Enterprise Services Blog Endangering the Life Sciences: New Business Models, Partnerships, and Supply Chains

Endangering the Life Sciences: New Business Models, Partnerships, and Supply Chains

  • March 22, 2017

By Cheryl Soderstrom

New business models, partnerships and supply chains are exploding the need for broader and more complex cybersecurity in the dynamic life sciences value chain. This is the Second Big Force for Good Endangering the Life Sciences. (See my earlier post on the First Big Force for Good Endangering the Life Sciences here.) Digital everything is driving new insights and access to ‘real patient over time’ information. This is real world feedback the likes of which we’ve never seen before.

The life sciences industry is converging—just not exactly like the old days. There are still mergers and acquisitions consolidating market leadership and expanding global reach. But now more than ever there are splits and divestitures to sell off noncore franchises, plus carve outs and joint ventures to replenish drug pipelines and position companies in key therapeutic areas. But there are also more imaginative business models and partnerships with IT disruptors that bring nanotechnology, 3D printing and wearables into the equation. Health is mobile. There’s an app for that (whatever that that may be). Analytics are moving from descriptive (what happened? what are the trends? what are the outliers?) to prescriptive (given X, what should I/we/you do next?). In the middle of it all are the new class of data brokers marketing the data that enables the discovery of all the new patterns.

The stakeholders are changing

Even the regulators are trying to get in on the action, so they’re not regulating the last decade’s market but the emerging delivery of care as well. Similar to collaboration going on in research divisions, Pharmaceutical firms now share intellectual property, data, and relationships across more complex stakeholder ecosystems.

Digital transformation and the digital strategy is actually driving the business strategy, not the other way around. If an organization’s strategy is dependent on goals and resources, advances in technology make new resources available—a lever that drives strategy. Market disruptors are also “new resources” that can contribute to or drive strategy. That’s why digital transformation is so remarkable. Digital is in the driver’s seat.

New business models can mean partnering with some-time competitors, big tech companies, local manufacturers, information brokers, patient groups, cybersecurity companies, and new value chain partners (like “health-tech” providers or nutraceutical firms).

Differentiated supply chains

Differentiated supply chains can leverage specialized transportation, warehousing, and logistics resources chosen specifically for various pharmaceutical and medical products. Custom supply chains enable firms to balance demand and supply, gain better real-time inventory visibility, and meet regulatory, regional, and business goals.

Emerging markets may require their own manufacturing and distribution networks. The new supply chains are designed for drugs, not just drug companies. “The Supply Chain of One.” And if these supply chains are adaptable—that’s more real competitive advantage.

Like many industries, life sciences is slowly moving from a product-based market to a services-based market. In the traditional model, pharma companies want to move drug products into the hands of physicians, with physicians doing the sell-side to patients. The new model disintermediates the physician as the gatekeeper to the end consumer or patient. Suddenly, Customer intimacy and communications are paramount.

The wrong kind of real world evidence

Is it any wonder that recognizing risk and cyber insecurity is becoming harder to do? The Second Big Force for Good—new business models and non-traditional partnerships–also endangers the life sciences marketplace through the possibility of inherited risk.

A more complex partnership and coordinated digital strategy driven by healthcare executives create opportunity—and introduce significant cybersecurity challenges. Digital transformation leveraging new models and partners needs to include building cybersecurity into the relationship fundamentals.

Companies must provide convenient but secure access to systems, business processes, data, and intellectual property. They must also address threats such as untrusted communications, corporate espionage, compromised R&D pipelines, fraud, and manipulated sources, materials and pricing. Any of these threat vectors can be inherited from new players, new partners, and new platforms in the dynamic life sciences ecosystem. We see the “real world” evidence of this every day.

The P5 Model

When integrating new life sciences disruptors in the latest go-to-market business models, the partners are specific, and can be longer lasting. This is helpful from a cybersecurity perspective. At this level of integration, cybersecurity is all about driving out inherited risk by looking deeply for vulnerabilities—one partner at a time. Cybersecurity doesn’t have to be a mystical unrealizable goal. New business models and new partners come with real policies, people, processes, products and proof points. We call this the P5 framework. It’s all about assessing your partners (or yourselves) on their levels of cyber maturity.

This capability maturity model allows a structured objective point of view on cyber risk factors you’re bringing into your ecosystem. From a People perspective, do they have the security talent needed to do their fair share of the cybersecurity load across the relationship? Are they trained, do they have back-ups? Can you work a joint cybersecurity program with them?

From a Policy perspective, do they know what they’re doing? Are their security policies well-communicated and enforced? Are their security policies applied to their supply chain partners?

From a Process perspective, are their cybersecurity processes assumed, poorly documented or not well known? Are processes more like task lists rather than descriptive, with inputs, processing and outputs that are measured? Have their security practices kept up with the times and the risks they bring?

From a Product perspective (we call it Product because Product starts with P), we’re really looking at automation and the use of technology to enforce the prescribed cybersecurity controls. Are security tools and platforms heterogeneous across their organization, or have they applied a standard security architecture with SLA-based solutions? What are they logging? Encrypting?

From a Proof perspective, how do they measure effectiveness of established controls? How well do they do in audits? Is measurement based on subjective or even verbal attestations or are there qualitative and quantitative performance results that can be independently validated? How often do they assess cybersecurity posture against new attack vectors (vulnerabilities) and threats (bad actors)? What does the red team find? What does the green team find?

The P5 Model helps you look at the maturity of potential controls across the cybersecurity posture, from identity and access management, to transactional hand-offs and data protection schemas, to back-up and recovery procedures. These things exist in the real world. In fact, cyberspace exists in the real world. And so does cybersecurity. Remember, trust is at the heart of care.


About the Author
Cheryl Soderstrom , Americas Cybersecurity Chief Technologist. Cheryl Soderstrom is the Americas cybersecurity chief technologist for Hewlett Packard Enterprise. In this capacity, Ms. Soderstrom brings the larger HPE cybersecurity value proposition to industry leaders and key clients. She leverages deep HPE insights gained from securing global operations for our customers and ourselves, HPE Managed Security Services leadership, and our collaborative security research teams, who study and correlate the threat landscape and vulnerabilities in cyberspace.