Mike Towers – Takeda

When Mike Towers was first asked to work in information security while with a biopharma company in 2008, he had no idea why.

He’d been with the company for more than a decade occupying roles in technology and management. He was experienced with directing strategies for the company but didn’t have military or law enforcement experience unlike other people working in information security and cybersecurity.

But as Towers took on the role of vice president for information security assurance, he discovered he was closer to business operations than ever because security and risk is an everyday consideration.

“I also felt good from a personal motivation standpoint because I was working in an industry driven to help people’s lives,” he says.

Flash forward to 2022 and Towers still guides security in the pharma industry. However, he’s now doing it from a new angle as chief digital trust officer for Takeda since April—a role he says is unprecedented within the sector and crucial to the industry.

“I’m personally committed to improving trust, resiliency and sustainability for health care overall,” Towers says. “On the industry side, we need to recognize how data and personal information is used because it has been inadequate in terms of protection, sharing and access.”

Beyond a CISO

Headquartered in Japan, with Boston as its U.S. global hub, Takeda celebrated its 240th anniversary in 2021. The company has grown from founder Chobei Takeda I selling traditional Japanese and Chinese medicines into a global operation focused on developing therapies for oncology, rare diseases, neuroscience and gastroenterology. The company also invests in R&D for plasma-derived therapies and vaccines.

Towers joined Takeda as chief information security officer in August 2018. In his new role, he still has CISO duties, but his focus has expanded to helping the company grow while strengthening trust in the health care and pharmaceutical industries.

“One of the biggest barriers is people don’t have access to technology or systems to share health outcome data and worry about misuse or exposure of their data and personal information,” Towers says.

While people continue to get better information on their personal health because of devices such as iWatches and Fitbits, sharing that data overall remains a challenge even though it can be beneficial to the people wearing the devices.

Towers says using all the data ethically, including from drug discovery and clinical trials, as well as analyzing patient and disease patterns, is crucial, too.

“It needs to be unbiased,” he says. “We need to look at data and analyze it with the appropriate intent and purpose.”

Since assuming his new role, Towers has added a team leader entrusted with data protection and integrity who works with colleagues in data science and data platform areas.

Building tools and trust

“We need leaders who understand how to discuss and manage risk. We take risks every day in our lives and understand and accept them. It’s no different in business,” Towers says. “That can be different than just understanding technology, but it’s a business principle that some risks will need to be accepted—with sufficient mitigations and compensating controls.”

While expanding the data protection and integrity area, Towers and his team are working to improve stability, resiliency and security in Takeda’s operations and use of data and analytics. This requires people who understand the pharmaceutical value chain and processes—from R&D and initial development through stages including clinical trials to gaining approval for therapies and launching them.

Towers and his teams helped launch the “TakedaID” for physicians, patients and plasma donors in 2021. He compares it to an Apple ID—the authentication method that accesses all of a user’s Apple devices and manages personal information and settings.

TakedaID is currently used by about 2.7 million health care providers, patients and plasma donors. Towers says the authentication levels for sharing information can be adjusted, and that there are 110 application programming interfaces available to patients and physicians for sharing data and information.

“Access to health care should be like travel or booking a hotel,” Towers says. “When I fly, so long as I have a passport and booked a ticket, I can get somewhere. But if I have a health emergency somewhere away from home, it’s much less efficient to get care or access my data.”

Towers adds he and his team have built in consent for sharing data and master data updates for physicians, making sure the consents meet requirements such as those in the Health Insurance Portability and Accountability Act and European Union’s General Data Privacy Requirements.

“It’s a question of how do we look to external stakeholders—the doctors, patients or plasma donors?” he says. “We want to be crisp, concise and secure. We need to offer trusted digital engagement. It’s more than apps, it’s social media and web presence, too.”

A collaborative approach

Though Towers never expected to work with data or security, he’s always been interested in applying technology to businesses.

He was born in New York, though he moved frequently as his father worked in the hospitality industry. While studying computer engineering at Notre Dame University, Towers also covered sports for its sports information department. He earned his bachelor’s degree in 1994, and an MBA in e-business from St. Joseph’s University’s Erivan K. Haub School of Business in 2003.

He began working in the pharmaceutical industry as a technology manager for client-server systems at SmithKline Beecham in 1994. Towers then became a director for emerging technologies, then technology strategy and then B2B and perimeter services, while navigating multiple acquisitions and integrations.

Then came the pivot to information security. Towers was vice president of information security assurance at GlaxoSmithKline from October 2008 to September 2013, when he joined Allergan as vice president and chief information security officer. Towers also serves on the boards for Health ISAC and Cyberstarts.

“The only chance we have to do [information security] well is with a collective industry focus,” Towers says. “We may compete for the attention from doctors and the efficacy of medicines. We can’t compete in terms of what we all need to do for security.”

View this feature in the Fall I 2022 Edition here.