Data Management & Biostatistics

Beyond Meltdown and Spectre: Our Take on IT Security

No doubt you’ve heard much about Meltdown and Spectre, major security defects in the microprocessors that underpin nearly all of the world’s computers. Hackers, the world learned in early January, can exploit these defects to steal the entire memory contents of PCs, mobile devices, and the servers that make up cloud computing networks.

That puts at potential risk passwords, documents, photos, and everything else we store electronically. In short, everything.

This is no esoteric or theoretical threat. Our product, after all, is data, and without data that’s clean and reliable, our customers have no product. So our information technology experts moved quickly to assess and, as necessary, contain any weakness in our systems at Premier Research.

Post-holidays, our IT pros worked literally around the clock for days, patching 1,000 servers and running through each computer application with 800 separate checks. Before doing that, they benchmarked the performance of our networks so we could assess how the system fixes affected network speed. This was necessary because the patch used to combat the Meltdown threat was expected to slow down computers by as much as 30 percent.

To a Netflix customer waiting for a movie to download, a 30 percent reduction in speed is a pretty large annoyance. For a biotech company working frenetically to advance its compound and looking to assure anxious investors, it can be the razor’s edge between success and failure.

There is no patch for Spectre, so that remedy will be far more complex and could require redesigning the processors that run these devices. A fix may not be available until a new generation of chips reaches the market. Fortunately, researchers believe this flaw is much more difficult to exploit.

Fortunately for us at Premier Research, data safety is always top of mind. It’s not only clinical trial data that’s at stake: IT security is also a vital part of our product portfolio. Medical devices are a core part of our business, and many if not most of the consumer medical devices in use today — we’re talking about things like pacemakers and orthopedic implants — are connected to a network. There are many reasons hackers might want to access this information. Most are to gain some kind of commercial advantage, but some are just plain malicious.

When our customers — and their patients — entrust us with their data, they place in our hands an enormous responsibility. We consider this a sacred trust, irrespective of what network hack or other information technology menace is making headlines.