Solving the MFA Challenge in Pharma Labs
Using multifactor authentication, or MFA, is recommended for almost all businesses in just about any industry. Its implementation involves a slight trade-off, where a small bit of convenience is sacrificed for substantially enhanced security. In the pharmaceutical industry, however, the issue of MFA is much more complicated, particularly in laboratory and other cleanroom areas.
Firstly, it is important for compliance reasons that users correctly log in to their devices, including compliance with 21 CFR Part 11. Among other things, this helps ensure data integrity.
There are also intellectual property, data privacy, and other cybersecurity considerations that mean it is important to ensure the right people are accessing the right systems and data at the right time. All this meta-information – who, what, when, and where – should also be recorded.
In theory, MFA is the ideal technical solution. In practice, however, there are considerable challenges.
The Challenge of Using MFA in Pharmaceutical Laboratories
A standard MFA process is as follows:
- A user accesses a device or application and logs in with a username and password.
- An MFA request is then sent by the system to another device, usually the user’s phone.
- The user accesses their phone to retrieve the code to complete the MFA requirement. This code is typically sent as a text message, notification, or via an authentication app, such as Google Authenticator.
- The user enters the code on the device or application they want to access.
This is all fine… except if the user doesn’t have immediate access to their phone, as is the case in most pharmaceutical laboratory and cleanroom areas where phones and other personal devices are not allowed.
In these situations, the process of retrieving the MFA code is even more time-consuming and laborious than normal, as it involves exiting the lab or cleanroom area, getting the code, and then returning, following all cleanroom and hygiene protocols in the process. All this has to be completed before the MFA code times out or the process starts again.
Not only is this frustrating and difficult, but it is also a huge drain on productivity.
Solving the MFA Challenge in Pharmaceutical Laboratories
Using our extensive experience in the pharmaceutical industry and our detailed knowledge of MFA and cybersecurity, we researched and assessed several alternative solutions to solve the MFA challenge for pharmaceutical laboratories.
Preferred Alternative Solution – Use an MFA Device
Solutions like the YubiKey are ideal in pharma lab environments. In brief, lab staff can wear YubiKey authentication devices as sterile wristbands, eliminating the need to leave the cleanroom to access a phone to authenticate a login. There isn’t even a need to remove personal protective equipment as the wristband can be worn over the top of PPE.
Users simply hold the wristband up to a receiving authentication device attached to the computer they want to log into. It’s essentially a tap-and-go alternative to standard MFA that takes seconds and causes next to zero disruption to workflows and processes.
Talk to Us About Your MFA Requirements
Cybersecurity represents significant risks for pharmaceutical companies, so it’s important to take steps to mitigate those risks. In doing so, new and unique challenges are created, including the challenge of making MFA practical in laboratory and cleanroom environments.
At Westbourne IT, we can develop and implement a solution that is right for your organisation and that strikes the right balance between convenience, security, control, and flexibility. Get in touch with us today to find out more.
Latest Insights
Choosing a Global Service Desk Solution for Your Irish Pharmaceutical Facility
Whether you are an Irish pharmaceutical company, a multinational corporation with lab and/or manufacturing facilities in Ireland, or a company with a sales office in Ireland, you will need IT and technical support. There are multiple considerations when deciding on...
The Importance of Training to Maximise Your Waters Empower Software Investment
Every investment in technology should deliver a return, and your investment in Waters Empower CDS is no different. The...
10 Benefits of Tailored Waters Empower Training for Pharmaceutical Companies
Laboratory employees must be well-qualified and skilled to work in modern pharmaceutical facilities. Even with this...
An Overview of Waters Empower Training for Pharmaceutical Companies
There is a range of options available to pharmaceutical companies when it comes to training on Waters Empower software...
Transitioning from CSV to CSA in the Pharmaceutical Industry
The transition from Computer System Validation (CSV) to Computer Software Assurance (CSA) represents a shift in...