Wissen - Life Sciences News - Topics - Downloads - Newsletter
Contact
Rob Stijlen
Rob Stijlen
Home | Newsletter | UPDATE 1 | 2019 | How to achieve “security by design” in your production network
March 4, 2019

How to achieve “security by design” in your production network – a project report

Streamlining processes, for example in production, by networking previously autonomous equipment is one of the most common digitalization projects. But integrating the manufacturing infrastructure and processes into a network must be carefully planned and designed to prevent any security gaps affecting production or enabling access to sensitive data.

 

Facing this challenge, a listed Swiss pharma company called in the experts and consultants from ARCONDIS for support.

 

Harmonizing diversity and reducing complexity

The specific challenge of this project was to attain a heterogeneous system landscape, requiring a custom-developed solution. The infrastructure and network architecture of the five production sites had developed over time, meaning they were fundamentally different – two of these locations were also recently acquired and thus had entirely different structures. Transforming this diversity with such granularity (sensors, cooling systems, production equipment etc.) into a homogenous, yet highly secure network requires comprehensive expertise from other projects (best practice) and a clear objective.

In this case, the goal of the project was to harmonize and consolidate the production, packaging and laboratory infrastructure to lay the foundation for the next steps, such as adjustments in network segmentation and introducing a central data hub for global systems like LIMS and MES (Laboratory Information Management System and Manufacturing Execution System).

After all, things were supposed to change in the medium term, with networked locations taking full advantage of the benefits of digitalization through centralized control and shared centralized services (ERP, SaaS etc.).

 

Secure production processes key

Of course, this all only succeeds when no compromises in terms of security have to be made. For this reason, the network is being designed with security in mind – which is where “security by design” comes into play.

This approach aimed to use a catalog of devices and applications to establish an overview and transparency in the laboratory and production environment. It may sound simple, but first all relevant cataloging criteria had to be defined, which required the full security and architecture expertise of ARCONDIS consultants. After all, cataloging based on future-relevant factors with regard to a custom-conceptualized and highly secure network is the only way to gain insights while meeting set goals. The success factors for the future model – though still theoretical in this phase – formed the foundation for the assessment of the existing infrastructure.

Security by Design in a production network

 

Customization of proven standards a must

Based on the existing structure, a very customer-specific model was developed grounded in proven methods and tools of enterprise architecture management – on the one hand to ensure a uniform, consistent process and on the other to meet the specific properties of production equipment and safety requirements especially. 

Thanks to the achieved availability of individual locations, (security) potentials were then quickly identified, coordinated in regular meetings and on-site workshops with stakeholders from the specialist departments, not least to ensure their understanding and support for the approach. The results were then consolidated into a global master map together with involved individuals from the laboratory and production, as well as ARCONDIS enterprise architecture experts.

 

Blueprints for a secure global network

In concrete terms, the result is a master application landscape that presents a reliable guideline for developing and ensuring a secure global production network. Based on the individual models, security aspects are taken into special consideration and do not have to be added later on at great expense – in line with the “security by design” approach.

Frank Reissner, Joachim Stengel


Recommendation: