A Holistic Approach to Cybersecurity

With the rise of the Software as a Service (SaaS) business model and the explosion of data production, life science companies have increased their exposure to cybersecurity threats. Investing in a fundamentally "secure by design" foundation enables biopharma companies to stay ahead of their competition, minimize the impacts of a cyberattack, and avoid the costs of discovering a vulnerability later in the process. In this context, any software vendor serving a biopharma company must prove that security is an essential element in their development processes and adopt a proactive approach to integrating security into their daily tasks.

What Is Security By Design?

Security by Design is a concept in cybersecurity that pushes companies to develop their software or hardware around a foundationally secure design. It is a proactive approach that aims to prevent potential cyberattacks rather than addressing issues later as they arise.

According to the influential AppSec Framework, Security by Design should be based on three pillars:

• Defining and sharing the process by formalizing a secure software development lifecycle policy.
• Identifying and training security champions who will be the eyes of the security at all steps of the DevOps process.
• Integrating security tools into the DevOps pipeline to automate vulnerability detection.

Adopting Security by Design principles empowers a software company to achieve two key objectives.

Prevent threats before they can emerge

It's always preferable to create security architectures that prevent cyberattacks from occurring in the first place than address the impact of a realized threat after the fact. The Security by Design approach means minimizing the initial attack surface and acting proactively with every new layer of security.

Establish trust and inspire customer confidence

Placing security at the center of a software product delivers a confidence boost for customers who adopt it and establishes trust in the software and its capabilities as the organization takes on more challenging and innovative projects.

A Timeline of Security by Design at Inova

As Inova has been ISO27001 certified since February 2020, we constantly seek to improve our security operations. Our Chief Information Security Officer (CISO), Ludovic Lecomte, is responsible for the Security by Design project and has been managing it since 2019. He’s helped the team implement Security by Design principles.

2019: Launch

The Security by Design project was officially launched by formalizing the Secure SDLC procedure. Inova has also implemented some security tools (DAST, SAST, OWASP library Check) to detect OWASP TOP 10 vulnerabilities during the product development phase. Vulnerabilities were identified during penetration testing (pentest), and addressing these issues involved time and resources.

2020: Breach Busters

Inova’s CISO created a team of security champions called Breach Busters to support the Security by Design project. The team’s diversity of skills, culture, and knowledge was important in its formation, and there was one champion selected to represent each of the functional development teams (Front-end, Back-end, Framework, Quality Assessors, Operation, and Security).

2021: OWASP TOP 10

Product managers have been trained in Security by Design so that risk assessments and the definition of security requirements are must-haves early in the development process. The Breach Busters were also trained in Security by Design and the OWASP TOP 10 standard. Monthly training sessions have been performed with contractors NBS System on security best practices, including OWASP TOP 10, Docker security, and hacker tools. The Breach Busters acquired more knowledge about cybersecurity principles and best practices that they could then share with their teams.

2022: NBS System

With the help of the NBS System and monthly coaching sessions, the Breach Busters cultivates a cybersecurity culture at Inova. They deliver OWASP TOP 10 training for all DevOps staff and share a security podcast to make people aware of technical vulnerabilities. They deploy new tools and processes to identify vulnerabilities sooner in the development process, called shift-left testing.

Today Inova has adopted tools and processes to reinforce Security by Design principles, including:

• Static code analysis to check if the secure functions embedded framework is used properly
• Regular use of OWASP library checks to ensure that application libraries from third parties are not vulnerable
• Internal and external vulnerability scans to identify and patch security vulnerability of the Inova cloud platform

Security by Design: A Continuous Improvement Process

Security by Design is not a point that a company arrives at but a journey or consistent improvement. Investment in training development teams and eschewing magic tools that claim to offer security but don’t live up to their promise has helped embed Security by Design principles within the development teams.

Inova’s customers benefit from an ever-more secure, efficient, and always alert security team that ensures that the market-leading partnering software they rely on is built with great attention to and alignment with industry best-practice security standards.

We’ve built the security by design to keep you ahead of threats. Book a demo to discover how security is built into the Inova Partnering Platform.

We’ve built the security by design to keep you ahead of threats. Book a demo to discover how security is built into the Inova Partnering Platform.

Schedule a demo today