Information and Computer Security

I am Sharath Chandra Ellanki. I have 2+ years of work experience in Networking. I am currently working as Network Engineer for a Pharmaceutical company in Florida. I did my Master’s in Electrical Engineering. I have currently enrolled for Executive Masters in Computer Information Systems. The pharmaceutical industry demands a very niche network topology and security measure especially when it comes to cGMP systems that are used in the Quality Control Labs for running analysis when designing new drugs and compounds. Pharmaceutical industries are one of the most targeted industries by Cybercriminals. Most of the pharmaceutical companies have faced serious problems like losing the cGMP data, patient information, customer information, drug research and development information due to lack of knowledge on the vulnerabilities.

Computer and Network Security must be the primary concern of any regulated environments like pharmaceutical industries. Computers, Networks and Network Related equipment must be properly secured and maintained to avoid cyber risks. There was an incident where the intruders tried to penetrate through VoIP network and disrupt VoIP Services there by effecting business operations. We handled the situation by detecting their attempts and blocking intrusions using modules on Untangle firewall and other measures which are already in place. To improve security in other areas, we have isolated lab networks from Corporate Network. All Quality Control Lab computers are domain controlled with proper restricted privileges in place.

The cGMP data and Data integrity is of utmost importance in pharmaceutical industries which should be handled and maintained as per FDA guidelines and should be in compliance with 21 CFR Part 11 regulations. At work we constantly monitor the traffic on the networks and also check the network performance on daily basis. We also perform and document the quarterly Audit Trail checks to ensure if there is any unauthorized access to cGMP Applications. Any discrepancies in the system will be investigated, documented and proper measures will be taken to avoid them in future. We also check the network switch logs, server logs, firewall events etc. to ensure there will be no penetration into company’s core formulation data networks. Firmware updates, Microsoft Updates and System Security updates will be evaluated and installed as per the recommendations from Vendors on a timely basis.

In-house backups and Cloud backups are performed to maintain a backup image of Servers on daily basis thereby ensuring High Availability of Systems. The backup files are encrypted and password protected to prevent any unauthorized access to backup images. Some of the security measures that we have implemented company-wide include but not limited to Monitor Network traffic and Firewall Events on Daily Basis. Build Effective Backup Strategies. Install Patches as per Vendor Recommendations. Quarterly Risk Assessment Meetings. Update Antivirus Definitions Frequently. IP tunnels encryption, algorithms and authentication.

No Comment.