High Data Security, Low Costs: Must One be Sacrificed for the Other?
While clinical data security has always been paramount to Medidata Solutions, our R&D and information security teams have been working together over the past few months to deliver even more secure products by combining traditional data security approaches with innovative new exercises.
The result is a corporate mindset that devotedly “thinks security” throughout the software development life cycle. This approach has brought Medidata impressive results, including further elimination of software vulnerabilities, lower costs to achieve Medidata’s data security goals and delivery of products that even better serve our customers. Providing fully secure technology is an ongoing and critical process for every software vendor. I’m very proud to say that we believe these efforts have placed Medidata at the vanguard of information security.
An important part of our ongoing effort is Black Hat Friday, in which Medidata engineering staff take an occasional Friday off from coding and attempt to hack into our own products to discover vulnerabilities that may be unique from those yielded through third-party testing. Another improvement we’ve adopted involves our approach to application penetration testing, which initially prompted us to create a testing environment through several outstanding open-source tools that detected as much susceptibility as the commercial products. As a result, we are now in the process of building a complete testing environment in which we can assess all of our products to verify the security of our software and to provide a safe environment to execute “what if” scenarios. These and other internal tactics have produced a significantly better discovery of vulnerabilities at a lower cost than utilizing third-party testing alone.
I was recently asked to write an article for Information Management about how we are improving data security while controlling costs. I invite you to check it out to learn more about Medidata’s multifaceted security efforts and to view the six steps I share for controlling information security costs.
To those of you with IT-related responsibilities, I would especially like to hear about your attempts to improve security and control costs within your own organization. What is your organization doing to enhance data security?
More about Glenn Watt