ABOUT
Industry:
Bioinformatics, SaaS
Size:
200-500 employees
Private
Tags:
HIPAA, FedRAMP compliance engineering, AWS security architecture, cloud DLP, next-gen DLP, AWS, Macie, GuardDuty.
ABOUT SEVEN BRIDGES
Seven Bridges enables researchers to extract meaningful insights from genomic and phenotypic data to advance precision medicine. The Seven Bridges ecosystem consists of a compliant analytic platform, intelligently curated content, transformative algorithms, unprecedented access to federated data sets, and expert on-demand professional services. This holistic approach to bioinformatics is enabling researchers — at the world’s leading academic, biotechnology, clinical diagnostic, government, medical centers, and pharmaceutical entities — to increase R&D efficiency, enhance the hypothesis resolution process, isolate critical biomarkers, and even turn a failing clinical trial around while also reducing computational workflow times and data storage costs.
Background
Seven Bridges has been offering genomic data processing on the Amazon Web Services (AWS) cloud since early 2012, processing petabytes of genomic data for thousands of users. Seven Bridges identified Symmetry Systems as their vendor of choice because Symmetry is the only partner that can perform custom genomic data tracing within Seven Bridges’ own environment so they can secure clinical information while meeting compliance regulations.
Seven Bridges has always prioritized the security and privacy of patient data because genetic information is one of the most personal and privileged assets an organization can handle. Conversely, researchers in academic and commercial environments see intellectual property as the holy grail of their work and the safekeeping of that information as a top concern.
The Challenge
With supply chain attacks on the rise and the abrupt move of operations for many organizations to the cloud, Seven Bridges recognized that traditional data security solutions would no longer be enough to support the trust built with their customer base. Seven Bridges hosts a large amount of sensitive genomic data, and the challenge was now to confirm how it is accessed, who is accessing it, and if it’s properly protected.
Seven Bridges is the steward of their customers’ data, and the sensitivity of clinical trial data can have a major impact on both a personal and global scale. Trust is their business.
While the need to prevent reputational damage and meet expanding compliance and regulation protocols drove Seven Bridges to Symmetry Systems, it was what the multi-cloud data security pioneer discovered that solidified the partnership.
The power of Symmetry Systems lies in uncovering the unknown. Many organizations do not understand what their problem is because there is no way to see exposure points buried under billions of data points. The danger is dormant.
The Choice
- Symmetry’s DataGuard is a new breed of hybrid data security platforms that is focused on data, not the network or Idenitry traces the data flows, correlating a classifier with permissions and data access activity so that answers to hard questions are at SGB’s fingertips.
- DataGuard offers a new level of customization by allowing security teams to train classifiers rather than using pre-built workflows that do not necessarily meet the unique needs of the business. This avoided the need for a separate DLP system.
- DataGuard operates within Seven Bridges’ cloud so they can maintain control over their own environment without adding on risk or compliance woes that occur when onboarding a vendor.
- DataGuard is compatible with existing tools and policies such as AWS, CIS, CRS, GCP, and Azure.
DataGuard provides a holistic view of the Seven Bridges environment that can be easily communicated to the C-suite. - DataGuard was quick to start and a very light lift for Seven Bridges’ SRE and Tech Ops teams, working seamlessly with their existing tools and procedures.
- The experts at Symmetry Systems showed a high level of technical expertise and thorough communication, working as an extension of the Seven Bridges team.
The Outcomes
Symmetry Systems’ DataGuard empowers Seven Bridges to protect personally identifiable information (PII), patient data, and the integrity of world-leading clinical trials while maintaining customer trust and compliance best practices.
After the initial analysis, DataGuard identified:
- Dormant data
- Sensitive data
- Least privilege dormant permissions unknown accounts, cross-account accesses
- Incomplete offboarding of employees and vendors
- Data preparation for compliance
Seven Bridges could focus on creating custom genomic data tracing to secure patient data and proprietary information.
DataGuard operates seamlessly within Seven Bridges’ cloud environment and existing data firewall policies like AWS, CIS, CRS, GCP, and Azure. As a result, Seven Bridges can employ DataGuard without having to take extra steps to maintain FedRAMP compliance.
Seven Bridges’ Stance on Security
The Seven Bridges Security Framework involves three main areas:
1) data security to secure information during its full lifecycle,
2) platform and infrastructure security, and
3) security controls while ensuring compatibility with a broad range of trusted information security frameworks and compliance requirements.
Some of these regulations include:
- Regulations issued pursuant to the US Health Insurance Portability and Accountability Act (HIPAA), which aim to protect all “Protected Health Information” (PHI).
- The Clinical Laboratory Improvement Amendments (CLIA), a set of US federal regulatory standards that apply to all clinical laboratory testing performed on humans in the United States, except clinical trials and basic research.
- The General Data Protection Regulation (GDPR) directive that regulates the processing of personal data within the European Union.
- The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
About Symmetry Systems
Symmetry Systems is the industry’s first hybrid cloud data security platform that safeguards data in AWS, GCP, Azure services, and on-premise databases while supporting a data-centric zero trust model. With Symmetry, security and compliance teams can address threats quickly through AI-driven data security posture management (DSPM). Symmetry provides visibility into data risks from excessive permissions and anomalous data flows while giving organizations the evidence required to demonstrate compliance best practices.