Mitsubishi Tanabe Pharma transforms operation in cloud security powered by Azure OpenAI

Enhancing cloud security is a key challenge for data utilization to achieve “VISION 30”

Mitsubishi Tanabe Pharma has set VISION 30 as its goal for 2030, which is to be a healthcare company that delivers optimal therapy to each individual under the mission of “creating hope for all facing illness.” The 21-25 Medium-Term Management Plan through 2025 sets forth two core growth strategies: precision medicine (cancer genome medicine) and around-the-pill solutions (improving the quality of life of patients and their surroundings). To support these efforts, the company has been working to reform its organization and human resources, invest in digital technologies, and build a digital infrastructure as a management foundation.

Data utilization is becoming increasingly important in these efforts. At Mitsubishi Tanabe Pharma, Hiromichi Ozaki of the Pharma Solution Delivery Department’s Value Chain Solution Group is in charge of data utilization, cloud computing, and Digital Transformation measures. He said:

“Data utilization is an essential element in advancing precision medicine and around-the-pill solutions. We are accelerating our digital efforts in various departments, including R&D, supply chains, factories, and headquarters, and our IT infrastructure must ensure agility and security.”

Mitsubishi Tanabe Pharma Corporation
Hiromichi Ozaki, Pharma Solution Delivery Department’s Value Chain Solution Group

The Value Chain Solution Group is working on the development and security of the in-house cloud infrastructure, including IaaS and PaaS, as well as data engineering, visualization, and data management in terms of data utilization. Among these tasks, security was becoming an important issue for the achievement of VISION 30.

“The security strategies are implemented in conjunction with the Corporate Solution Group, which is responsible for the security throughout the company. Our responsibility is the security related to cloud infrastructure and data utilization. As the utilization of data on the cloud platform continues to increase, how to ensure cloud-specific security is an issue,” Ozaki said.

Conducted assessment to move to cloud security represented by Zero Trust

As Mitsubishi Tanabe Pharma dealt with cloud security, it faced the challenge of how to respond to new security models such as zero trust architecture.

“A cloud requires a unique mechanism that differs from on-premise systems, such as ID and access management based on users and roles, and authentication authorization for each service. Also, failure to keep up with the fast speed of service updates can lead to configuration errors that can result in accidents. Furthermore, it is necessary to create a system to monitor them on an ongoing basis. Therefore, we have worked to strengthen the security of Azure, which we have adopted as our common infrastructure,” Ozaki said.

To ensure that security operations are in line with global best practices and recommendations, our first step was an implementation of Well-architected Security Assessment by Microsoft. Kunihiro Kishimoto, who is in charge of cloud infrastructure management and security operations along with Ozaki, explained the background of the assessment as follows:

“There were several things to keep in mind when using the cloud, such as perimeter-protected group policies, handling object storage, and setting up VPNs for internet breakout. We can ensure the security by fully utilizing Express Route, etc. to create an environment that only our company can use, but if we want to utilize PaaS mainly, we need to follow the manners specific to cloud computing. Therefore, we conducted an assessment to identify what is lacking in our current system environment and what needs to be addressed,” Kishimoto said.

Mitsubishi Tanabe Pharma Corporation
Kunihiro Kishimoto, Pharma Solution Delivery Department’s Value Chain Solution Group

Security assessment by Microsoft covers whether the target environment has been configured according to the cloud principles of Azure Well-Architected Framework, and calculates scores. Portions that do not follow the recommendations are to be corrected based on specific instructions. For example, the security is enhanced by reviewing configuration of Azure Key Vault for managing confidential information and of Azure Blob Storage in accordance with the recommendations.

“The assessment revealed issues that while the basic standards had been met, the policies were not suitable for cloud services and there were no monitoring mechanisms. Once the shortfalls were visualized, we took concrete measures to address them,” Kishimoto said.

Integrated security management with Microsoft Defender for Cloud and Microsoft Sentinel

Microsoft Defender for Cloud and Microsoft Sentinel were selected as new security services to establish policies and monitoring mechanisms suitable for the cloud.

Defender for Cloud is a platform for cloud security system management aiming to protect cloud environments and for cloud workload protection. Centralized management of various cloud services can be performed through a dashboard to ensure that they are operating securely.

Sentinel is a SIEM (Security Information and Event Management), which collects and analyzes a variety of security-related information. Various logs generated when users log into or operate the system can be collected to detect security problems or unauthorized operations.

“By integrating Defender for Cloud with Sentinel, it is possible to monitor for proper operation of security policies in the cloud and to continuously improve the security. Defender for Cloud calculates scores based on the Well-Architected Framework recommendations and suggests specific countermeasures. Sentinel, on the other hand, collects and analyzes SQL Database audit logs, Microsoft Entra ID sign-in logs regarding ID management, and various activity logs, and automatically issues security alerts when an anomaly is detected,” Kishimoto said.

Mitsubishi Tanabe Pharma has proceeded from assessment to adoption of the services from May to November 2022. The point of this undertaking was not to introduce specific services, but to select what was necessary and unnecessary for the company’s environment through assessment, and to adopt new services as the result. Ozaki said:

“Our cloud development and operation are based on in-house work by a small number of members. In a small group setting, it is difficult to conduct assessments and evaluate and select services. We were greatly helped by Microsoft’s support in our undertakings this time around. Through discussions, they guided us on how the system and security should be, and as we discussed our requirements, we were able to build an ideal security system unknowingly.”

Another fruit of their efforts was that through discussions with Microsoft, they naturally acquired security knowledge and know-how.

“We are not security professionals, so we don’t know the details of threat response or product features. Microsoft went through hundreds of recommendations in the assessment, one by one, so that we could deepen our understanding about security,” Kishimoto said.

Translate and summarize English security alerts into Japanese using Azure OpenAI

While we established cloud security by December 2022, a new operational issue emerged as we continued to make improvements. That is, since threat detection and automated notifications built by Defender for Cloud and Sentinel were reported in English, recognizing situations was time-consuming to understand the situation and addressing them was hindered.

“When an anomaly is detected, recommendations for countermeasures, including a security level, title, status, and URL, are notified via email. It was difficult to recognize them at a quick glance, and there was a risk of missing recommendations. Moreover, we needed to look at Sentinel’s incidents to see details, and this was time-consuming. As I mentioned earlier, we have a small staff, so it is also important to be able to save labor in the operation of cloud security. Through discussions with Microsoft personnel, we were looking for a solution, and it occurred to me that we would be able to do it using Azure OpenAI,” Ozaki said.

Ozaki, who is also involved in data utilization, was already using generative AI in his data utilization efforts. According to him, he had a hunch that Azure OpenAI could largely change the way security operations would be conducted, since it could translate messages and summarize their contents in an easy-to-understand manner.

Ozaki consulted with Microsoft on how exactly to implement the system. He received support from Microsoft personnel regarding the Azure Logic Apps codes used for automation in terms of the linkage of Defender for Cloud and Sentinel, and through discussions based on this support, he was able to realize translation and summarization of English messages using Azure OpenAI.

“By using Azure OpenAI, which allows generative AI to run on Azure, we were able to quickly realize our ideas while leveraging our existing PaaS environment. Also, by learning the base codes and specific implementation know-how from Microsoft personnel, we were able to proceed with our development efficiently,” Ozaki said.

System overview diagram

Azure OpenAI improves operations, saves 550 hours of work a year, and improves security literacy

What is noteworthy about Azure OpenAI’s approach is that it does more than just translation and summarization: it automatically shows why measures are necessary and what risks would be involved if left unchecked.

“Notifications can be received via email and the Microsoft Teams app. First, an incident summary is now displayed in Japanese, so that the status of an incident can be recognized at a glance without moving from one screen to another. Specifically, we have added descriptions that tell what the titles and contents of notifications indicate. Security terms and cloud-specific features included in the recommendations are also explained, so that their approximate meanings can be understood without having to look them up. Next, additional explanations are now displayed as to why the recommendation is important and what will happen if it is left unaddressed. For example, explanations will tell why a certain item should be set to False, and if it is not set to False, access from the outside becomes possible, creating a security risk,” Kishimoto said.

Such translations and summarizations, as well as explanations of reasons and risks, are of great benefit to those in charge of actual operations. Previously, it took them about 10 minutes to check each incident. However, after the improvement with Azure OpenAI, it takes them only about one minute. With about 10 cases handled per day, the annual reduction amounts to 550 hours.

“Messages are now shown in Japanese, and the addition of reasons and explanations has made incidents much easier to identify than before, improving the literacy of the members. Many have said that their understanding of security risks has really improved. Opportunities to learn about specific attack methods and how to respond to incidents are also offered,” Ozaki said.

Azure OpenAI gives processing instructions with prompts in Japanese. It is easy to make improvements by devising the prompts. They are planning to display next possible attack methods and countermeasures against each attack method, and to automatically generate queries for searching target logs with Azure Log Analytics. Azure OpenAI is also a mechanism to embed security awareness in the organization.

“There are many scenarios where Azure OpenAI can be utilized. We will work to achieve ‘VISION’ by listening to our users and developing a digital infrastructure with enhanced security,” Ozaki said, looking to the future.

Also, Kishimoto said “The key to in-house operations of a cloud infrastructure and security is to ‘Do more with less resources.’ We will continue to work with Microsoft, which is always close at hand to support us.”

With limited human resources, Mitsubishi Tanabe Pharma has implemented advanced Azure security strategies using Azure OpenAI. Microsoft will continue to support Mitsubishi Tanabe Pharma’s efforts to realize operations based on their “Do more with less resources” policy and also their efforts to evolve further.