Integrating Physical and Logical Security in Pharmaceutics

Integrating Physical and Logical Security in Pharmaceutics

- RFID technology has been increasingly implemented for tracking
- Manufacturers are integrating access control and video surveillance systems to provide better watch and control of their facilities
- Converged physical and logical security practices are becoming commonplace.

The idea of integrating disparate systems to provide a holistic approach to security is not foreign to the pharmaceutical industry. Manufacturers are integrating access control and video surveillance systems to provide better watch and control of their facilities, said Paige Prechter, Global Account Manager of Building Efficiency, Johnson Controls.

Access control and video surveillance are mostly used to guarantee the security and safety of staff, visitors and general public, as well as providing personnel with tools that allow them to work more efficiently in their work area, explained Vincentius Liong, Director of Integrated Security Systems Solutions, Elektrodata Sistem Integrasi. “Electronic security and building management systems are usually put in place for ensuring compliance with all government regulations and legal responsibilities throughout the manufacturing facility. Another goal is to maintain access control of people during construction and expansion of the facility and monitor on-site maintenance schedules.”

Card readers are installed at all critical points, and cameras are placed to provide documentation of the entire manufacturing process, Liong continued. “Various biometric devices add an extra layer of security for extremely sensitive areas. Data from these systems is transmitted to a central security command center, where it can be closely monitored round the clock.”

Intercoms are typically integrated into the mix, allowing security personnel to communicate with employees appearing to engage in questionable activities, Prechter added.

RFID technology has been increasingly implemented for tracking. Drug identification is a required ability because it is difficult to know who made the drug or what the drug is after it is removed from the original packaging. While RFID may be effective in tackling this issue, it may not yet be sufficiently cost-effective for industry-wide deployment.

“Track-and-trace initiatives around the world are driving the need for standardization of technologies, and the use of 2-D barcodes for authentication is becoming the technology of choice," said Brian Johnson, Senior Director of Supply Chain Securityfor Pfizer, in an interview with Pharmaceutical Technology .

The large number of M&As in this industry has resulted in a company having multiple facilities with a variety of security systems, Prechter noted. “These companies are looking to standardize on one system moving forward, and are adopting open-architecture software applications that allow for integration of multiple technologies.”

Physical + Logical
Converged physical and logical security practices are becoming commonplace. Physical security keeps stakeholders safe by allowing only authorized individuals into the building, while logical security protects their computers and data from unauthorized access, said John Carney, Senior Manager of Government Practice, Cisco Systems.

However, the department s managing the technology for these types of security are generally separate and often do not collaborate with one another, Carney cautioned. “With the proliferation of IP convergence, this separation can dramatically impact both of these departments as well as compromise the safety and security of an organization.”

Logical security depends greatly on physical security, Carney explained. “A compromised network allows access not only to business-critical data, but also to all of the security sensors, video cameras and access controls. Unauthorized access to a single security sensor such as a video surveillance camera can be bothersome, but compromising the control of all sensors can be disastrous.

” Many technologies that help secure the network against various threats already exist. One possible solution that has minimal impact on the human-engineering side is to ensure that only trusted users access the network, Carney said. “To enforce this, a user should badge into a building prior to being allowed to access the network.” Through simple process re-engineering, the user does not have to change their behavior of swiping a badge or logging into the network.

This now creates a multifactor authentication: something you have (a security badge) and something you know (ID and password), Carney continued. By tying building access to network access, security increases for not only the network but also network resources.

Using multifactor authentication, gaining entrance to the building no longer guarantees access to the network, which makes it more difficult for an unauthorized person to take advantage of an unattended computer, Carney explained. “This addresses the common issue of tailgating.” This also ensures that the number and names of people in the building are known to the security team.

Badge use has minimal impact on people because most already swipe their badges for access to buildings; all that is required is to make the practice mandatory, Carney said.

Stakeholders Unite
The physical security team must track all users, to which areas they are allowed access, when they are allowed to access those areas, and so on; the logical security team must track those same users, the computers and servers they use, data access rules, and so on, Carney said. “Combining these two administrative functions into a single system allows for a more efficient change management process and minimizes the potential for an out-of-sync situation between systems.”

However, combining logical and physical identity management is no small feat. This is where the concept of a single governance body for security becomes vital, Caney continued. “This governance body needs to determine who can make changes, what changes they are allowed to make, and when they can make them.” A key priority is to keep the identity data accurate, since all policies and procedures use this data for enforcement and compliance.

Share to:
Comments ( 0 )