IDENTITY HUB – Leveraging Identity Hubs to Speed the Drug Development & Delivery Process & Maximize Revenue Opportunities


The life sciences industry is in the midst of significant change, driven by a number of factors, including globalization, demographic shifts, emerging markets, increased healthcare delivery costs, and the introduction and maturity of disruptive technologies, such as cloud, mobile, social, and big data. These factors are possible contributors to another industry trend – highly centralized research and development (R&D) centers are no longer yielding as many blockbuster drugs as they once did.

In fact, the IMS Institute for Healthcare Informatics anticipates that “spending on most therapies will grow at slower rates – or even decline – through 2015.” At the same time, $120 billion in revenue is threatened by the number of drugs coming off patent, while productivity in R&D continues to decline.*

To survive in this increasingly competitive landscape, life sciences companies are turning to new sources of innovation. They are engaged with unprecedented intensity in collaborative efforts with external partners that lie beyond their virtual four walls. This decentralized collaborative environment encourages specialization and focus, which in turn accelerates innovation – speeding the drug development and delivery process so companies can take full advantage of revenue opportunities.


Changing market conditions may be intensifying the need for multi-party collaboration, but the disruptive technologies are facilitating it. Mobility, in the form of 4G/LTE wireless networks and powerful smartphones, tablets, and laptops, allows individuals to work productively anytime, anyplace, anywhere. Cloud computing lets partners share data, processes, research, applications, and more. With a single connection to the cloud, an organization and its users, assuming valid permissions, can access the applications and data of all other organizations connected to the cloud. Cloud architectures are designed to scale and maintain high performance as new organizations and applications are connected, saving time and cost for all participants.

Life sciences companies are looking to leverage collaboration to help them meet a host of business requirements, among them:

-Improve information sharing and accountability
-Reduce costs by sharing infrastructure and minimizing outsourcing overhead
-Adopt common policies and tools
-Adapt to changing security policies
-Adjust to dynamic operating models
-Comply with regulatory mandates

Ultimately, the goal is to gain competitive advantage by using collaboration to streamline the time and cost of the drug development and delivery process.


Collaboration is loaded with upside potential, but it’s not without its downside. By adopting collaborative technologies and working together in a community that includes manufacturers, investigators, laboratories, academic institutions, contract research organizations, and others, life sciences companies expose themselves to increased security risks. More participants in the drug development and delivery process means more points of vulnerability and the potential for compromise of sensitive information or intellectual property.

As companies make their systems, applications, and data available to more organizations and users beyond the enterprise’s boundaries, they must manage a growing number of user accounts, privileges, and access channels. While they do so, they not only must protect their assets, but they also must ensure they properly address the compliance requirements that are the foundation of this highly regulated industry.

Historically, life sciences companies granted access to their external partners by creating virtual private networks over the web; otherwise, they would directly provision each partner and its employees to each shared application. Either approach is acceptable with a limited number of partners. Neither approach works well with today’s collaborative communities, where scale, performance, and cost concerns quickly become overwhelming.


Trust allows life sciences companies to take full advantage of the power of collaboration while mitigating security risks. Rather than each application owner building a database of validated users and permissions from across the partner community (which places an enormous burden on IT to maintain), organizations can establish trusted relationships with their partners. With the advent of identity federation, application owners rely on their partners to manage user identities internally, and allow application access when partner users request it.

Identity federation in its most basic form puts a premium on vetting the partners who will be trusted. Applications owners are ceding access control with little insight into the dynamics present within partner organizations. External personnel may come, go, or change roles, with no guarantee that this information will be reported by the partner in a timely or accurate manner. Because partners are privy to scientific breakthroughs, pricing, and other sensitive information, risk of compromise remains high.

Another shortcoming of the traditional approach to identity management is that it only allows point-to-point collaboration between two parties. As the size of the collaborative community grows, so does the number of unique connections and identity credentials that must be created. Basic identity federation leads to the development of a trusted bi-lateral mesh of point-to-point connections, relationships, and legal agreements – each of which requires care, feeding, governance, and audit.

The more partners in the mix, the larger the mesh becomes. Not only does each connection take a significant amount of time and effort to establish and maintain, but the mesh produces a massively redundant infrastructure. While a small amount of redundancy may make sense, excessive overlap results in unnecessary capital and operating expenditures. Collaboration is supposed to reduce the time and cost of the drug development and delivery process, not extend it.


Fortunately, there is another approach to identity federation that enables trust amongst collaborating parties without the cost, scalability, and time/maintenance shortfalls. Other industries, such as aerospace and defense and retail/financial services, have moved to an identity hub federation model. The identity hub’s connect-once, hub-and-spoke architecture allows parties to communicate and collaborate by accessing one another’s applications and data, yet eliminates the requirement for a bi-lateral mesh of point-to-point connections whose design inherently is inefficient and vulnerable to threats that cause compliance and security failures.

Credit cards issued by financial institutions and used by consumers at retail/etail establishments clearly demonstrate why the move from basic identity federation with a bi-lateral mesh to the identity hub is critical. Maintaining all of the unique connections of a bi-lateral mesh is equivalent to asking consumers to obtain a unique credit card for every store or online site at which they shop. The overhead for all parties is far too high, and the risk of a stolen or lost credit card rises significantly with the number of cards an individual carries.

Credit card companies have been successful by creating a hub-and-spoke architecture that brings everyone together. The credit card company serves as the hub, with consumers, businesses, and financial institutions as the spokes. As the hub, the credit card company works with its constituents to define the rules of engagement, including how to connect and how to confirm identities through authentication, to which all parties agree. The credit card company manages the network, and all participants trust it. Transactions take place quicker and more efficiently, and the resulting environment is more scalable, easier to monitor, and mitigates risk by concentrating higher security measures on a single entry point with strong, multi-factor authentication.

Aerospace and defense companies have relied on the identity hub to bring collaborating organizations together with trust for almost a decade. The identity hub lets companies leverage an existing community of interest to connect to applications and provide a single pathway to internal applications. With a single connection, an organization and its users, with appropriate permissions, can access the applications and information of all other connected organizations, and vice versa – even when new organizations and applications are added to the community, saving time and cost for everyone. Individuals no longer need keep track of a dozen or more passwords; in many cases, a single credential to access local applications and all applications connected to the identity hub will suffice.


The identity hub’s proven performance and benefits for industries with stringent security and compliance requirements, sensitive information, and diverse collaborating parties makes it a compelling option for life sciences companies. Organizations considering the identity hub model first must decide how to implement it.

To build and maintain an identity hub, a life sciences company must possess significant identity management expertise. The do-it-yourself approach also means the company must invest the necessary resources and budget, as well as obtain the cooperation of other parties in the drug development and delivery process, including its peers. In other words, the company’s commitment must be intense and unwavering.

As the number of partners in the proposed community rises, the time, cost, and risk associated with managing external identities in the identity hub becomes prohibitive. Affected groups include IT personnel, who must create and maintain user accounts; customer care, which must respond to issues, such as lost credentials and the inability to successfully access applications connected to the identity hub; and business stakeholders throughout the enterprise who are caught in the middle, coordinating with IT and customer care internally, and partner personnel externally instead of collaborating on research. 

The maturation of the cloud presents another alternative – outsourcing the identity management function. The beauty of the cloud-based, outsourced identity hub is that a single third-party provider can deliver federation services for all members of the partner network, or community. All members of the community connect once to the provider’s identity hub, which becomes the single point of entry to all applications throughout the community. Participants enjoy reduced upfront and ongoing resource commitments, a neutral central authority with whom they can develop the rules of engagement and enforcement, and the opportunity to focus on research and development activities instead of identity management.

When companies choose the outsourced option, they are entrusting a third-party provider to help them achieve their collaboration objectives, including rapid onboarding of new partners, efficient establishment of dynamic working groups on R&D projects, and secure information exchange. Selecting a provider that truly understands the identity hub delivery model is essential.


The Exostar Life Sciences Identity Hub is a cloud-based, software-as-a-service (SaaS) solution that delivers identity and access management to life sciences partner applications and data. It also provides trust-based federation between parties while separating authentication (identity verification) from authorization (access control). Organizations connect once to the Exostar Life Sciences Identity Hub, creating a secure community of participants that allows partners, and even competitors, to leverage resources across the industry for greater utility of information, applications, and regulatory compliance.

The SaaS model eliminates the pain enterprises previously faced establishing point-to-point connections with each of their partners, as well as on-boarding and provisioning organizations and individuals. Exostar assumes responsibility for those tasks, along with training, customer care, reporting, and functional maintenance and upgrades – all while offering service level agreements for performance, availability, response time, and other metrics.

Exostar also issues credentials as an identity provider so users can be authenticated before being granted access to applications connected to the Life Sciences Identity Hub. With delegated administration, application and data owners follow processes implemented by Exostar to quickly and easily make credentialing and access decisions and assignments, which Exostar in turn executes.

Exostar’s Secure Access Manager (SAM) is the gatekeeper to the Life Sciences Identity Hub. SAM authenticates users by verifying the credentials a user presents. Credentials may be Exostar’s, a third-party identity provider’s, or come from the user’s enterprise. These credentials can be as basic as username/password, or stronger, for enhanced security. Examples of stronger authentication SAM accepts include hardware token- or phone-based one-time passwords or public key infrastructure certificates cross-certified with the SAFE-BioPharma certificate authority. SAFE credentials allow life sciences users to comply with second-factor authentication requirements for electronic/digital signatures and for managing controlled substances.

The Enterprise Access Gateway (EAG) is an optional SAM function. With EAG, individuals can access any application connected to the Life Sciences Identity Hub, assuming the asset owner has granted authorization, with the same credential they use to logon locally. As a result, individuals receive a true web-based single sign-on experience, which improves productivity and reduces the risk that a credential is lost or stolen.


The Exostar Life Sciences Identity Hub is a proven implementation of the identity hub concept that provides the trust necessary for enterprises and individuals to collaborate with confidence. Today, more than 550 life sciences companies – including three major pharmaceutical manufacturers, over 100 contract research organizations, and approximately 50 universities – and over 10,000 individuals in nearly 50 countries on 6 continents count on the Life Sciences Identity Hub to help them collaborate securely. These entities have established more than 2,000 distinct mini-communities to work together, leveraging nearly two dozen connected applications or portals. The overall community is growing by an average of 10% per month.

Companies connected to the Life Sciences Identity Hub are saving millions of dollars annually by eliminating infrastructure, reducing on-boarding and provisioning times by an order of magnitude, enhancing customer care, and redeploying IT resources to focus more intently on the needs of business stakeholders in the drug development and delivery process.

At a February 2014 BioPharma Research Council webinar, Andrea Kirby, Merck’s External Partner Program Director, said, “What used to routinely take months to start collaborating on projects now takes an average of three days – a time that would have been unheard of by Merck employees in the recent past. We blow people’s minds internally here at Merck.”

These benefits are just the tip of the iceberg, because collectively, they are speeding collaboration while strengthening security. Life sciences companies will realize an even bigger payoff by bringing new drugs and therapies to market more quickly so they can take full advantage of patent exclusivity to maximize revenues. In that scenario, everyone wins.

*IMS Institute for Healthcare Informatics The Global Use of Medicines: Outlook Through 2015.

To view this issue and all back issues online, please visit 

Vijay Takanti is Vice President, Security & Collaboration services at Exostar. As such, he is responsible for the strategy and product road map, design, development, and customer delivery of these solutions. Since taking his role, he has grown the Exostar Security Solutions business. He has over 20 years of experience in electronic data processing, application design and development, and information security solutions. He joined Exostar through the acquisition of Evincible Software in 2004, where he was the founder and CEO. At Evincible, he developed solutions that bridge the integration chasm between business applications and security components, such as Public Key Infrastructure (PKI). Prior to founding Evincible Software, Mr. Takanti served as CTO at Society of Worldwide Interbank Telecommunication (SWIFT) where he architected the Next Generation of the SWIFT Net architecture. He is recognized as an authority on the emerging and evolving technologies related to electronic signatures and digital identity management; and has consulted to a variety of enterprises on these topics. He earned his Bachelors in Electronics and Communications from JNTU in Hyderabad, India; a Masters in Computer Sciences from the Indian Institute of Technology in Khargpur; and a Masters in Business Administration from George Mason University, Virginia.