December 6, 2016
by Andrew Anderson, Vice President of Innovation & Information, ACD/Labs
Earlier this year, I had a conversation with Sophia Ktori, a reporter for Scientific Computing World, to talk about security issues in the age of R&D outsourcing. In the ensuing article, Sophia stated, “The R&D sector is increasingly turning to collaborative, partnered and outsourced projects to boost innovation, reduce costs and help expedite development.” While this is not an industry secret, this trend has led to a number of security concerns in our industry, and after looking back, I feel our discussion still rings true almost 10 months later.
Below, I have outlined a few of my key takeaways—some of which made it into Sophia’s article and some did not. However, if you would like to check out her full story, “Data Security in a Collaborative Environment,” before reading on—click here.
Security issues continue to be a major hurdle for open innovation partnerships
I mention this in the article, but the R&D sector is willing, in theory, to embrace a wider, more flexible ecosystem of partners across the development life cycle, which encompasses early research through to contract manufacturing. However, setting up such open environments leads to a number of issues with respect to cross party data handling.
This is because confidentiality and intellectual property (IP) issues are the same, whether you have one or multiple partners working on the same project, but the complexity of dealing with those issues is magnified by the number partners involved in a particular collaborative environment. Therefore, the key to any collaboration or contract research agreement—whether it is long or short term—is a partnership relationship management system that will help to oversee both the quantitative and qualitative exchange of information.
The 3 step partnership relationship management system
I have always believed that there are three important considerations for ensuring impactful collaboration environments, while maintaining security.
- Collaborative governance: It is critical to establish a system that contractually outlines how connections within partnership networks must be managed. Specifically, the method, frequency, and format of how correspondences should be designed within the system.
- Permission management: From a security perspective, the system must manage all of the roles and responsibilities for each stakeholder within the collaboration environment. And more importantly, it must offer the necessary level of detail to facilitate the successful coordination of each role. For example, throughout the entire development life cycle—from initial information exchange through results dissemination—collaboration interfaces should control who has access to data. Extracting information from the system should also be controlled. Mostly, by limiting reporting outputs to assure that information cannot be inappropriately extracted without proper permissions and/or authentication.
- Functional specialization: More often than not, IP is condensed using abstraction and transmitted using electronic documents; usually through email. However, this is not an ideal method for transferring such sensitive data. Scientific information exchange requires a more secure, specialized language. By embedding this coded information directly into the collaboration system, individuals in the collaboration environment can avoid the inherent risks that email cannot account for.
If you would like to learn more about the security concerns associated with open innovation partnerships, I encourage you to check out Sophia’s full article. Also, my colleague Graham McGibbon and I recently spoke with her to discuss the challenges of data standardization, and the subsequent story can be found here.
Do you have any ideas about either of these topics? Feel free to drop your thoughts into the comment section below!