Solving the MFA Challenge in Pharma Labs
Using multifactor authentication, or MFA, is recommended for almost all businesses in just about any industry. Its implementation involves a slight trade-off, where a small bit of convenience is sacrificed for substantially enhanced security. In the pharmaceutical industry, however, the issue of MFA is much more complicated, particularly in laboratory and other cleanroom areas.
Firstly, it is important for compliance reasons that users correctly log in to their devices, including compliance with 21 CFR Part 11. Among other things, this helps ensure data integrity.
There are also intellectual property, data privacy, and other cybersecurity considerations that mean it is important to ensure the right people are accessing the right systems and data at the right time. All this meta-information – who, what, when, and where – should also be recorded.
In theory, MFA is the ideal technical solution. In practice, however, there are considerable challenges.
The Challenge of Using MFA in Pharmaceutical Laboratories
A standard MFA process is as follows:
- A user accesses a device or application and logs in with a username and password.
- An MFA request is then sent by the system to another device, usually the user’s phone.
- The user accesses their phone to retrieve the code to complete the MFA requirement. This code is typically sent as a text message, notification, or via an authentication app, such as Google Authenticator.
- The user enters the code on the device or application they want to access.
This is all fine… except if the user doesn’t have immediate access to their phone, as is the case in most pharmaceutical laboratory and cleanroom areas where phones and other personal devices are not allowed.
In these situations, the process of retrieving the MFA code is even more time-consuming and laborious than normal, as it involves exiting the lab or cleanroom area, getting the code, and then returning, following all cleanroom and hygiene protocols in the process. All this has to be completed before the MFA code times out or the process starts again.
Not only is this frustrating and difficult, but it is also a huge drain on productivity.
Solving the MFA Challenge in Pharmaceutical Laboratories
Using our extensive experience in the pharmaceutical industry and our detailed knowledge of MFA and cybersecurity, we researched and assessed several alternative solutions to solve the MFA challenge for pharmaceutical laboratories.
Preferred Alternative Solution – Use an MFA Device
Solutions like the YubiKey are ideal in pharma lab environments. In brief, lab staff can wear YubiKey authentication devices as sterile wristbands, eliminating the need to leave the cleanroom to access a phone to authenticate a login. There isn’t even a need to remove personal protective equipment as the wristband can be worn over the top of PPE.
Users simply hold the wristband up to a receiving authentication device attached to the computer they want to log into. It’s essentially a tap-and-go alternative to standard MFA that takes seconds and causes next to zero disruption to workflows and processes.
Talk to Us About Your MFA Requirements
Cybersecurity represents significant risks for pharmaceutical companies, so it’s important to take steps to mitigate those risks. In doing so, new and unique challenges are created, including the challenge of making MFA practical in laboratory and cleanroom environments.
At Westbourne IT, we can develop and implement a solution that is right for your organisation and that strikes the right balance between convenience, security, control, and flexibility. Get in touch with us today to find out more.
Latest Insights
The Global Service Desk and Managed Services Solution Lifecycle
What is a global service desk? What are managed services and what can you expect from a managed services provider? Within those solution categories, are there any additional factors that pharmaceutical companies should pay attention to? These are common questions...
A Realistic Roadmap for Digital Transformation in Labs
Buzzwords like the Lab of the Future and Lab 5.0 are becoming increasingly common. They each come back to a concept...
There’s an IT/OT Gap in Your Pharmaceutical Laboratory. Here’s How to Bridge It
Digital transformation is on the agenda for all pharmaceutical companies as the option of standing still simply isn't...
Unlocking the Value of Data in Your Laboratory with Real-Time Visualisation and Analytics
Laboratories contribute significantly to the vast quantities of data produced by pharmaceutical manufacturing...
Overcoming Data Management Challenges in Pharmaceutical Laboratories
Businesses are becoming increasingly data-driven, and the pharmaceutical industry is no different. Data is driving...