Part 1 of 2: Building the technology to share R&D data without risk
R&D intensive companies are increasingly interested in externalising their research: working with laboratories outside their company walls through commercial and academic collaborations and alliances. This has several advantages, including accessing a wider range of expertise, sharing research risk, making the business more flexible, and reducing overheads.
But greater openness carries greater risks. In an increasingly data-driven R&D environment ensuring the company investing in the research benefits from the IP produced means looking after data. Once you start introducing different parties and new locations to the R&D process, handling that hugely valuable data becomes a very different game. Considerable thought needs to be put into striking the right balance between effective and efficient access to research data and maintaining the security of the data. An understanding of data ownership, the value of different R&D data, how researchers use it, as well as the associated IT infrastructure are all necessary to this process.
Technology for R&D collaboration
The physical research facilities and associated laboratory informatics are clearly significant projects in their own right, but I won't dwell on this here. My colleague has written widely on making laboratories smart.
The next layer underpinning R&D externalisation is secure technology which fosters collaboration without risk. This means both security and ease of use. If sharing critical data is arduous, people will cut corners.
Raw data for example can be shared via cloud services making for easy sharing between sites, and with partners. Hypotheses and contextualised results, such as those stored on electronic lab notebooks (ELNs) - software for recording and analysing experiments - should be held securely. Whether this is a cloud based approach or in a traditional corporate data centres is less important than the security of the storage and access. Once your organisation starts the process of deperimiterisation, you will need to supplement standard security measures - anti-virus, malware scanners, firewalls, etc. – with easy to use, robust and appropriate user-authentication mechanisms. A single password might be appropriate for accessing raw data, but you will want to protect your ELN with second or third factors of authentication.
Balancing security with flexibility requires a deep understanding of data
Once these essential foundations are in place, the biggest challenge is managing your data. In many ways, this is an information security challenge. But this isn't just about wrapping data in security technology. It requires detailed understanding of how data is presented, transported and used, so that systems can be put in place to ensure data is presented in the right way to right people, but protected from the wrong people. In our opinion it is as much about understanding people’s behaviour as more traditional disciplines of physical (locked doors) and technical (encryption and authentication) information security.
Part 2 of this blog post can be found here, where I explore an approach to R&D data management that we have used successfully on a number of projects.