Pharmaceutical Distributor Strengthens Security and Efficiency with the JFrog Platform
This leading healthcare company unified development operations, accelerated software development cycles and enhanced application security by deploying the JFrog platform.
Single Source of Truth for Secure, Automated Software Releases | Integrated Security at Every Stage of Development | End-to-end Auditability and Traceability |
1 SBOM per application for regulatory compliance |
1500+ Monthly software updates for IoT devices |
40 hr/mo Developer time shifted from security to coding |
“By deploying JFrog, we’ve seen less vulnerabilities, which has given our developers more time to focus on developing new applications. And with the different development teams all being on the same platform, it has centralized and streamlined the process.” – Chief Information Security Officer |
OVERVIEW
A leading wholesale reseller in the pharmaceuticals industry, this company is recognized as one of most trusted specialty drug distributors and diversified healthcare providers in America. With a legacy of over three decades, the organization has consistently delivered outstanding service and innovation to its customers.
The company’s flagship product is an innovative inventory solution for healthcare providers designed to extend the supply chain at the provider level. The original solution leveraged RFID-tagged products stored in refrigerated tracking devices, ensuring immediate access to safe, reliable medicines while minimizing waste, eliminating carrying costs, and maximizing patient safety.
Like many organizations in the healthcare IoT sector, evolving hardware technologies, regulations, and increasing demand for software updates created greater dependency on Open Source third-party packages. While this approach helped meet software delivery deadlines, it also consumed valuable developer time addressing security vulnerabilities discovered post-release. Early detection of vulnerabilities and secure distribution to the edge became critical needs to keep their customers happy and maintain their leading position in the market.
CHALLENGES
The company faced challenges in providing frequent updates for their edge devices, while reinforcing their reputation for trust and exceptional service. Since their solution involves storage and inventory of pharmaceuticals and their customers are leading healthcare providers, the need to comply with stringent privacy, security and healthcare standards was essential for the continued success of their industry leading inventory system.
According to their Chief Information Security Officer (CISO), the immediate need for a comprehensive software supply chain management and security solution became critical due to the ever increasing number of digital interfaces that had to be supported to keep up with customer demand.
Adding these interfaces to their inventory system is more complex than retail or other inventory applications as their tracking includes controlled substances that must adhere to industry requirements that call for a more robust method for managing and securing the software supply chain. The tools that they used previously were insufficient for this dynamic and compliance-heavy environment. Likewise, the gaps in continuous security scanning and the integration of new development tools posed significant risks to both regulatory compliance, and most importantly – customer trust.
SOLUTION
After evaluating several software development solutions that met their stringent security requirements, the team selected JFrog for its comprehensive platform capabilities that can provide a unified platform for development teams anywhere in the world, provide ongoing security scanning at every stage of development and the ability to provide an industry recognized software bill of materials (SBOM) to satisfy both regulatory and licensing requirements.
To accomplish these goals they implemented several JFrog solutions, including: JFrog Artifactory, JFrog Xray, JFrog Advanced Security, and JFrog Connect. Deployed as a single unified platform covering all stages of development from coding to distribution at the edge, the solution provided agility and efficiency across the entire development process, as well as advanced capabilities crucial for continuous integration and security, including:
- Unified Development Platform: JFrog Artifactory provides a centralized repository for managing, storing and retrieving software artifacts providing a single source of truth while increasing efficiency and fostering collaboration across development, operations and security teams.
- Continuous security scanning: The unified security solution fortifies evolving software artifacts against blind spots that are not discoverable by source code analysis or siloed security tools, while continuously analyzing software in its production context to ensure fast remediation and distribution of trusted releases.
- Detailed SBOM: The JFrog solution systematically lists the components that exist within each application, as well as the dependencies that the application requires to run, providing crucial insight for fast detection and reaction to software supply chain security risks, as well as addressing compliance and licensing requirements.
- Secure edge distribution: JFrog Connect simplifies and secures the entire IoT development lifecycle with robust security and enterprise-grade scalability for efficient, secure deployments of software updates on edge devices.
RESULTS
After deploying the JFrog platform, the team was able to unify their development operations, speed up software development lifecycles, improve security and maintain their position as a trusted industry leader. More specifically, their healthcare inventory system benefitted from:
- End-to-end Auditing and Traceability: JFrog’s platform offered unparalleled visibility into the team’s software supply chain. This comprehensive view allowed the CISO and security team to proactively identify and mitigate vulnerabilities, ensuring a robust security posture. The centralized monitoring system enabled tighter controls and better risk management, laying the foundation for a secure operational environment.
- Enterprise Proven Scale and Governance: The adoption of the JFrog Platform allowed the team to unify and streamline software development across different teams and products. This not only improved operational efficiency but also ensured consistent security practices throughout the development lifecycle. Continuous scanning with JFrog Xray provided real-time insights into security vulnerabilities, ensuring that the team remained compliant with regulatory requirements.
- Integrated Security at Every Stage of Development: With JFrog, the team was able to better align with compliance requirements such as the creation and management of a Software Bill of Materials (SBOM). This was critical for staying compliant with U.S. government regulations and maintaining their industry-leading reputation for safety and trust.
- Single System of Record for Secure, Automated Software Releases: By centralizing development on JFrog’s platform, the team ensured effective collaboration across all teams, despite the use of disparate systems. The ability to understand the context of security alerts and prioritize critical issues reduced pressure and improved response times. JFrog Connect enabled the IoT team to manage and update devices in high security health care environments, ensuring compliance and security for their customers.
THE JFROG IOT DEVICE MANAGEMENT PLATFORM
As a result of integrating JFrog’s platform into their operations, the organization has not
only fortified its security framework but also achieved greater operational efficiency and regulatory compliance, essential for their sensitive and high-stakes pharmaceutical distribution business. This transformation has ensured that they remain at the forefront of pharmaceutical safety and innovation, providing unmatched service and reliability to their customers.
We invite Healthcare DevOps and Security professionals, who are managing software updates to edge devices in medical environments, to take an online tour or schedule a one-on-one demo to see how the JFrog Platform changes how IoT software is developed, secured and delivered to the edge in healthcare environments.
“We’ve actually seen a reduction of vulnerabilities in our cloud because we’re handling them further up the chain by shifting left, so we get those vulnerabilities remediated before everything gets published.”
– Chief Information Security Officer |
Products
The JFrog Platform, JFrog Artifactory, JFrog Xray, JFrog Advanced Security, JFrog Connect
Additional Resources
White Paper: The Definitive Guide to Securing the Software Supply Chain
Solution Sheet: Software Supply Chain Platform for Financial Services
Case Study: Financial Services Company Scales Enterprise Software with the JFrog Platform