Enterprise Services Blog Endangering the Life Sciences Marketplace: Collaborative Research and Innovation

Endangering the Life Sciences Marketplace: Collaborative Research and Innovation

  • March 10, 2017

By Cheryl Soderstrom

It’s special — that’s why I like the life sciences industry. Literally hundreds of millions of people trust this industry with their lives every day. And I do mean trust, because trust is at the heart of care. I also like the life sciences industry because it’s an industry in an exciting digital transformation, taking advantage of advancements in technology to make chronic conditions more manageable, eradicate diseases and save lives. So my industry, the IT side of the partnership, meets medicine in the most purposeful life-giving way.

Digital transformation is happening, meaning a huge part of the life sciences value now being created exists in cyberspace. I’m talking about cognitive computing and sophisticated analytics from new data sources. Researchers enabled to conduct scientific research on collaborative pre-competitive research platforms, data and tools. Aggregation of hundreds of thousands of patient family histories, health histories and treatment histories. Voluntary social data flowing everywhere mapped to sophisticated analytics. New apps and real-time sensors we wear on our bodies. But I’m also talking about cyber closer to the molecules. 3-D printing. Nanotechnology embedded in the pill we swallow—reporting back on our drug regimen adherence and bodily reactions. The massive capture and analysis of genetics and phenotypic data, and metabolomics analysis and other words we’ve never heard of. Here’s to your health!

But not everything is coming up roses, as is so often the case with reality.

Digital transformation is benefiting life sciences in three very significant ways. Because of market digitization, breakthrough research, new business models and personalized medicine are now possible. But consider: The public value, the private value and the personal value exist primarily in cyberspace. So I call these things Three Big Forces for Good that are Endangering the Life Sciences Marketplace.

Let’s think about The First Big Force for Good: Collaborative Research and Innovation.

Breaking the barriers to research breakthroughs

Collaborative research—when a bunch of brilliant scientists come together and look at the same data to hypothesize on ways to attack diseases. There is a movement for collaborative learning to drive next generation medicine. The study of diseases is becoming more global and interconnected. Why? Because the market acknowledges that going it alone creates barriers to breakthroughs. Let me explain.

It takes about 12 years to develop a new drug from lab to patient. To achieve that, you need organic chemists, biochemists, physiologists, molecular biologists, statisticians, toxicologists and pharmacologists. You’re also going to need fancy labs and technology. That’s expensive. If you come up with something promising, then you have to make it through preclinical testing, And maybe only one in a thousand new potential drugs are ever given to humans, and only 20% of those ever go to market. The ones you get right cost many hundreds of millions of dollars (some say $2B+!). The ones you get wrong never pay you back. Meanwhile, you may have a competitor working on similar therapies.1

This burden is a barrier to breakthroughs. But there’s a better way. Life sciences pre-competitive research now leverages worldwide networks and discovery platforms, contract research organizations, crowd research platforms, and disease management consortia. This allows heterogeneous teams of drug companies, academia, non-profits, LifeTech and government agencies to work together globally to advance drug development. Competitors contribute to shared challenges and reduce duplication of efforts—even though they will compete in product development later in the life cycle. Life sciences organizations can better differentiate specialties, manage pipeline and optimize product portfolio. Maybe you study correlations between genetics and phenotypic (that’s about physiology or biochemistry for the laymen) traits. Maybe certain molecules that jumpstart biological reactions (positive drug response or drug rejection?).  Even though the compounds studied are chemical or biological, the data mining and the modeling “answers” are almost all digital.

First open, then closed

Scientific study like this wants to be “open” and published. However, trade secrets want to be “closed” and tightly guarded. So security policies and mechanisms need to reflect both the stage and scope of collaborative research. Primary research data and tools can be shared for a specific line of inquiry. Interaction with research partners and platforms must still be secured—with access controls, limited researcher credential authorizations and communications security to protect the integrity of the platforms and especially the resident data.

Once hypotheses about gene/compound interactions are tested and proven—those findings and subsequent finesse become closely guarded secrets. Enter cybersecurity into the formula! Comprehensive cybersecurity measures are required. Of course, access, identity and communications controls remain paramount; security must extend to the full “protective continuum.” This adds ecosystem policy and behavior management, cyber defense and resilience, enterprise security posture visibility, and security intelligence.

The protective continuum

Policy and behavior management starts with an enterprise’s mission and business goals enabled by security strategy, authority, organization, architecture, and risk governance. Life sciences companies must use as much discipline around cybersecurity as they do for drug or equipment manufacturing. Security policies and standards must be promulgated and enforced. The concept of “least privilege” must guide access policy. Physical and cybersecurity need to be addressed within each phase of the IT lifecycle as core requirements. And cybersecurity talent acquisition and retention must be built into the system.

Identity and access management are the keys to the kingdom—and must be governed and guarded just like trade secrets. Identity federation can simplify management functions and improve security and privacy controls and analytics. Roles and authorizations should be defined based on “need to know” or “need to do” rather than broad authorities. Digital rights–and “wrongs”–must be assigned to people and devices, where “wrongs” can be detected by context. Right person, wrong device? Right device, wrong time? Right person and device, wrong cohort usage pattern? The list goes on.

Now I know cyber defense and resilience is a big bucket. It includes all the usual suspects (asset and configuration management, infrastructure and network active defense, applications security to name a few). But I include here executive (Board) engagement. Good cybersecurity takes commitment from the top down—meaning not only oversight but appropriate budgets, talent and attention. Along with maturing your CISO’s cyber defense center or Security Operations Center, you need to consider enterprise data lifecycle security, including format-preserving encryption and data loss prevention at ingress/egress control points. Resilience implies planning, training and testing of your organizations ability to maneuver, protect critical assets, and foil attackers in the face (and assumption) of cyber compromise.

Enterprise visibility also requires resources and sponsorship. The focus is on cybersecurity measurement frameworks, vulnerability scanning, enterprise log management, and risk reporting and security analytics. And like all good research, security hypotheses must be tested. That means sophisticated technology-based compromise assessments and unannounced red team attacks against your defenses. Usually “visibility” also implies some sort of shared, tiered security posture dashboard as well as regular interaction with the Board.

Finally, security intelligence gathering enables informed decision-making about security resource allocations to achieve a security posture appropriate to acceptable organizational risk appetite. Security intelligence can include external threat intelligence sources, adversary profiling, scalable threat intelligence vetting, industry or government advanced sharing platforms, and deep network and user behavioral analytics.

Eradicating diseases, advancing the quality of life managing chronic conditions or developing life-saving drugs aren’t easy. Neither is cybersecurity in the exploding field of life sciences. But we can’t really trust the former without the latter. And trust is at the heart of care.


About the Author
Cheryl Soderstrom , Americas Cybersecurity Chief Technologist. Cheryl Soderstrom is the Americas cybersecurity chief technologist for Hewlett Packard Enterprise. In this capacity, Ms. Soderstrom brings the larger HPE cybersecurity value proposition to industry leaders and key clients. She leverages deep HPE insights gained from securing global operations for our customers and ourselves, HPE Managed Security Services leadership, and our collaborative security research teams, who study and correlate the threat landscape and vulnerabilities in cyberspace.


1Source: California Biomedical Research Association