Solving the MFA Challenge in Pharma Labs

Using multifactor authentication, or MFA, is recommended for almost all businesses in just about any industry. Its implementation involves a slight trade-off, where a small bit of convenience is sacrificed for substantially enhanced security. In the pharmaceutical industry, however, the issue of MFA is much more complicated, particularly in laboratory and other cleanroom areas.

Firstly, it is important for compliance reasons that users correctly log in to their devices, including compliance with 21 CFR Part 11. Among other things, this helps ensure data integrity.

There are also intellectual property, data privacy, and other cybersecurity considerations that mean it is important to ensure the right people are accessing the right systems and data at the right time. All this meta-information – who, what, when, and where – should also be recorded.

In theory, MFA is the ideal technical solution. In practice, however, there are considerable challenges.

The Challenge of Using MFA in Pharmaceutical Laboratories

A standard MFA process is as follows:

• A user accesses a device or application and logs in with a username and password.
• An MFA request is then sent by the system to another device, usually the user’s phone.
• The user accesses their phone to retrieve the code to complete the MFA requirement. This code is typically sent as a text message, notification, or via an authentication app, such as Google Authenticator.
• The user enters the code on the device or application they want to access.

This is all fine… except if the user doesn’t have immediate access to their phone, as is the case in most pharmaceutical laboratory and cleanroom areas where phones and other personal devices are not allowed.

In these situations, the process of retrieving the MFA code is even more time-consuming and laborious than normal, as it involves exiting the lab or cleanroom area, getting the code, and then returning, following all cleanroom and hygiene protocols in the process. All this has to be completed before the MFA code times out or the process starts again.

Not only is this frustrating and difficult, but it is also a huge drain on productivity.

Solving the MFA Challenge in Pharmaceutical Laboratories

Using our extensive experience in the pharmaceutical industry and our detailed knowledge of MFA and cybersecurity, we researched and assessed several alternative solutions to solve the MFA challenge for pharmaceutical laboratories.

Preferred Alternative Solution – Use an MFA Device

Solutions like the YubiKey are ideal in pharma lab environments. In brief, lab staff can wear YubiKey authentication devices as sterile wristbands, eliminating the need to leave the cleanroom to access a phone to authenticate a login. There isn’t even a need to remove personal protective equipment as the wristband can be worn over the top of PPE.

Users simply hold the wristband up to a receiving authentication device attached to the computer they want to log into. It’s essentially a tap-and-go alternative to standard MFA that takes seconds and causes next to zero disruption to workflows and processes.

Talk to Us About Your MFA Requirements

Cybersecurity represents significant risks for pharmaceutical companies, so it’s important to take steps to mitigate those risks. In doing so, new and unique challenges are created, including the challenge of making MFA practical in laboratory and cleanroom environments.

At Westbourne IT, we can develop and implement a solution that is right for your organisation and that strikes the right balance between convenience, security, control, and flexibility. Get in touch with us today to find out more.