Skip to main content

Data security in a collaborative environment

The model outlined above has the added benefit of spreading risk and allowing industry to tap into niche expertise and specialisation. But partnering or outsourcing inevitably involves the two-way traffic of information, and that raises major concerns about data security, confidentiality and the ability to track and monitor exactly who may get to see your IP and other commercially sensitive data. Software developers and vendors have been turning to the cloud as a secure and flexible platform for establishing virtual workspaces and collaborative environments for the R&D sector. 


Confidentiality and data security are integrally linked with the overall complexity of outsourced and partnered projects, suggests Scott Weiss, senior director of product management at IDBS. An R&D organisation may have agreements with multiple service providers and contract research organisations (CROs), as well as research and development partnerships and collaborations based on licensed or shared IP. ‘Each of these agreements will involve different working relationships and have different outcome goals, and for each you need to make sure that the partner or service provider has access to all the data that they need to carry out their function most effectively and efficiently. At the same time you need to avoid passing on any sensitive information or compromising confidentiality, and ensure that any data that you do exchange can’t be accessed by any other external parties.’ 

Losing context in shared data

At the most basic level, any collaboration or service agreement is founded on a contract that outlines the activities of each party, and the nature of the information that is generated and shared, and how it may be used. Setting up a conduit for this information exchange, and ensuring that the data is in the most useful format, can be a major sticking point, Weiss points out. ‘Commonly, data is passed to the partner as a PDF, Excel or Word file by email, or through SharePoint or Dropbox. These summarised documents may contain only results and essential data for auditing, and lack any important context, so a huge amount of value is immediately lost.’

The problems do not lie with any lack of technology to facilitate the exchange of richer information, but the security risks are evident, Weiss comments. You typically can’t give an external party access to your in-house laboratory information management system (LIMS) or electronic laboratory notebook (ELN), or indeed to any data that is behind your firewall. ‘This means that you have to rely on internal IT departments to unlock and release packets of data that may need to be shared with collaborators. This is a hugely time-consuming and inefficient process that can leave key information behind; results in fragmented two-way communication and data flow; and hampers real-time review and decision making.’

Collaborative environments in the cloud

One way of facilitating richer, more seamless partnering – while retaining confidence in security – is to set up a collaborative environment in the cloud, so that sensitive data can be shared, with individual or multiple collaborators at different levels, without having to punch holes in firewalls or put in requests to IT personnel, he continues. ‘Following consultation with our customers we have developed E-WorkBook Connect, a cloud-based software as a service (SaaS) module. Offered as an extension of E-WorkBook, the new module supports safe and secure communication, scientific task management, and research content submission and review. Connect has been developed as a nimble and flexible platform that enables users to set up and run contracts, partnerships and collaborations rapidly, and disassemble them just as rapidly.’

Launched in January 2016, E-WorkBook Connect effectively provides a cloud-based virtual research environment that doesn’t compromise the corporate infrastructure. The working environment remains securely connected to the organisation’s internal informatics infrastructure, but offers a neutral space for organisations to invite external parties outside of their corporate firewalls to share, collaborate and work on live data. ‘E-WorkBook Connect also recognises scientific content, enabling parties to work together on, say, chemical structures, in real time. And at the end of a workflow or experiment, users will then be able securely to publish completed study data directly to E-WorkBook with a few clicks.’ 

Delays, inefficiencies and increased risks

Externalisation, outsourcing and collaboration may be at the core of business and research models for a growing number of companies in the R&D sector but, across the biopharma value chain, information-driven decisions are being delayed because of a lack of clear and timely insight into experimental data across multiple locations, comments Anthony Uzzo, CEO at Core Informatics. ‘Seamless data collection, sharing, and analysis are vital for R&D innovation, but top-notch research is being hindered because R&D organisations are trying to manage information using complex combinations of Sharepoint sites, Dropbox folders, email, and mail and courier services,’ he notes, mirroring comments by Weiss. ‘This results in delays, inefficiencies, and increased risks from lost or unusable data. The majority of life sciences organisations cannot easily create collaborative data-sharing environments with different access levels, applications, and security rules.’

Core Informatics has addressed these issues by establishing Core Collaboration, a platform that provides immediately accessible, securely sequestered, virtual workspaces for global collaborators. ‘Core Collaboration supports synchronous data viewing and provides project dashboards that show only the information the viewer should see by leveraging granular permissions at the individual, team, and organisation levels. The platform is designed for leaders in biopharma to derive greater value from externalisation strategies by enabling deep and real-time collaborations, while ensuring privacy and security.’

Secure, walled data stores

Core Collaboration was created to drive R&D efficiencies for clients who want to reduce complexity while ensuring the highest standard of security, data and experimental protocols are maintained, Uzzo explains. ‘The workspaces are effectively walled data stores, within the same database, and so ensure that only the external partner assigned to the workspace and the owner of the system can access the data. The information is shared securely and seamlessly. Approved collaborators can use pre-configured Core products  – Core LIMS, ELN, and SDMS (scientific data management system) – and applications to achieve the owner’s objectives. When a workspace is decommissioned, the data remains intact in the database and the external partner’s access rights are withdrawn.’

Yet security issues do still represent a major hurdle to the establishment of true open innovation partnerships, suggests Andrew Anderson, VP of business development at ACD/Labs.  The Toronto-based firm’s flagship cheminformatics platform, ACD/Spectrus, specifically allows scientists to collect, analyse and interpret chemical, structural and analytical data in a real-time environment. ‘The R&D sector is willing, in theory, to embrace a wider, more flexible ecosystem of partners across the development life cycle, from early research through to contract manufacturing. However, setting up such open environments represents a significant headache with respect to cross party data handling and transfer.’ 

Partnership relationship management system

In essence, confidentiality and IP issues are the same, whether you have one or multiple partners working on the same project, but the complexity of dealing with those issues is increased the more partners and the more diverse your collaborative environment, Anderson states, concurring with Weiss. Key to any short- or long-term collaboration or contract research agreement is a partnership relationship management system that will help to oversee both the quantitative and qualitative exchange of information. Anderson maintains that three important considerations will ensure impactful collaborations, while maintaining security. The first is collaborative governance. ‘Any system that establishes either long-term or transient connections within partnership networks must manage the frameworks for how collaborations are contractually defined’, he stresses.  Specifically, method, frequency, and format of correspondence should be designed within the system.’ 

Permission management

The second consideration is permission management. The system must manage roles and responsibilities for all stakeholders within a collaboration. ‘Moreover, the system must also offer sufficient granularity programmatically to facilitate the successful management of such roles and responsibilities.’ From a security perspective, this is the most critical element, Anderson comments. ‘For example, from initial information exchange through results dissemination, collaboration interfaces should control who has access to data, assuming that appropriate authentication functionality is in place.’ Extracting information from the system should also be controlled, for example, by limiting reporting outputs to assure that information cannot be inappropriately extracted from the system without permissions/authentication to do so.  

The third consideration is functional specialisation. ‘Oftentimes, proprietary and confidential information is summarised using abstraction and transmitted using electronic documents,’ Anderson point out.  He concurs with Weiss and Uzzo that email is not the most secure mode for the transfer of potentially sensitive data. ‘Organisations retain a very document-centric approach that relies on email for communication. But scientific information exchange requires specialised language. By embedding such specialised communication functionality directly into the collaboration system, one avoids the ‘portability’ risk that electronic documents exhibit. The Spectrus platform, for example, offers specialised communication functionality for experimental summaries in analytical measurement sciences. We also offer the data translation tools that allow authorised users to read data that has been sent in proprietary formats.’

Benefits outweigh risks

There is no indication that this growth in partnering will slow and, despite ongoing concerns about security and confidentiality, the industry recognises that the benefits of working with solution providers that offer specific expertise and IP far outweigh potential risks associated with exchanging sensitive data, notes Megean Schoenberg, director of product management, informatics, at PerkinElmer. ‘Cloud technologies have had a major part to play in facilitating collaborative models. Go back five years and organisations were worried about the perceived safety issues of using cloud technologies. Today, the industry is far more willing to leverage cloud-based informatics platforms for sharing research, workflows, results and analyses. Setting up collaborations in the cloud means that each party has access to the same informatics infrastructure. At the same time, data exchanged as part of the joint work or service activities is kept corralled in the cloud, helping to ensure that in-house systems are at much less risk of breach.’

Despite a huge focus on security and confidentiality, email still remains one of the most frequently used methods for transferring information, both within and between organisations, Schoenberg comments. ‘We don’t yet seem to have realised that emailing and texting from smartphones are major risks to data security, despite the widespread availability of encryption software. Even emailing documents from one department to another within the same company poses a security issue. Security issues aside, sending emailed updates as Word files after the event doesn’t provide context, and doesn’t allow the sponsor organisation or collaborator to follow workflows and experiments as they happen in real time.’

PerkinElmer recognises the need for a flexible informatics infrastructures that will support secure communication and data sharing between research partners, CROs and their clients. ‘Thinking particularly about the huge growth in outsourcing to CROs, we are working with clients to develop an environment that will allow sponsors rapidly to set up a web-hosted collaborative environment for their CROs, which will enable secure communication and information exchange. These environments can then be closed down quickly when the relationship ends. Data is transferred into the platform for access, but only for as long as it is needed. It can then be pulled back down behind the corporate firewall.’

A quick-fit, cloud-based ELN

This flexibility is important when you consider that R&D organisations often have their preferred CROs, contributors and partners, who they may work with over many years, but perhaps only for short periods at a time in any one project. ‘Using a quick-fit cloud-based ELN environment means that links can be shuttered when there is no ongoing collaboration, reducing the risk of accidental or intentional transfer of sensitive data, or of third parties accessing proprietary information. ‘

The requirements to keep data secure should not be an excuse to stifle collaboration and outsourcing, which have transformed the R&D sector and demonstrated huge benefits in terms of innovation, cost savings and successful development, Schoenberg stresses. ‘Security issues should not hamper the exchange of the very data that will inform decision making and drive a project forwards. Informatics providers have a major role to play in ensuring that the technologies are available to aid safe and secure communication and data flow.’


Read more about:

Laboratory informatics

Media Partners