As more devices become internet-capable and more of our lives happen online, laboratory managers are rightly concerned that connecting their instruments to the web might present security concerns. Cloud storage allows devices to run and data to be analyzed far from the lab, but it also opens the door for potential unauthorized access. Internet malefactors might be resourceful, but they are not as resourceful as Thermo Fisher Scientific. Our cybersecurity program helps reduce risk and responds to threats. We employ the latest security tools and offer solutions that enable our customers to push the boundaries of innovation. There are several ways we keep your data secure and private.
Data Protection at Rest and in Transit
Encryption in Storage
Data uploaded to the Thermo Fisher™ Connect platform use gold-standard encryption methods. In particular, data stored on the serves for the Connect Platform are encrypted using AES-256. One key attribute of this encryption standard is that, even if an unauthorized intruder were to access the data, they would still need the decryption key to read it. Without that key, the information they have taken is simply random noise.
Encryption in Transit
When in transit between the instrument or PC and the Connect Platform, data are protected with TLS v1.2 and SHA-256 encryption. These encryption methods protect against attackers being able to read data midstream, such as with “man-in-the-middle” attacks. Similarly, data presented or sent using web interfaces leverages HTTPS (secure hypertext transfer protocol)—employed in all highly regulated industries and commerce for transacting sensitive data such as credit card numbers, addresses, and other personal information. This security protocol uses both encryption and security certificates to authenticate the server receiving the data and prevent unauthorized users from reading it.
Protection of the Cloud
Amazon Web Services (AWS) Cloud Infrastructure
Load Balancing and Multi-Region Capabilities
Thermo Fisher works with Amazon Web Services (AWS), the largest provider of cloud infrastructure services in the world, to host Connect Platform. AWS provides protection against distributed denial of service (DDoS) attacks with load balancing, which spreads out traffic to multiple servers and prevents any one server from becoming overwhelmed. This method also provides high availability with multi-region capabilities, ensuring that if one server were to experience an interruption, others would be able to carry on in its place.
Anti-Malware and Antivirus
These servers also employ an additional third-party solution to protect the servers at the edge of the network. Connect Platform has an antimalware and antivirus solution installed to prevent malware from attacking it or devices hosting it, and it uses firewalls and intrusion detection to protect against attacks before they even reach the platform. An endpoint detection and response platform within Connect Platform helps prevent more advanced attacks that may be able to bypass traditional antimalware solutions by inspecting incoming and outgoing traffic to detect any activity that may be malicious, adding an additional layer of security.
In addition to all these protective features, Connect Platform uses an integrity monitor. This program detects changes to critical system files and compares them to a baseline, noting any changes that may signal an attack or compromise.
Secure System Development Lifecycle
Thermo Fisher Scientific puts its connected products and software through a secure system development lifecycle. Before they see end users, they receive a product security assessment to help define secure architecture and components, static and dynamic analysis to test code and web applications, secure code management in a code repository to monitor and control access to code, and penetration testing to simulate attacks and find vulnerabilities for teams to fix. These practices help prevent our products and software from being tampered with before they are brought to market or from being sent to market with vulnerabilities that become zero-day exploits.
Thermo Fisher Scientific SOC Network
Staying on Top of Emerging Security Hazards
Thermo Fisher operates Security Operations Centers (SOCs) in multiple global locations that are active year-round during most hours. These SOCs monitor, detect, and respond to threats facing our company and products. The SOC network is one part of a broader incident response plan that helps to find, solve, and improve security incidents. To stay sharp and ahead of potential threats, Thermo Fisher participates in threat intelligence partnerships to stay on top of emerging security hazards that may affect the company and our products and customers.
Learn More About Thermo Fisher Connect
To learn more about the security measures we have built into the Connect Platform, use the linked resources below to look at our whitepaper or review the platform in detail. We have also compiled a selection of data privacy and security tips for our customers.
Thermo Fisher Connect Whitepaper:: Thermo Fisher Connect Platform
Data Privacy and Security Tips for Our Customers:: Data Security in the Digital Age