The pharmaceutical industry is highly regulated – and highly competitive – and secure transfer of confidential and proprietary data is imperative. For one major pharmaceutical company – with hundreds and products and operations around the globe, secure file transfer has taken on special importance.
The company has been growing rapidly, in part through an acquisition strategy. New companies joining the family presented a real integration challenge. “Each company had its own approach to file transfer,” reported the firm’s head of information security. “Some were using customized solutions, some manual FTP, sometimes not especially secure. We even had some instances where people were shipping hard drives around. This was a nightmare from a security and compliance standpoint. We really needed to acquire a centralized solution for use throughout the company.”
After evaluating a number of file transfer products and conducting proof of concepts with four vendors, this pharmaceutical company chose Ipswitch File Transfer as their provider. “Security was a major element of our criteria,” the information security chief noted. “Features like support for PGP encryption and FIPS 140-2 cryptography validation were critical, and, given our web application plans, Ipswitch’s support for AS2 and AS3 future-proofs our decision.” The security of Ipswitch’s data centers, which are SSAE 16 certified, was another key factor. Compliance was also important. With Ipswitch, the company has a complete tamper-evident audit trail of all file transfers. “As a 24/7 operation, having a failover solution was also deemed critical. Ipswitch was able to provide all this at an attractive price point.”
The pharmaceutical company carries out a wide range of file transfers. “We regularly transfer confidential data externally, for instance, when we deliver clinical trial results to the FDA. We also take in external data, which we need to secure before it gets inside our trusted network. Also, we have a number of very important internal integration tasks that run on a regular schedule, one example being our payroll process. This is obviously highly sensitive data that’s being submitted from multiple global locations, and we need to make sure that no one can access or open that content as it moves to our central HR systems. There are also collaboration efforts going on. For example, our in-house developers work on ERP applications with outsourcing groups. They need a way to securely manage their code base. Then there’s the occasional, day to day file transfer that employees do, both internally and externally.”
To satisfy all of these needs, the company is deploying a hybrid approach. Payroll, and other regular file transfer tasks are handled with MOVEit Central. Files are encrypted and sent from the point of origin to a source server, and MOVEit Central transfers it automatically to the destination server. Task-time has been greatly reduced and the files cannot be accessed by anyone outside of HR. The company now has a complete audit trail covering all activity.
For inbound data from external users, the files first go to the cloud. From there, Central retrieves it and brings it inside the trusted network: no external users or systems have direct access to this network, keeping it secure. The company also plans to offer pharmacies a way to order products via the web, seamlessly integrating Central’s ASx support to web applications.
MOVEit Cloud is deployed as an easy-to-use solution for general employee needs, whether they’re transferring secure files internally or externally. The company uses the Cloud as the code exchange between in-house developers and their outsourced partners, who are collaborating on ERP applications. "I want to make transferring files as easy as possible for my users. With MOVEit Cloud, they don't need to do cumbersome and error-prone manual file transfers.” The company has started to roll-out MOVEit Cloud to all of its many thousands of employees.
With MOVEit, the head of information security says, “people get what they want and need – a seamless, simple to use solution, and we get what we want – and need – as a company: security and compliance. This is a tremendous win for us.”