Secure medical research thanks to Zertificon email encryption

Scientists at MorphoSys AG research active healing agents for severe diseases. With in-house expertise, they convey promising candidates via the so-called development pipeline – a kind of library for cross-referencing active agent combinations to ultimately create a specific medicinal impact. For companies such as these, the pipeline is their golden mine. Containing more than 100 proven agents, MorphoSys has established one of the most comprehensive pipelines on the biotechnology sector.

The biotechnology company works with selected scientific and research partners, exchanging sensitive information and project data. Developing medication is a long-term, costly process, and obviously a highly vulnerable target for massive corporate espionage. Without appropriate IT security measures, the business, founded in 1992, would probably not have survived thus far.

In the beginning

Shortly before the turn of the millennium, the research business installed decentralized OpenPGP email encryption systems on the individual workplace computers. The system, however, turned out to require intensive operating support. Executives realized that central encryption management would save both administrators and users enormous amounts of time and annoyance. In 2004, MorphoSys’ IT department rolled out a centralized email gateway encrypting via OpenPGP and S/MIME.

This resolved most of the in-house MorphoSys employees’ problems, but left another problem to handle. Many of the institutions and businesses MorphoSys communicated with did not have encryption solutions. So how do you exchange sensitive, for-your-eyes-only emails when the recipient does not apply standard OpenPGP or S/MIME encryption?

Growing demands

The initial product allowed emails to be automatically transformed into encrypted PDFs. “But the usability did not meet our needs,” Michael Müller says. Mr. Müller is MorphoSys’ IT expert, having completed his training there in 1999. He worked in various departments, including user support, and has been leading the IT infrastructure team for the past five years. He therefore is well-versed in the needs and demands of both users and management, as well as the technicians’ issues.

“The first solution was a solid work of technical craftsmanship, but that’s exactly what it looked like, too,” Müller describes the earlier situation. For example, the transformation into PDF distorted email formatting. Over time, MorphoSys’ demands grew.

“Exacting users should be able to communicate as professionally and quickly as possible. Usability is pivotal, determining the success or failure of the entire solution.”

Smooth running

In 2014, the quest was to replace the central email encryption system with a more effective product. The top criteria were safe and comfortable communication with recipients who do not implement OpenPGP or S/MIME. During Internet research, MorphoSys technicians hit upon Z1 SecureMail Gateway, which encompasses secure email messenger components for confidential communications with recipients unequipped with email encryption systems.

MorphoSys contacted Zertificon over their website. This was followed up with an in-house product demonstration.

That clinched it, the secure email messenger component was elegant and easy to operate. Zertificon also let us look under the hood and inspect the implementation, which also looked great. It was important that we could adapt the design to our specific needs. The Z1 Messenger is constantly in use here and the desktop is visible to every external recipient, accenting the importance of user-friendliness and contemporary design.
– Michael Müller

Now the Z1 SecureMail Gateway’s messenger function kicks in when your counterpart does not have their own IT infrastructure with keys and certificates. Upon initial contact, Z1 Messenger automatically sets up an account for the recipient, sending an account activation email. Recipients create a password; the account is activated, and the confidential message can then be accessed. Notification of further emails ensues from that moment onward, and with their Z1 Messenger account, recipients can also send encrypted replies. As to the optic and usability, Müller declares, “That satisfies even our most demanding users.”

Quick support responses

On the average, the MorphoSys Team calls on Zertificon Support about every two months. Where Müller reports, he gets quick response from someone who knows what he’s talking about.

There are two kinds of support calls, Müller informs us, grinning. The one is when you do not really watch your steps. But the other is serious business. Müller gets serious, too, “Usually, we know what we’re doing. There’s a great deal of expertise here, we can most often help ourselves out of a sticky situation. So, when we need external support, you can be sure the house is on fire. The last thing I need when I make a support call is some checklist operator. I need fast, competent help. And that’s what I always get from Zertificon.”

“Absolutely: 5 out of 5 stars”

After a good three years of product application, we asked Michael Müller to award Zertificon with 1 to 5 stars. He thinks it over, and answers, “Five.” Really? He considers again and nods:

Yes! I’m satisfied with the solution. The product is adaptable, it works. There are few snags and it’s low-maintenance. We can secure external communications easily with partners who don’t have S/MIME or OpenPGP. That was the primary reason why we chose it and why MorphoSys AG management found it an excellent investment.”