Managing 70TB Of Reliable Data: EMA’s Big Challenge

What are the plans for Function Points? What does this initiative entail?

Function Point analysis is one of the ways people try to understand initially how much it will cost to build a software package. By doing function point analysis, you can have a measurement of the complexity of the program code.

Cast will tell me whether what I’ve spent for this website is reasonable given the amount of complexity, whether I’ve paid too much or whether I’ve gotten away with paying little for it. You have the code written, and then you analyse for the number of function points. You have to have specialists that do this manually.

How does the EMA approach the security challenges of storing 70 terabytes of data?

We run standard state-of-the-art IT security. So we have the usual arrangement of cascaded firewalls. So it cannot be a systemic whole. We use specially certified consultants who are cleared at the military levels to check the design of our IT security systems.

We pay a specialised company to try and break into our systems. We have all of the required approaches.

What types of data breaches have you encountered?

We’re running intrusion detection systems. Just before Christmas we spoke with the FDA on systems and what we do. Maybe because intrusion detection is not good enough, we have at the moment a very low number of attempted attacks – not aware of any successful attack. These breaches have all been passive insider threats. If you analyse the difficult IT threats, you can divide them into passive vs. active.

I consider based on my own experience in IT, which now goes back 25 years, that by far the most dangerous threat is the active insider threat who you haven’t promoted – a passive insider member of staff or insider getting code [or] information.