Novartis cuts costs with hosted security software

Service will help with regulation compliance

Novartis will outsource it's security

Pharmaceutical firm Novartis is using hosted data security software to save money and help with compliance.

The software as a service offering from Qualys allows users to subscribe to the software online.

‘Because we are a global business, it made sense to have a single, hosted solution across the whole company,’ said Andreas Wuchner, head of security architecture and strategy for Novartis.

Wuchner says regulations such as Sarbanes-Oxley and Basel II have pushed compliance to the forefront of its agenda.

He says in such an environment, security managers must tie their vulnerability management and security auditing practices to broader corporate risk and compliance initiatives.

‘Qualys helps us report and audit our security, and it is our choice how often and how much they report to us,’ said Wuchner. ‘It is housekeeping – they help us identify where the risks are.’

All data to which Qualys has access is encrypted and the keys are held by Novartis, ensuring its data is kept private. The system allows the firm to prioritise and to patch vulnerabilities faster.

Gartner analyst Ben Pring says the increasing adoption of hosted software systems demonstrates its growing maturity.

‘It has gone beyond the research and development fringe now,’ he said. ‘The idea has been around for a while but the model has just become compelling.’