Protecting Your Laboratory Data: Cybersecurity at Waters

With the ever-present threat of cyberattacks, safeguarding laboratory data has become a top priority for scientists across the globe. Many labs are accelerating digitalization efforts, but that could expose their data to greater risks. 

The Increase in Lab Digitalization: Effects on Cybersecurity 

As it turns out, the increase in digitalization, particularly the shift to the cloud, has brought about stronger and more robust security protocols–often provided by cloud service providers themselves. These providers are true cybersecurity experts, with data protection as their core focus.  

True success in protecting against cyberattacks hinges not just on an organization’s security posture (the security status of an enterprise’s network, information and systems based on information security resources and capabilities), but also on the security of the vendors they choose to partner with. Choosing the right partner is key in ensuring that your data is fully protected against cyberattacks.

In our increasingly digital world, good cybersecurity isn’t just a protective measure. It’s also a strategic advantage, for several reasons: 

• Protection of sensitive data  
• Prevention of financial losses  
• Enhanced reputation  
• Regulatory compliance  
• Business continuity  

As the leading provider of analytical measurement systems, software, and services for the life sciences, pharmaceutical, and industrial markets, we understand how critical your scientific data is. That’s why we undertake a comprehensive, multi-layered approach to security. Let’s take a closer look. 

Cybersecurity Best Practices in the Cloud: The Waters Commitment 

The Waters cloud cybersecurity program focuses on the integrity, confidentiality, and availability of our systems and your data, ensuring robust cybersecurity features in our informatics solutions. 

Our cloud security is built on a defense-in-depth framework. Defense-in-depth is a cybersecurity strategy that utilizes multiple layers of protection, including technology-based and procedural controls, to defend against cyber threats and attacks. This approach ensures that even if one layer is breached, subsequent layers will prevent or mitigate the attack. 

Our cybersecurity strategy centers around the CIA Triad, a common model that forms the basis for the development of security systems, which stands for: 

• Confidentiality: protection of data, ensuring only authorized persons have access  
• Integrity: ensuring the data is accurate and complete 
• Availability: ensuring uptime and that there is no data loss or corruption  

At Waters, we prioritize all three aspects of the CIA triad to ensure reliable access to data. Our cybersecurity program includes a range of measures to protect data in all three states, ensuring that our customer data is secure whether it is stored, transmitted, or used. We use encryption, access control, firewalls, intrusion detection, regular backups, secure protocols, and incident response to ensure the security of our customer data. These measures include: 

• Encryption: Using advanced encryption algorithms to protect data at rest and in transit. 
• Access control: Restricting access to authorized personnel using strong authentication and authorization protocols. 
• Firewalls and intrusion detection: Monitoring and blocking unauthorized access to our networks and systems. 
• Regular backups: Ensuring data availability by performing regular backups and testing restores. 
• Secure protocols: Using secure communication protocols such as HTTPS and SFTP for data transfer. 
• Incident response: Having a comprehensive incident response plan in place to respond to security incidents. 

Waters is deeply committed to helping customer labs stay secure, including preparing for regular assessments moving forward. 

The Future of Cybersecurity at Waters

Conducting regular cybersecurity assessments is critical for today’s labs, and software platform certifications can make that process a bit easier. Waters has achieved ISO 27001 certification for our cloud software platform and products, an internationally recognized standard that ensures our processes, policies, and controls are robust, effective, and continually improving. This certification underscores our commitment to the highest standards of information security management, and dedication to safeguarding client data and upholding their trust in our solutions.  

In addition to achieving this certification, Waters Corporation has also undergone a third-party risk assessment with CyberVadis, a leader in cybersecurity used by Amazon and Microsoft to perform their third-party assessments. CyberVadis focuses on 20 topics (such as data privacy, access management, and infrastructure security) covering the entire cybersecurity lifecycle in four phases: identify, protect, detect, react. The 20 topics or criteria are based upon international information security standards such as ISO 2700x, NIST Cybersecurity Framework, Cybersecurity for ICS, PCI DSS, and GDPR. Waters received a silver medal and an overall rating of “developed” from our assessment in July 2024. 

总结

At Waters, we believe cybersecurity is not just about protecting data–it’s about ensuring the trust and continuity that our customers rely on. Waters continues to invest in cybersecurity technologies, processes, and employee training to ensure the ongoing security of our cloud environment. We are dedicated to maintaining and enhancing our cybersecurity measures to meet the highest standards and keep your data safe. 

Ready to learn more about how to keep your lab data protected? Read our whitepaper or learn more about out waters_connect cloud software products: 

• waters_connect System Monitoring 
• waters_connect Data Intelligence