Secure data sharing among the Clouds

Greater research collaboration means greater data sharing. Tom Johnson, Senior Director, Life Sciences Solutions, Exostar, argues that creating secure Cloud-based communities can speed the drug development process

Once pharmaceutical companies file a patent for a new drug, the clock starts ticking. The faster manufacturers can complete the research, development, testing and approvals process and bring a new drug to market, the more time they have to capture revenue before the patent expires and competition from generics erodes margins.

Traditionally, companies relied primarily on in-house resources to execute the process. Over the past few years, increased competition and advances in technology have spurred pharmaceutical firms to embrace a different approach – collaborating with external partners. By turning to clinical research organisations, investigators, laboratories, academic institutions, and others with specific areas of expertise, manufacturers can drive the process while focusing on what they do best. As a result, the enterprise becomes less bloated, best-of-breed partners deliver cost and operational efficiencies, and time-to-market drops.

The collaborative business model offers significant benefits, but presents challenges as well. True collaboration requires more than a collaboration tool that allows partners to share documents and data. Partners also may need access to one another’s systems and applications, which may be hosted in-house or in the Cloud.

Manufacturers must answer several critical questions prior to embarking on any collaborative endeavour with external partners, including:

  • How do they establish and maintain the connections and communications with their partners?
  • How do they define and enforce the privileges assigned to partner organisations and their individual users?
  • How can they validate the identities of individuals who work for partners?

The importance of these questions – and the complexity of the answers – rises as the number of external partners participating in the drug development process grows. If pharmaceutical companies go down the wrong path, infrastructure costs skyrocket, intellectual property (IP) and sensitive information are placed at risk, and the collaboration initiative fails to achieve its process improvement objectives.

Manufacturers initially may be inclined to build the collaborative environment themselves, because they believe that doing so allows them to best address their specific requirements and best control external partner interactions and information flow. To create this environment, companies must first implement a point-to-point connection with each external partner. More partners means more connections, and if each party in the collaborative network chooses this approach, the consequence is a redundant, full-mesh architecture (see Figure 1) that takes too much time, consumes too many resources, and is too costly to establish and operate.

Assuming the underlying communications channels are in place, pharmaceutical companies still must account for all of the individuals internally and externally who must access one another’s systems, applications, documents and data

Assuming the underlying communications channels are in place, pharmaceutical companies still must account for all of the individuals internally and externally who must access one another’s systems, applications, documents and data. The manufacturer already maintains a database or directory of its own employees and their roles, rights and access privileges to internal assets. In this scenario, that database or directory must be extended and expanded to include the employees of external partners.

The provisioning of external users can be an enormous task, depending on the size and number of partners. Maintaining the accuracy of the repository over time as partner employees arrive, depart and change roles and as partner relationships evolve is an even bigger headache. The database or directory quickly becomes inaccurate, exposing assets to fraudulent access.

The full-mesh architecture raises additional security concerns. Individuals must traverse a different point-to-point connection to access the assets of each partner organisation with whom they work. These assets will require individuals to present a distinct username, password, and possibly other credentials. The more access-related information and credentials individuals must maintain, the more likely they are to write them down, expose them, or lose them, placing proprietary applications, IP, and sensitive information in harm’s way.

Figure 1: Redundant Point to Point Connection Architecture

Manufacturers may think the ‘do it yourself’ method is right for them. For collaborative environments with few partners and users, it may be. In most cases, however, the drug development process involves too many parties for this approach to make sense, and collaboration becomes a process inhibitor instead of a process accelerator. Fortunately, there is a better way to extract the full value of collaboration.

The value of the Cloud-based identity hub: Pharmaceutical companies and the external partners they work with throughout the drug development process collectively comprise a community. Community members must be able to access one another’s systems, applications, documents and data as quickly, seamlessly, securely, and cost-effectively as possible to speed time-to-market for new drugs and therapies. The full-mesh of point-to-point connections comes up short on all counts.

The Cloud is the ideal technology for collaboration across enterprise boundaries

A hub-and-spoke architecture, delivered via the Cloud, best serves the needs of the community of manufacturers and their partners. The Cloud is the ideal technology for collaboration across enterprise boundaries. A ‘community Cloud' is a hybrid of public and private Clouds, offering the inclusiveness of the public Cloud and the security of the private Cloud. With the hub-and-spoke construct, organisations connect once to the hub, yet have pathways to the assets of all of their partners in the community – eliminating redundant infrastructure, reducing resource and cost commitments, and facilitating more immediate interactions with all parties.

The Cloud-based hub-and-spoke model is a necessary ingredient for collaboration, but not sufficient. Manufacturers need a solution that incorporates the management of user identities and credentials throughout the community. In other words, the hub must assume responsibility for maintaining the master database of valid organisations, users, roles and asset access privileges. The hub also must serve as a gateway, validating user identities to prevent fraud and enforcing the rules that control access to the systems and applications of all community members connected to the hub. Collectively, these features define the Cloud-based identity hub (see Figure 2).

Figure 2: Connect-once, Cloud-based identity hub architecture

An important advantage of the Cloud-based identity hub is that it can be delivered as a service. Pharmaceutical firms and their external partners don’t have to implement and operate the collaboration environment themselves. A community Cloud provider deploys, maintains and upgrades the solution.

The provider can perform additional functions such as:

  • Provisioning new organisations and users
  • Issuing and authenticating user credentials of varying strengths to enhance the security of community assets
  • Preparing performance reports against service level agreements
  • Delivering organisation and user training and customer care

Companies and their employees realise additional benefits from connecting to the Cloud-based identity hub. Members no longer have to build and update databases or directories of approved users and assigned privileges for individuals throughout the community. Thanks to delegated administration, owners of systems, applications and information remain empowered to identify valid users and access rights, but the master database resides and is maintained within the identity hub.

From the end-user’s perspective, the Cloud-based identity hub paves the way for single sign-on access to assets within the community. Individuals can use a credential issued by the identity hub provider, a third-party identity provider, or the existing credential they rely on to login to their local system. Single sign-on offers a compelling user experience, leads to greater productivity, and reduces the risk that passwords or other credentials fall into the wrong hands.

A practical case study

Merck wanted to stay at the forefront of the drug development process business model transformation and establish a position as the partner of choice for industry-wide collaboration. Its objectives included:

  • Creating mutually productive and fulfilling partner relationships
  • Streamlining organisation and user provisioning and offering a single sign-on user experience
  • Optimising partner interaction with a consistent, efficient online experience
  • Fostering innovation through a single network to exchange ideas, knowledge and services

To achieve its vision, Merck created the EngageZone portal to facilitate collaboration internally and externally. Merck understood the value of the Cloud and the role identity management must play in support of external partner collaboration. So, it connected EngageZone to the Exostar Life Sciences Identity Hub.

Within the first year of adopting the identity hub approach, Merck saved significant costs by eliminating infrastructure, cutting provisioning times for partners, and enhancing customer care

By taking this action, Merck could control EngageZone access without the burdens of connecting to each partner and maintaining a database of valid users across the community. Within the first year of adopting the identity hub approach, Merck saved significant costs by eliminating infrastructure, cutting provisioning times for partners, and enhancing customer care. Increased productivity and reduced time-to-market mean these savings are just the tip of the iceberg.

At a February 2014 BioPharma Research Council webinar, Andrea Kirby, Merck’s External Partner Program Director, said: ‘What used to routinely take months to start collaborating on projects now takes an average of three days – a time that would have been unheard of by Merck employees in the recent past. We blow people’s minds internally here at Merck.’

What to look for in a Cloud-based identity hub provider: Manufacturers and others in the industry who want to follow Merck’s lead and build or join secure communities to promote collaboration with external partners should evaluate Cloud-based identity hub providers against criteria such as:

  • Experience – Does the provider have an established track record?
  • Scale – How large are the communities (in terms of number of organisations and individuals, as well as geographic footprint) the provider has supported?
  • Functional breadth and depth – Does the provider also serve as an issuer of credentials? How many/what kind of third-party applications are connected to the identity hub to enhance the collaborative experience?
  • Performance – What service level agreements does the provider offer, how well does it meet them, and does it track/audit all community activity?
  • Governance – Does the solution allow community participants to comply with government, industry and corporate rules, regulations, and standards?
  • What role can the manufacturer play in defining governance for the community?

The drug development process will never be the same; collaboration is here to stay. Companies must recognise that there’s more to collaboration than deploying a collaboration tool. The Cloud-based identity hub enables manufacturers to create secure communities as quickly and cost-effectively as possible. As a result, parties can collaborate with confidence, knowing their IP and sensitive data will be protected regardless of how large the community grows. The Cloud-based identity hub is the catalyst that unlocks the power of collaboration, driving the productivity gains that streamline the process, bring drugs to market sooner, and maximise revenue opportunities.