accelerate Partner for AWS. Whether clients are moving to AWS Cloud or already operating AWS Cloud, IBM Security offers a comprehensive combination of solutions and expert services around AWS to help develop, implement, and scale a security strategy, eliminate roadblocks, and accelerate time to market.
When it comes to migration to AWS, IBM’s Secure AWS Foundation (SAF), a cornerstone of the cloud platform, embeds a secure-by-design cloud strategy early in the migration plan, helping keep the business confident in cloud migration while establishing security as a cloud enabler, not an inhibitor. SAF defines and deploys an optimal security architecture, using industry-focused, pre-built patterns and templates that meet compliance needs and establish secure landing zones. The solution automates security enforcement, ensuring that when new workloads spin up, they adhere to enterprise security policies. SAF delivers many benefits, including accelerating deployment from months to weeks, reducing security deployment costs by 75% and speeding cloud migration by 40%.
For example, when a major distributor of healthcare products and services (with a presence in 32 countries and serving more than one million clients across the globe) approached IBM Consulting to transform their threat management process and optimize it across their expanded AWS hybrid environment, IBM Security Consulting deployed and delivered a hybrid security solution—comprised of technologies like IBM X-Force Threat Management with QRadar on AWS, Amazon Inspector, Amazon GuardDuty and others—to deliver 75% faster time to threat detection and remediation.
IBM Security Consulting practice helped the customer solve the following challenges:
- Lack of adequately skilled in-house security staff
- Compliance with data protection regulations
- The need to secure a remote workforce due to the pandemic
- Improved security support for rapid M&A cycles, contributing to infrastructure complexity
IBM was able to help deliver tangible organizational benefits, including a 50% increase in coverage of security incidents in the cloud, reduced customer complexity and cost to operationalize cybersecurity threat management, and reduced risk across the IT landscape.
IBM Consulting Services for AWS Cloud is working closely with AWS and leveraging AWS AI ML services to help clients maintain a secure posture. For example, Amazon Comprehend Medical can help detect Personal Health Information (PHI) in a body of text, which can be used to redact application logs, discharge summaries, contact center agent notes and other patient-related data sources. Amazon Textract can be leveraged to extract printed text, handwriting and data from any document or image and then passed into Amazon Comprehend Medical for redaction. Amazon Macie, a machine learning-enabled data security service, can be leveraged to protect your sensitive data by running targeted scans against sensitive data stored on Amazon S3.
Given the rise of AI, ChatGPT and Web3.0, over the next several years, we anticipate machine learning will play a major role in augmenting security engineers’ capabilities, helping them to create more secure architectures and applications in the cloud. In this hybrid, increasingly complex environment, AWS services like Amazon GuardDuty, Amazon Detective, Amazon CodeGuru and Amazon Macie will continue to lay the groundwork for integration of security and machine learning, helping clients with intelligent recommendations at scale.
The business value of partnering with IBM Consulting and AWS
IBM Security X-Force Threat Intelligence Index 2023 highlights and quantifies the threats and business value of not partnering with IBM and AWS on security and threat concerns. Some of the benefits of deploying IBM and AWS security approaches and assets include the following:
- Reduced risk of data breaches: According to a report by the Ponemon Institute, AWS clients that implemented security automation and orchestration experienced a 52% reduction in the likelihood of data breaches, resulting in an average cost savings of $1.5 million.
- Faster time to compliance: Clients in regulated industries like the life sciences industry can leverage IBM Consulting’s experience and AWS compliance certifications and attestations (e.g., GxP) along with AWS security services like AWS Config, AWS Artifact and AWS CloudFormation to accelerate their compliance efforts and reduce the time and cost of achieving and maintaining compliance.
- Improved incident response: IBM Consulting can combine the best-of-breed solutions—AWS-native or others—to improve incident responses. IBM Consulting has helped AWS clients leverage AWS security services like AWS Security Hub, AWS Incident Response and Amazon GuardDuty to quickly detect and respond to security incidents, reducing the time and cost of incident response and minimizing the impact of security breaches.
- Cost savings: By leveraging the automation that IBM Consulting has built, tried and tested, clients can expect to reduce operating costs when IBM is managing their security environment. Working together with AWS, IBM Consulting can help leverage AWS security services, reduce the need for expensive security hardware and software, and reduce the cost of security personnel and security operations.
- Improved agility and scalability: AWS security services are designed to be highly scalable and flexible, enabling clients to quickly adapt to changing security requirements and scale their security infrastructure to meet the needs of their growing business.
Conclusion
As evidenced above, cloud security is quickly becoming one of the hot areas where several industries—including life sciences—are increasingly focused. The new model of direct patient engagement that leverages various digital channels, the explosion in available digital data collected through smart devices and IoT-enabled medical devices, and the increased interoperability between pharma, payor and provider brings in unforeseen security challenges, making life sciences companies a ripe target for unexpected security attacks.
While AWS focuses on the security of the cloud, IBM Consulting is dedicated to improving clients’ AWS cloud security posture by leveraging its vast experience, AWS technical expertise and industry-best practices to keep its clients ahead of the security curve.
Learn more about IBM Security Services for AWS: IBM Security Services for AWS | IBM