Mike Towers’ Collaborative Approach to Information Security

Mike Towers of Takeda believes pharmaceutical companies should collaborate to find collective solutions to data privacy concerns, for the good of the industry as a whole

As chief information security officer for Takeda Pharmaceuticals, Mike Towers fell in love with the security space early in his career. “I’ve never felt closer to the business than when I’m doing security,” he says.

This is a sentiment that serves him well at Takeda as it navigates the increasingly complicated waters of cybersecurity in the healthcare sector. Despite these challenges, Towers’ prior experience in IT has prepared him to maintain Takeda’s dedication to superior patient experience and information privacy.

Towers started his career as a processor design engineer at Intel, then worked as an IT generalist for Beecham’s consumer healthcare division. “I progressed through the ranks quite quickly,” says Towers, who acted as a “relief pitcher” called in to fix struggling services.

Mike Towers, Takeda Pharmaceuticals Photo by Bryan Karl Lathrop

From there, however, he soon found himself dabbling in the security space, being unexpectedly asked to sign on as the head of security for GlaxoSmithKline (GSK). Towers specifically remembers asking why he was being requested for the job. “I don’t have a lot of experience,” I said. “They said, ‘That’s why we want you—you won’t have any bad habits.’”

Towers enjoyed the job in part because it’s easy for him to understand his impact. “I never had to think long or hard about what I was contributing to the business,” he says.

He spent nearly two decades at GSK, and five years in that top security role, before taking a security leadership position at Allergen, and then joining Takeda as its CISO in August 2018.

At Takeda, Towers is largely responsible for building a comprehensive information security and risk-management program for the company, working to ensure the company’s information is as protected as possible from cyberattacks. In this role, he is especially appreciative of his experience with IT, which allows him to find security solutions that minimize the impact to service levels or user experience. “I try to make it easy to do the secure thing,” Towers says. “There’s a lot of IT discipline involved in that.”

Also, having a knowledge of the vocabulary and rhythms of IT allows Towers to more effectively communicate between departments. “Even though security is more of a business-related problem than traditional IT, there’s a mental link between security and IT due to our tech focus,” he says. It makes sense, then, for Towers to build up a strong relationship between the IT and information security units at Takeda.

In a healthcare industry with increasingly complicated concerns regarding confidentiality, privacy, and information security, Towers’ ability to step between these worlds is especially important. Companies like Takeda have to balance confidentiality requirements and compliance with federal regulations, ensuring transparency and accommodating patients’ increasing desire to easily access their healthcare information.

To address these concerns, Towers has been working aggressively on initiatives to give Takeda the tools to strike this delicate balance between security and access. Chief among those initiatives is widening identity and access management, focusing on the entire healthcare ecosystem rather than just the internal workforce. This includes working with thousands of doctors specializing in a range of therapeutic areas, not limited to those who benefit from Takeda’s products. Towers believes investing time and digital resources to make experiences more patient-friendly will lead to greater dividends across the industry. “If we make patients’ lives easier, it will ripple through the system.”

He is also working on an information taxonomy for Takeda that places a focus on where data needs to go, rather than where it currently is. This initiative takes a risk-based approach to data protection, with three levels of data classification depending on the privacy level of the information. Data from biotech firms, for example, are protected to a greater extent than marketing materials, which eventually go public. “One size doesn’t fit all when it comes to data protection, but standardization is important,” he says.

Cybersecurity is a fundamental concern for pharmaceutical companies, but Towers asserts that the industry must work together and collaborate on the right controls to protect against risks. While the open market means competing for the trust and attention of a doctor or the comfort of a patient, “we can’t compete in cybersecurity,” says Towers. “It’s too complex, and our adversaries advance more quickly than we, as defenders, do.”

These moves toward more dynamic data protection and balancing patient confidentiality and access are all part of Towers’ work to help Takeda remain an industry leader in healthcare information security. To face the challenges of cybersecurity and the increasing demands of patients, Towers asks companies to recognize that they should invest more in this effort. “We should leverage our capacity to protect the entire industry,” he says.

As the global cybersecurity leader, Palo Alto Networks partners with healthcare companies like Takeda Pharmaceuticals International, Inc. to protect their intellectual property and secure manufacturing and supply chain operations. More than two thousand healthcare customers around the world rely on Palo Alto Networks to prevent successful cyberattacks and streamline security operations.