Securing Clinical Trials: A Deep Dive into Calyx’s Cybersecurity Journey with CyberArk

Join Express Computer in an exclusive interview with John J., Director of Cybersecurity at Calyx, and Rohan Vaidya, Regional Director for India and SAARC at CyberArk, as they discuss how Calyx, a leader in the clinical trial industry, has harnessed the power of the CyberArk Identity Security Platform. Delve into the challenges faced by Calyx, the transformative impact of CyberArk solutions on privileged access management, and the pivotal role these cybersecurity measures play in securing sensitive patient data and streamlining clinical trial operations. Learn about the best practices and lessons learned by investigating real-world circumstances where CyberArk’s solutions proved essential. This interview offers a thorough look at how CyberArk’s Trusted Identity Security Programme has strengthened Calyx’s security posture and spurred innovation in the ever-evolving clinical research and medical fields. This exclusive conversation shed light on the intersection of healthcare, cybersecurity, and technological advancement.

Can you tell us more about how Calyx has leveraged the CyberArk Identity Security Platform to enhance security for privileged users and vendors while maintaining operational efficiency?

Calyx, a leader in the clinical trial industry, has effectively leveraged the CyberArk Identity Security Platform to enhance security for privileged users and vendors while maintaining operational efficiency. The challenge for Calyx was to secure 2,500 endpoints, 220 privileged users, and up to 100 vendor access points daily, all while safeguarding sensitive patient data, classified information, and patents. To address these challenges, Calyx implemented the CyberArk Identity Security Platform, comprising CyberArk Privilege Cloud, CyberArk Vendor Privileged Access Manager, and CyberArk Endpoint Privilege Manager. This solution not only eliminated the issue of administrators sharing usernames and passwords but also provided real-time session monitoring, privileged credential rotation, and automatic alerts to address security incidents. It offered a secure, frictionless experience for both internal administrators and third-party vendors. Calyx now benefits from a highly efficient and secure technology infrastructure, enabling its teams to focus on core product development and ensure the continuity of critical clinical trial operations while adhering to stringent security and compliance requirements.

In what ways has implementing least privilege across endpoints benefited your organisation, and how has it impacted your users’ productivity?

Implementing least privilege across endpoints has brought several significant benefits to Calyx. Firstly, by utilising CyberArk’s identity security solutions to enforce the least privilege, Calyx has gained the confidence of both customers and partners. The reputation of CyberArk as a global leader in identity security reassures prospective clients that Calyx takes cybersecurity seriously and employs a trusted solution for privileged access management, ultimately safeguarding their data. Vendors also find it easier to comply with Calyx’s security procedures, as CyberArk is recognised as a reliable and user-friendly solution in the space. With numerous operational vendors and a constant influx of third-party employees accessing Calyx’s systems, the ability to quickly onboard and manage vendor access is crucial. CyberArk Vendor Privileged Access Manager enables Calyx to identify inactive users and engage with vendors to verify and update access protocols, thereby maintaining control and security in a dynamic environment. Furthermore, the support from CyberArk’s engineering team has been instrumental in resolving issues promptly and efficiently. Their responsiveness and collaboration with Calyx’s engineers have ensured the continuous and effective operation of the identity security platform. As CyberArk continues to evolve its products and solutions, Calyx is poised to enhance its identity security posture further, aligning with the Zero Trust mindset. Ultimately, this approach allows Calyx to maintain the secure operation of its business, ensuring the expedited delivery of medical breakthroughs to the market and reinforcing its commitment to data protection and cybersecurity.

Could you share specific examples or use cases where the Trusted Identity Security Programme, including Vendor Privileged Access and Endpoint Privilege Security, has made a significant difference in your operations?

Calyx has witnessed significant improvements in its operations since implementing the Trusted Identity Security Programme, which includes vendor-privileged access and endpoint privilege curity. One key area of impact has been the ability to efficiently manage and secure vendor access. Calyx, which onboards numerous third-party vendors, often faces challenges keeping track of changes in vendor personnel. CyberArk’s Vendor Privileged Access Manager allows Calyx to run reports to identify users who haven’t logged in for 30 days, enabling them to engage with vendors for verification and update access protocols. This process ensures that vendor access remains secure and up-to-date, contributing to overall operational efficiency. The implementation of least privilege across endpoints, facilitated by CyberArk’s Endpoint Privilege Manager, has positively affected the productivity of Calyx’s employees. It enables role-specific least privilege access, allowing users to elevate privileges for the applications they need while blocking risky applications and behaviours. This streamlined approach minimises security obstacles for employees, enabling them to work at their best while significantly reducing the attack surface. By implementing policy-level controls for software downloads, users can safely add productivity tools without risking the business’s integrity. This balance between security and productivity ensures that the workforce can maximise its efficiency without compromising the organisation’s assets.

Calyx has gained the trust of customers and partners due to its use of the CyberArk Identity Security Platform. The platform’s industry reputation and robust security measures provide assurance to prospective clients that Calyx takes cybersecurity seriously, contributing to the company’s strong relationships in the clinical research market. Furthermore, the support from CyberArk’s engineering team has been invaluable in ensuring that Calyx’s operations remain secure and uninterrupted. Ultimately, the Trusted Identity Security Programme has not only enhanced the security of Calyx’s operations but also increased its credibility and efficiency, benefiting both internal users and external partners. This comprehensive approach aligns with the company’s mission to accelerate innovative medicine and improve clinical trial outcomes, reinforcing its commitment to data protection and cybersecurity.

What challenges did Calyx face before implementing CyberArk solutions, and how have those challenges been addressed with the technology? How has the use of CyberArk’s solutions contributed to accelerating innovation in the field of clinical research and medicine?

Before implementing CyberArk solutions, Calyx faced several significant challenges in managing its technology infrastructure. One of the primary challenges was the need to secure a vast and complex network, which included 2,500 endpoints. This infrastructure was needed to handle sensitive data, such as patient information, classified material, and patents. The challenge was to ensure that this data remained safe and secure while facilitating seamless access for both internal privileged users and external vendors, who required up to 100 access points daily. Another challenge Calyx faced was the risk associated with administrators sharing usernames and passwords. This practice posed a significant security threat, as it made it difficult to track and control who had access to critical systems and data. It also made it challenging to monitor and record sessions, enforce audit and compliance requirements, and receive alerts in case of security incidents. Moreover, Calyx needed to ensure that its employees could work efficiently and without hindrance, maintaining their productivity while adhering to necessary security protocols. The organisation’s complex network of third-party vendors across IT and finance functions further complicated the security landscape.

CyberArk’s solutions, including the Privilege Cloud, Vendor Privileged Access Manager, and Endpoint Privilege Manager, provide a robust security framework. They protect Calyx’s sensitive data, including patient information, classified material, and patents. This enhanced security ensures that Calyx can focus on its core mission of accelerating clinical trials and new drug approvals with confidence in the protection of critical data. CyberArk’s Privilege Cloud solution has addressed the challenge of administrators sharing usernames and passwords. The frictionless access and robust security measures have allowed administrators to protect domain controllers while maintaining productivity. Calyx relies on numerous third-party vendors across various functions. CyberArk’s Vendor Privileged Access Manager has enabled Calyx to provide secure, passwordless, VPN-less, and agentless access to these vendors. This simplified and secure approach ensures that external partners can quickly access Calyx’s systems, allowing the company to maintain seamless operations and focus on its core business of accelerating medical innovations. With the Endpoint Privilege Manager, Calyx has implemented role-specific least privilege on endpoints. This means that employees can work efficiently without unnecessary security obstacles. This balance between security and productivity ensures that Calyx’s teams can focus on their critical work of delivering life-saving treatments. CyberArk’s identity security solutions have provided Calyx with the necessary tools and framework to address security challenges while maximising productivity. This has allowed Calyx to maintain its focus on supporting over 60,000 trials and more than 650 new drug approvals for top pharmaceutical companies, ultimately accelerating innovation in the field of clinical research and medicine. The security and efficiency provided by CyberArk’s solutions instill confidence in clients and vendors, making compliance with procedures easier and ensuring that Calyx can continue to bring medical breakthroughs to market faster.
The use of CyberArk’s solutions has significantly contributed to accelerating innovation in the field of clinical research and medicine for Calyx. Calyx plays a vital role in helping life science and biopharmaceutical clients transform scientific discoveries into new treatments and speeding up the availability of these therapies to improve patient health.

Are there any particular security incidents or scenarios where CyberArk’s solutions proved to be especially valuable for Calyx?

Calyx faced a pressing security issue with administrators sharing login credentials, which CyberArk’s Privilege Cloud solution effectively tackled by continuously monitoring, rotating, and vaulting privileged credentials. This mechanism significantly reduces unauthorised access and the risk of security breaches. Calyx operates in a real-time patient data environment, and CyberArk’s solutions offer real-time monitoring for immediate threat response, upholding system integrity. Leveraging multiple third-party vendors, Calyx ensures secure access through CyberArk’s Vendor Privileged Access Manager, offering password-less, VPN-less, and agentless entry while maintaining strict control with monitoring and recording capabilities. Additionally, CyberArk’s Endpoint Privilege Manager aids Calyx in implementing role-specific least privilege, minimising the attack surface, blocking potential risks, and ensuring compliance. Although specific security incidents are not detailed, CyberArk’s solutions have been instrumental for Calyx in proactively addressing and mitigating security risks, safeguarding sensitive data, and maintaining a secure infrastructure in their regulated clinical research environment.

What advice would you give to other organisations considering similar cybersecurity solutions, based on your experience with CyberArk?

Organisations considering cybersecurity solutions should prioritise this critical aspect of their operations, taking inspiration from Calyx’s experience with CyberArk. Key advice includes choosing recognised and trusted leaders like CyberArk, emphasising robust privileged access management, streamlining compliance procedures, prioritising user-friendly solutions, and assessing the impact on vendor relationships. Calyx’s positive experience highlights that opting for globally renowned cybersecurity solutions not only enhances security but also builds trust among clients and partners, simplifying compliance and promoting smooth interactions. Additionally, organisations should stay informed about evolving threats and technologies, ensuring their security strategy remains adaptive and up-to-date in today’s ever-changing digital landscape.

Comments (0)
Add Comment