Top Five Steps to Preventing Cyberattacks and Validating Microsoft Dynamics 365 in the Cloud

Published May 23 2017
Back to insights

By Valarie King-Bailey, OnShore Technology

We live in an amazing time when technology is changing almost every aspect of our lives—at breathtaking speed. But with that speed comes increased cybersecurity threats. In fact, 74% of the world’s businesses expect to be hacked each year.[1]  The estimated economic loss of cybercrime is estimated to reach $3 trillion by 2020. And in recent years, life sciences, pharma and medical device companies have become highly sought-after targets of cyber-attacks due to the high revenues and substantial costs involved in research and development.

With the rise in cloud based software applications and apps available to the industry, employees sometimes inadvertently create an opening—clicking on links they shouldn’t or sending sensitive files by email to recipients they shouldn’t. It is mission critical to protect test data, formulas, patent information, trade secrets, and more from cyberattacks.

By now you’ve heard that Microsoft Dynamics 365 unifies CRM and ERP cloud solutions together into one cloud-based application platform. But what does that mean for pharma and life sciences companies when cybersecurity and validation comes into play? First of all, it is important to understand that Dynamics 365 and Azure in the cloud can be validated. The process for the validation of cloud applications differs somewhat from on premise applications, but the principles of validation endure. Secondly, the good news is that the validation process helps you become more protected against cyber threats.

Our validation partner, OnShore Technology Group, recommends the following five steps to preventing cyber threats and validating systems in the cloud:

  1. Establish Validation Procedures Including Cloud and Cybersecurity Standard Operating Procedures (SOPs) - You must have a SOP that addresses cloud computing and the outsourcing of validated IT infrastructure to an external cloud provider. You must also have a Cybersecurity SOP that addresses the need for Cybersecurity qualification and testing as well as how to address a specific cyber event.
  2. Know That Microsoft is Developing a Safe, Trusted, Responsible, and Inclusive Cloud - Microsoft provides online tools to assist you in understanding and documenting cyber-safety and compliance through its Microsoft trust center. This is a fantastic resource that provides everything you need to conduct the supplier audit, as well as special programs for security like the Microsoft Azure IP Advantage program.
  3. Automate Requirements Traceability - A mandatory validation activity is the traceability of validation test scripts to each user, functional, and design (if bespoke development) requirement. An effective strategy for validation is the automation of this process to ensure accuracy and compliance, as well as security against cyber-attacks.
  4. Conduct Cybersecurity Qualification (CyQ) - Validated systems include data essential to quality and regulatory processes as well as information necessary to achieve compliance. Therefore, the systems must be protected at all times. One cannot eliminate the potential for a cyber-attack, but you can minimize the probability of a cyber-attack by changing your validation strategy. In addition to IQ-OQ-PQ testing which is common for all validated systems you should also conduct CyQ (Cybersecurity Qualification).
  5. Carefully Install Apps - Apps are an excellent way to enhance Dynamics 365. Care must be taken to ensure that apps are thoroughly tested and are in compliance with current guidelines.  Apps should be treated like all other integrations.  You will need a strategy to address this challenge, with regression testing, as well as documentation of all apps.

Dynamics 365 and Azure represent a change in the way systems are deployed. Cybersecurity and Validation strategies must be changed to keep up with the pace of changing systems environments. For more information about cybersecurity and validation in the cloud, Join us for our upcoming webcast featuring Valarie King Bailey: Wednesday, May 24, 1:00 pm EST: Validating Microsoft Dynamics 365 & Azure in the Cloud.

An award-winning Microsoft manufacturing partner with nearly two decades of experience, Edgewater Fullscope can guide you into a move to Microsoft Dynamics 365. Our team’s manufacturing experience can help you combat your toughest operational business challenges.