Securing Gene Sequencing Data on AWSLearn how GenomeNext utilized security-as-a-service (SaaS) with Alert Logic to secure their applications on AWS for HIPAA Compliance, and how you can securely plan, architect, and execute similar big data projects.

Before We Start

Housekeeping• Use the question box at anytime

• Today’s event will be recorded and available on-demand following the conclusion

• Please see the attachments section for a copy of the slide deck and other resources

Today’s Speakers

James Hirmas, CEO, GenomeNext

Stephen Coty, Chief Security Evangelist,

Alert Logic

Patrick McDowell, Solutions Architect,

AWS

Compliance & Shared Responsibility

AWS Foundation Services

Compute Storage Database Networking

AWS Global Infrastructure

Regions

Availability ZonesEdge Locations

Identity & Access Control

NetworkSecurity

Customer applications & contentYou get to define your controls IN the Cloud

AWS takes care of the security OF the Cloud

YouInventory & Config

Data Encryption

AWS and you share responsibility for security

Key AWS Certifications and Assurance Programs

The AWS infrastructure is protected by extensive network and security monitoring systems:

• Network access is monitored by AWS security managers daily

• AWS CloudTrail lets you monitor and record all API calls

• Amazon Inspector automatically assesses applications for vulnerabilities

Constantly monitored

The AWS infrastructure footprint protects your data from costly downtime

• 33 Availability Zones in 12 regions for multi-synchronous geographic redundancy

• Retain control of where your data resides for compliance with regulatory requirements

• Mitigate the risk of DDoS attacks using services like AutoScaling, Route 53

Highly available

AWS enables you to improve your security using many of your existing tools and practices

• Integrate your existing Active Directory

• Use dedicated connections as a secure, low-latency extension of your data center

• Provide and manage your own encryption keys if you choose

Integrated with your existing resources

GenomeNext MissionGenomeNext is a bioinformatics company dedicated to accelerating the promise and capability of precision medicine and scientific discovery.

Automated informatics and data management solutions designed to simplify, expedite and enhance analysis workflows to significantly advance medical research and expand understanding of the basis, treatment and prevention of complex diseases by aggregate population scale analysis.

Our solutions provide the market with genomic data and analysis at an unprecedented combination of quality, cost, and scale without requiring the investment in high-performance computing resources and specialized personnel.

GenomeNext Overview

Our genomic analysis platform derives significant sustainable

competitive advantage and performance from proprietary

parallelization technologies and bioinformatic architecture, delivering unparalleled performance, capability

and flexibility.

+We develop and commercialize big-

data analytics and integrated systems for the evaluation of genetic

variation and function. Our proprietary informatics and data

management solutions are designed to simplify, expedite, and enhance

genetic analysis workflows.

+Our cloud-driven, SaaS solutions

provide the market with genomic data and analysis at an unprecedented

combination of performance, quality, cost and scale without requiring the

investment in high-performance computing resources and specialized

personnel.

HumanPopulation

SamplePreparation

DNASequencing

Analysis

Annotation Reporting

Data

PharmaBiotech

GenomeCenters

ResearchInstitutes

DiagnosticProviders

Genomic Analysis Big Data Analytics Cloud Computing

Next Generation Sequencing

Illumina HiSeq 2500 Illumina MiSeq

Molecular diagnosticsClinical treatment Clinical outcomes

Human Genome: 40 hours

TranslationalBioinformatics

Data, Data, DATA…1000+ samples

26 Trillion Base Pairs

1.2 terabytes

3 billion sequence reactions

Data Explosion

Secondary Analysis of Human Genome Sequencing Data

The Problem:• 2 days for raw data• ~2 weeks for the

analysis

GenomeNext Analysis PipelinePeer Reviewed Pipeline Featured in Genome Biology:

http://www.genomebiology.com/2015/16/1/6

An ultra-fast, highly scalable, highly efficient, balanced parallelization strategy for the discovery of human genetic variation for research,

clinical and population-scale genomics, delivering 100% Reproducible and 100% Deterministic regardless of platform or level of parallelism

AWS Solution

1,000 Genomes Project

GenomeNext ComplianceGenomeNext maintains a strong commitment to protect not only the privacy and security of our customer’s data but also to promote and support our customer’s compliance requirements.

• HIPAA security & privacy rules

• Clinical development compliance and the FDA

• Clinical laboratory improvement amendments (CLIA)

• European Union safe harbor principles

• FISMA moderate ready

AWS HIPAA Compliant Solutions• Sign AWS Business Associate Agreement

• Design HIPAA compliance around approved HIPAA approved AWS Services: DynamoDB, EBS, EC2, Elastic MapReduce (EMR), Elastic Load Balancer (ELB), Glacier, Relational Database Service (RDS), Amazon Redshift, and S3.

• Understand and isolate your HIPAA data in order to take advantage of other AWS services

AWS Monitoring and Security Controls

CloudWatch CloudTrail AWS ConfigAWS Flow Logs

S3 Logging Elastic Load Balancing Logging

Amazon Inspector AWS Config Rules

AWS Security Best Practices

• Implement least privileged communication and administration

• Separate Development and Production into distinct AWS account

• Utilize MFA for AWS access

• Decouple AWS Solution

Application Level SecurityAWS does a great job protecting their services; however, it is the customer’s responsibility to protect the applications that are deployed on AWS. Therefore; GenomeNext looked to Alert Logic for Log Management, Intrusion Protection/Detection, Web Application Firewall, Compliance reporting, and security monitoring operations:

• Alert Logic Threat Manager

• Alert Logic Log Manager

• Alert Logic Web Security Manager

HIPAA Requirements Summary

Security Architecture

Firewall/ACL IntrusionDetection

Deep PacketForensics

Network DDOS

NetflowAnalysis

Backup

Patch MgmtVulnerabilities

Server/App

Log Mgmt SDLC

Anti-Virus Encryption GPG/PGP

Host Anti Malware

FIM

NAC Scanner

Mail/Web Filter Scanner

IAM Central Storage

What Does Compliance Not Cover

Threat Intel & Security Content

24 x 7 Monitoring &

Escalation

Cloud, Hybrid, and On-Premises

Environment

Web Application Events

Network Events

Log Data

Data Collection

Big Data Analytics Platform

Continuous Detection of

Threats & Exposures

Threats & Exposures Remediation Tactics

Enterprise Cyber Security Teams

• Monitor and maintain non-managed hardware deployment uptime

• Cyber security awareness program

• Incident response team

• Collect and maintain content for all non-managed devices

• Operational implementation of all security infrastructure

• Network and application penetration testing and audit team

24x7 Security Operations Center and Intelligence

Monitor intrusion detection and vulnerability scan activity

Search for industry trends and deliver intelligence on lost or

stolen data

Collect data from OSINT and underground sources to

deliver intelligence and content

Identify and implement required policy changes

Escalate incidents and provide guidance to the response team to quickly mitigate

incidents

Monitor for Zero-Day and new and emerging

attacks

Cross product correlate data sources to find

anomalies

Security beyond Compliance

Alert Logic Cloud Security SummitWhat: Alert Logic Cloud Security SummitWhere: The Andaz Hotel – NYCWhen: June 14th – 8:30am – 4pm

Hear from AWS key speakers, industry experts, analysts and customers on their experiences with security and compliance challenges in a cloud environment and how organizations can close security gaps to de-risk greater adoption of cloud services.

Register Today

Every attendee will get the following:• An Alert Logic Hoodie and Goodie bag• Entered into our raffle to win a fully paid trip to AWS re:Invent 2016 (Ticket, Hotel, and Flight).

Must be present to win prize

Questions?

James Hirmas@JHC_JamesHirmas

James.Hirmas@Genomenext.com

www.genomenext.com

Stephen Coty@StephenCoty

scoty@alertlogic.comwww.alertlogic.com

Patrick McDowell@patrickmcdowell

mcdowep@amazon.comaws.amazon.com