Tecan : Seven security considerations when implementing cloud-based laboratory analytics

By Jason Meredith

Automated lab analytics solutions are increasingly taking to the cloud to give labs real-time visibility of instrument and consumables usage. This is valuable information - for example to understand what throughput is available to scale up and complete programs in weeks and hours rather than months. But what about the worry of data security when implementing cloud-based software? Here are seven steps you can take to make sure your data stays safe in the cloud.

Implemented properly, cloud-based lab analytics software is secure.

Security breaches are costly

While many organizations were once hesitant to upload their valuable and sensitive information to the cloud, significant technology improvements have led to more widespread acceptance of cloud-based services. However, cyber security remains a primary consideration when choosing any cloud-based analytics solution.

According to a 2018 study by Ponemon Institute, the cost of a data breach can be as high as $3.86 million.¹

Click to tweet

Without a proper security system in place, you risk data leakage, sabotage, corruption or loss of data, and non-compliance with privacy laws and other regulations.

Seven ways to improve cyber security and privacy in the cloud Relation to disease and immunity

1. Choose a strong encryption method

Today's strong encryption methods and anonymization tools provide very high data security in the cloud. Careful selection of products that support appropriate encryption is, however, essential. When choosing cloud-based software for lab analytics, look for solutions that encrypt data with proven high-security connections. For example, Tecan Introspect^TM instrument analytics software for Fluent® and Freedom EVO® workstations will only accept connections from browsers that support TLS (Transport Security Layer) protocol version 1.1 or newer, and communication between Introspect dashboards and the cloud server is encrypted via internal usage of the OpenSSL Library (HTTPS). Introspect software also includes obfuscation measures such as hexadecimal coding to prevent unauthorized access.

2. Minimize the size of transmitted data packages

The larger the data volume you are transmitting to the cloud, the higher the chances of corrupting or slowing down existing IT infrastructure. Whenever possible, it makes sense to limit the amount of data being transmitted. Fortunately, when dealing with instrument usage and analytics data, we are usually only talking about kilobytes, not gigabytes. Such small data volumes won't interfere with existing IT infrastructures - unlike sequencing data from NGS instruments, for example, which produce massive amounts of data.

3. Use a proxy server

A proxy server makes sure that the computers in your lab do not require an open internet connection, reducing a major potential source for cyber attacks. Anyone who needs an extra layer of privacy should use a proxy server, which is basically a point-to-point internet connection between you and a remote location.

How does a proxy server work? It creates a connection with a dedicated remote computer that serves as a private tunnel through which all communications must pass. All traffic is encrypted inside that tunnel-going from your current location to the proxy server first, and then again as it is forwarded on your behalf to the wider internet. This decreases the chances that anyone trying to listen nearby will be able to intercept your data. A proxy server makes it appear as if you are connecting from a different location.

4. Obfuscate or anonymize sensitive data

When taking to the cloud, privacy protection is just as important to address as data security. Violation of privacy protection can have serious legal consequences, even more so now with increasingly rigorous legislation taking effect-including, for example, the European General Data Protection Regulation (GDPR) which came into effect in May 2018; the UK Data Protection Act 2018; and the California Consumer Privacy Act of 2018, which will become enforceable in 2020. In addition, diagnostics labs and healthcare providers often need to comply with additional, more stringent, guidelines and regulations specific to the medical sector.

To avoid the risk of non-compliance with general and medical privacy legislation, it is important to have the option to replace sensitive data, such as operator names, with aliases or hexadecimal codes that are stored in the cloud. Introspect software offers you such discretion and protection of sensitive data, and also lets you assign aliases to data sets.

5. Be selective about what you send to the cloud

One of the simplest ways to minimize privacy and security risks is to be highly selective about what you send to the cloud in the first place. For instrument and consumables usage analysis, there's no need to send sensitive patient, clinical or sample data to the cloud.

When considering what data to transmit, the guiding principles for medical data protection espoused by EU and German directives² set a good example:

• Specificity of purpose: keep data use within the scope of contractual agreements.
• Need: use only those data which are indispensable for achieving the defined purpose.
• Data minimization and avoidance: collect, process and use as little data as possible.²

6. Implement appropriate training

Manufacturers of instruments and software should provide easy-to-use and secure software that adheres to industry standards for encrypted communication and data security. To complement this, laboratory staff need proper training to acquire adequate awareness of IT security and data privacy measures. When selecting a software solution, it pays to choose a company that understands the business environment you work in and has a track record of high-quality training and support for its informatics solutions.

7. Use strong passwords and update software regularly

Finally, strong passwords and regular software updates are critically important to maintaining data security. Solution providers often address the latest security bugs and vulnerabilities in their software updates, so updates shouldn't be ignored. This may sound obvious, but more often than not, it is the seemingly trivial reasons that trigger an adverse event. Don't let convenience undermine your security strategy. Make sure to install regular software updates and choose secure passwords.

Implemented properly, cloud-based lab analytics are secure

Cloud-based lab analytics give you valuable insights to stay competitive and optimize critical processes and procedures. With the right measures in place, cloud solutions are secure and reliable tools that can greatly enhance performance and connectivity across your organization. Introspect usage analytics software for Fluent and Freedom EVO workstations has been designed with security and compliance in mind.

To learn more about Introspect software, visit our website, where you can watch our informative video and get in touch with a Tecan expert.

LEARN MORE

References

1. IBM, Cost of a Data Breach Study [online]. Last accessed: 04 Dec 2018. https://www.ibm.com/security/data-breach

2. EU-PATIENTEN-DE, How are my data protected in Germany?. Last update: 01 Sep 2017. Last accessed: 04 Dec 2018. https://www.eu-patienten.de/en/behandlung_deutschland/datenschutz/DatenschutzbeiBehandlunginDeutschland.jsp