GSK Takes Secure Collaboration to the Cloud


I have the coolest job in the world. I get to work with really innovative technologies and applying it to real business impactful scenarios where customers can realize its benefit simply by trying it out.  Cloud computing represents a compelling and transformational shift in how Life Sciences industry conducts business.  Project such as the GlaxoSmithKline (GSK) Federated Secure collaboration prove that the technology is finally catching up to the industry demands.  In a recent Microsoft Cloud Life Sciences event in Iselin, NJ, June 8th, 2010, GSK demonstrated this solution to a group of peer from the pharmaceutical industry.

DSC_0026 DSC_0006

Changes in Pharmaceutical Industry

The Pharmaceutical industry business has changed dramatically from one that is done everything in-house to one that requires close collaborations among peer companies and event among competitors. These industry shifts in work-process requires new technology solutions to enable better and secured collaboration across multiple entities.

The Architecture

Three scenarios appealing to multiple collaboration entities and identity providers:




The solution shows

  • A web site hosted on Windows Azure that is something like “Federated SkyDrive” where a user can assign cross-organization permissions based on email, group and organization claim.
  • Organizations plugged to the hub using identity providers like ADFS, CA SiteMinder or PingFederate
  • Other organizations plugged to the hub using social identity providers like Facebook, Yahoo, Google, Twitter, LiveID
  • Different level of trusts depending on the identity provider that issued the token
  • Multiple cloud computing providers like Amazon EC2 hosting an ADFS v2 and Windows Azure hosting the website


Business Impact

New Insights to Innovation – Windows Azure Platform enables GSK to securely collaborate beyond their four walls. This gives GSK the ability to quickly on-board and grants access to their collaboration partners for M&A and Joint Venture activities in a timely manner. Solution also ensures clean removal of user access to GSK resources upon the termination of a business relationship.

On Demand Scale – Azure enables on demand scale. The application/data environment can shrink/expand as needed giving the Life Sciences industry “lights on” infrastructure capability.

Agile security – Azure developed access controls using Windows Identity Framework and ADFS 2.0 allowed solution to interoperate with a participant‘s existing identity and authorization environment including social networking identify providers such as Facebook, Yahoo, and Windows Live.

Industry Impact

Any industry with the need to quickly and securely collaboration would find this implementation pattern useful.


Why Cloud and why Azure Platform?

Cloud hosting is a perfect environment to quickly spin-up and spin-down collaboration sites on an as need-basis.  The ability to do this very quickly and integrate to an existing identity provider of each collaboration partner is critical.  The cloud infrastructure with Windows Azure and Windows Identity Foundation and ADFSv2 enables federated authentication & authorization with fine gained access control to large enterprises as well as small mom-pop shop who cannot afford their own identity provider solution.

Social Networking site integration

In the latter case, small organization such as private practicing physician or contract sales representative could leverage identity provider from FaceBook, Yahoo, or Windows Live.



Industry Quotes on Solution

The US-HealthCare-Life Sciences team, DPE and EPG Key Account Marketing held a forum on Could Computing perspectives for the Life Sciences Industry on June 8th at the Hilton Woodbridge in NJ. This was far from an “event” it was an opportunity for Microsoft’s to talk about innovation in the cloud and for customers to showcase how the Cloud and Microsoft technology is impacting the way they process information, impact productivity and run their business. Michael Naimoli, US Director, Microsoft Life Sciences Industry Unit

“First working model of secure info exchange I have seen in a long time. Showcases a solid use case of how MS Technology can be leveraged.” Dulal Oza – Merck & Co.

“Good Technology Discussion unbiased – very interesting for other applications within the pharma space” . Drew Kimberlin - Merck & Co.

“We built the system to interoperate with a participant’s existing security environment. If they are using the Active Directory® service or products from Oracle or Sun, as long as they are compliant with the same standards, they can work in the system without having to remember another user name and password.” Matias Woloski, Architect at Southworks Software.

What’s Next:

The solution pattern and architecture best practices for this solution can be found in this book from the Microsoft Patterns & Practice team.

Claims-Based Identity & Access Control