Case Study

Getting Biogen on Track for PAM Maturity

Biogen Logo webp

Organisation Size

7,000+ People

Country

Switzerland

Summary

Biogen, a global pharmaceutical leader, partnered with Xalient to enhance its Privileged Access Management (PAM) maturity and align with industry Good Practices (GxP). By implementing a BeyondTrust PAM solution and establishing firm controls, Biogen increased security, streamlined workflows, and set the foundation for future PAM advancements—all while achieving GxP certification.

Biogen PAM Case Study Xalient Integral Partners Story
BeyondTrust-logo-webp-4

Solution Implemented: BeyondTrust

The PAM tool BeyondTrust was implemented at Biogen to replace their legacy system.

GxP White-Transparent webp

Environment: GxP Compliance

The PAM implementation had to follow GxP guidelines and regulations.

Biogen wanted to strengthen its Privileged Access Management (PAM) practices as part of a broader initiative to enhance its overall security posture and Identity and Access Management (IAM) strategy. 

Biogen’s goal was to expand PAM coverage to include all relevant systems and users, eliminating gaps and ensuring robust oversight. By enabling detailed monitoring of privileged sessions, they aimed to quickly identify malicious activity and gain full visibility into administrative actions. Achieving compliance with Good Practices (GxP) for the biotechnology industry was a critical requirement.

Xalient partnered with Biogen to implement a comprehensive PAM solution using BeyondTrust, migrating all legacy system data in the process. A full scan of user accounts and systems across the organization allowed Xalient to map privileged users to administrative accounts and establish tighter controls. For example, access to critical systems like the email server was restricted exclusively to approved privileged users, closing security gaps left by the previous system.

Xalient also introduced automated workflows to enforce key PAM policies, including password rotation and session monitoring. Privileged sessions are now logged in detail and recorded on video, providing clear evidence for forensic investigations when needed. This ensured Biogen had full visibility into how systems were modified and enhanced their ability to respond to security incidents swiftly and effectively.

To meet GxP requirements, Xalient implemented rigorous process documentation and ensured all workflows adhered to evidence-based methodologies. By tracking every step and validating compliance through strict oversight, Biogen achieved a PAM framework that not only enhanced security but aligned seamlessly with industry standards.

Next Steps on Biogen's Roadmap

The initial phase was a substantial step forward in Biogen’s ambitious PAM roadmap. From here, Xalient will continue to assist Biogen in areas such as bringing non-human privileged account credentials under management, as well as sophisticated methods of session management.

Integrations are on the roadmap, too. Xalient plans to work with Biogen on connecting the BeyondTrust solution with SailPoint for identity governance. This will include Role Based Access Control (RBAC) with advanced reporting. PAM is expected to integrate with ServiceNow for IT ticketing support shortly as well. The company envisions instituting Robotic Process Automation (RPA) to drive further efficiency in the PAM process. PAM will also extend to managing cloud accounts, such as Biogen’s Microsoft Azure and Amazon Web Services (AWS) assets.

Moving Forward

PAM is not the simplest or easiest area of security and IT operations – especially when working within a GxP environment, but with the right solution and implementation partner, a successful PAM program is very achievable and worth the effort.

The Biogen case shows how a company can grow in PAM maturity and align with PAM GxP for the pharmaceutical industry. The process takes focus and resources, but the results are worth the investment. Before this project, Biogen was exposed to access control risks. Now, they have a much more robust set of countermeasures in place to mitigate the threat of malicious actors abusing privileged user accounts to perform unauthorized changes to their critical systems. And, the entire process is running more efficiently than it did before, so the program does not represent an increase in the scope of IT operations.

Biogen X logo

Get Started Today

Designed to teach what an effective PAM program looks like, how to evaluate your program and find gaps, which tools fit your needs best, and how to start building a roadmap to get secure.
This custom workshop is tailored to fit the needs of the attending organization – we can highlight the BeyondTrust platform or any others you’re considering.

Book your workshop
Abstract technology sphere

Explore more of our success stories

More Stories
close menu icon

Xalient PAM Workshop

Please fill in the form below to get started