Case study

Fortify on Demand delivers fast and cost effective app security clearance for revolutionary new medical device

Challenge

TLT saw an opportunity when it realised that the current, cuff-based, blood pressure method is error-prone. Inflating a cuff can create alerting responses and false positives. It was clear doctors and patients are looking for more accuracy and ease of use in monitoring blood pressure.

Nita Shah, co-founder and CTO at TLT, continues the story: “Our biosensor is similar in design to a watch and can non-invasively acquire physiological data that is currently only available through intra-arterial blood monitoring. Having started a clinical study with Barts Hospital, we anticipate a positive outcome, and are in the process of commercialising our device. We have global patents in place, and are working with the regulatory authorities on CE mark and FDA approval.”

Delivering a high quality, safe, and fit for purpose device are top priorities for manufacturers. The TLT sensor contains software, embedded in the device, and as a user-friendly phone or tablet app. The challenge was in security verifying these software components, as Nita Shah explains: “Being a start-up, we are costconstrained, and the static software analysis tools on the market were completely beyond my budget. With the increased global importance placed on cybersecurity we needed a flexible security testing solution to satisfy our regulatory auditors.”

Solution

TLT turned to Micro Focus® Partner IntelliQA for advice. An experienced application delivery management consultancy, IntelliQA recommended Micro Focus Fortify on Demand. This is designed to launch an application security initiative within a day, without the need for infrastructure investments or security staff.

This was welcome news for Nita Shah: “Fortify on Demand could not be easier to use. IntelliQA uploaded the app code, Micro Focus security professionals performed an immediate assessment and, within just a couple of hours, we received a comprehensive report with relevant metrics, filtered by severity, showing any potential vulnerabilities. Thankfully, the issues highlighted were relatively minor and easily rectified by our development partners. However, had they been included in the version submitted to our regulatory auditors, it would have caused unnecessary delays to our certification process. As it was, the issues were quickly fixed, we requested a remediation scan through the Fortify on Demand portal, and our app was security-cleared; all in the space of a couple of days.”

TLT’s core competencies are in medical engineering and science and, although the core device technology is managed in-house, the app development is outsourced. With a medical device, there is always the danger of a software bug causing issues in a clinical study or regulatory audit, so risk management is top of mind and the software and associated processes have to be failsafe. Nita Shah knows this is just the beginning for TLT: “We intend to launch at least another five apps for different use cases of our biosensor device, so establishing the right software development and security testing process now is vitally important to us. Using Fortify on Demand gives us an easy way to ratify our developer’s code so that we can feel confident in its performance during clinical studies.”

Because Fortify on Demand is flexible, as the app develops and user feedback is collated, TLT can make code improvements that are simply put through the same assessment to ensure it is robust before progressing its journey towards a commercial device.

150

times cheaper to use Fortify on Demand compared with a static tool

36M

blood pressure monitors sold each year

$9B

annual blood pressure monitoring market

Results

It takes years to bring a new medical device to market. However, with the blood pressure monitoring market worth $9B annually and 36 million devices sold every year, it is worth getting it right. Every day saved in achieving regulatory certification is a day closer to bringing the new device to market. This is exactly where Nita Shah sees the value of Micro Focus and IntelliQA: “All of our applications now go through a Fortify on Demand security scan that I feel will get our biosensor technical file fast-tracked through the auditors, with huge cost and time savings associated.”

She concludes: “We estimate a static tool would have cost us 150 times more than using the flexible Fortify on Demand solution. Fortify on Demand is now a central part of our software development cycle, and we are delighted with the support from Micro Focus and IntelliQA.”

What can Micro Focus do for your Security?

Tarilian Laser Technologies case study

Related stories

release-rel-2020-10-1-5313 | Wed Oct 14 18:06:08 PDT 2020
5313
release/rel-2020-10-1-5313
Wed Oct 14 18:06:08 PDT 2020