Introduction

Serving more than 47 million customers worldwide, this leading pharmaceutical company is committed to conducting cutting-edge research that enables the development of reliable, life-saving medicines. With more than a century of experience, its teams have developed and distributed countless life-saving medications.

The company runs on data, with more than 40,000 employees researching, manufacturing, marketing, and distributing new medications. The ability to increase access to medicines and treat disease is dependent on generating, collecting, sharing, and analyzing sensitive health and research data. But, this must be done both at the speed of research and innovation, while complying with stringent regulatory requirements like HIPAA.

Challenge

In modern cloud data management, securing and controlling access to sensitive information at scale is paramount, but often complex. This was the case for the pharmaceutical company. With users across teams requiring access to data for various purposes, the organization needed to be confident that its sensitive data was accessible but not overexposed.

Due to the constant evolution and expansion of roles across the company, the data team was left trying to manage the optimization, automation, and user experience of a fast-growing data ecosystem while maintaining effective data security. This required robust data access controls that could manage access to sensitive data across lines of business with diverse cloud environments. While the team understood that role-based access control (RBAC) had worked in the past, they decided that an attribute-based access control (ABAC) solution would better provide the dynamic and scalable coverage required by their business partners.

Their mission was clear: find a robust data security solution that enabled them to use metadata to apply ABAC policies and determine which members of their team should have access to which types of sensitive data. Recognizing ABAC as a key component of modern dynamic and scalable data security–due to its fine-grained access control based on various attributes–this company began to research suppliers capable of meeting its needs.

Solution

The team’s search for a scalable data security solution led them to evaluate various options. They already used AWS extensively for other business analytics functions, but to supplement native AWS controls, they identified Immuta as the platform to fulfill their data security needs.

The Immuta Data Security Platform offered a solution that provided several key advantages. Firstly, the user interface was intuitive and user-friendly, making data security simple to implement for the data team with no impact to end users. The software’s ease of use became a decisive factor, allowing employees to connect data sources without requiring extensive technical expertise.

Additionally, Immuta provided the team with the ability to write, apply, and manage dynamic attribute-based access controls across their data ecosystem. Taking a “write once, apply everywhere” approach, Immuta enables teams to write plain-language ABAC policies that control data access consistently throughout a data ecosystem – without being tied to specific platforms or providers. This meant that the organization could deploy security and governance controls in various environments, without risk of manual error or duplication.

Outcome

Leveraging Immuta’s dynamic ABAC capabilities to secure distributed cloud data at scale, the pharmaceutical company has been able to grow its data use without sacrificing security.

From the very start of the implementation process, Immuta was able to facilitate the successful adoption of cloud data tools. When faced with challenges in implementing Kubernetes, a cloud computing platform, the Immuta team was quick to provide guidance and support, easing the data platform integration process and contributing to a smoother deployment.

The impact of the Immuta Data Security Platform extends beyond the realm of data security and access control. Immuta’s support, well-documented resources, and industry expertise has been instrumental in helping stakeholders across the pharmaceutical organization to understand and implement use cases within their sandbox environment. While the primary focus has been on risk reduction and ensuring that the right individuals have access to sensitive data, the robust security measures have positioned them to reduce potential risks. This presents opportunities for their various lines of business – from research and development to manufacturing – to level-up their data-driven operations without having to worry about data security issues.

Furthermore, the organization’s data team foresees significant efficiency gains in the near term, driven by the potential for automating their access control measures. This shift towards automation promises to enhance data security while streamlining operations, an enticing prospect for an organization that thrives on the cutting-edge.

In conclusion, this organization’s adoption of Immuta has enabled them to achieve substantial progress in their data security initiatives while remaining on the forefront of pharmaceutical development and distribution. With ongoing support and dedication from Immuta, it is well-prepared to navigate the evolving landscape of data security and access control, with an eye on broader, long-term applications of the partnership beyond its enterprise data ecosystem.