Rethinking clinical collaboration: Why complexity doesn’t guarantee security
This blog is a part of a Life Sciences series focusing on key trends emerging in the industry – for a brief introduction to the series, read this post by Manu Vohra, Managing Director of Global Life Sciences at Box.
Security and information governance are critical in Life Sciences. Extra protections don’t have to equal poor user experiences and here's why:
When I first joined Box, my manager told me something that really struck a chord: “Technology used to have to be complex in order to be considered secure”. While this doesn’t have to be the case with today’s business apps, this legacy perception still prevails in some areas. The net result is often hard-to-use technologies that are tricky to deploy and integrate for IT, and are rarely fully utilized by employees. All of which costs the business money through lost productivity and a higher TCO.
Security is vital for the Life Sciences sector, but it can also be built on layers of technical complexity that have developed over the course of many years. Regulation has caused some of this, but so too has fear. Jobs are on the line, and naturally those people responsible tend to go the extra mile to make sure things are locked down as tightly as possible. This often results in a system that is almost ‘proudly complex’.
Document management is a good example. Take for instance a pharmaceutical company working on finalizing a contract with 14 people in the approval loop. In a traditional workflow, when things change the entire process has to reset. If signatory number 13 in the chain makes changes, they may need to go back to the beginning of the process. Inefficient is an understatement.
Complexity doesn’t always equate to security. I was recently speaking to a contact on the regulatory side of a Life Science organization. Prior to working with us, most of the audit-related content existed primarily in paper form. With offices closed due to Covid19, teams couldn’t access the material, and with digital copies on a locked-down VPN, they couldn’t provide external access easily.
When the company in question received notification of a clinical audit, the only choice was to purchase a vast number of USB drives and CDs, download a considerable amount of critical and highly sensitive information and send it by mail to their regulatory body.
This is documentation that includes details on clinical trials and information on potentially life-saving products. What happens if those documents don’t arrive or end up somewhere else? Ultimately, a system entirely designed to ensure the security of that documentation ended up undermining it completely – not to mention wasting hours of valuable time.
It’s with archaic processes like this that I’m surprised cloud-based tools, such as Box can still sometimes be seen as ‘not secure’. We live in a golden age of technology, one in which apps can be elegant and intuitive as well as secure. We no longer have to make hard choices between user experience and risk limitation. In fact, the easier an organization makes it for users to work as they want to, the more secure they become. By giving users the ability to collaborate conveniently and flexibly, you are lessening the danger that they’ll – either knowingly or unwittingly – circumvent the controls already in place.
One of the great things I hear about Box is that, in addition to security, Box helps our customers to work smarter. Part of that lies at the infrastructure level. Rather than individually servicing users asking for folder access or new sharing permissions, you can establish the core security principles required and then let people work and create as they need.
There’s also a compelling efficiency angle to this approach.
In the clinical audit example, the company in question is now using Box to manage collaboration with counterparts in the FDA and EMA. They have been able to create a document structure in the cloud that precisely matches the list of documentation those agencies want to view. Folders are allocated to content owners, and then shared with auditors when required – all via secure links. No emailing or USB drives needed.
Not only does this speed up audit readiness, because each folder provides usage and access statistics, but the team can see exactly which documents are opened (and most important to the auditors). Over the long-term, this will help the audit team make better-informed decisions about where to focus their time and resources. It’s like studying for a test and knowing exactly which topics the professor is going to focus on!
Interestingly, this audit use case wasn’t on the agenda when we first spoke to the client. The discussion was all around security. But Box doesn’t only help Life Sciences companies solve pre-determined business challenges – it also delivers an intuitive, time-saving work experience that gives users flexibility around how they employ it. People enthusiastically adopt Box to address one challenge and then explore what it can do to solve others. I like to think of us as a springboard to innovation; the safety nets are all there, they just don’t get in the way.
So, yes, “technology used to have to be complex to be secure”. Today, a better line of thought is: “technology doesn’t have to be complex to be secure”. Rather than making ‘proudly complex’ systems, let’s give credit to our end users. Let’s give them the intuitive, inspiring, and easy-to-use experiences they deserve, experiences that include security as a given – not a barrier.
Would you like to find out more? Download the FiercePharma ebook Accelerate Clinical Operations across Sponsors, CROs and Partners with a Best-of-Breed Partner like Box