big data & cloud security on aws with alert logic
Post on 16-Apr-2017
1.543 Views
Preview:
TRANSCRIPT
Securing Gene Sequencing Data on AWSLearn how GenomeNext utilized security-as-a-service (SaaS) with Alert Logic to secure their applications on AWS for HIPAA Compliance, and how you can securely plan, architect, and execute similar big data projects.
Before We Start
Housekeeping• Use the question box at anytime
• Today’s event will be recorded and available on-demand following the conclusion
• Please see the attachments section for a copy of the slide deck and other resources
Today’s Speakers
James Hirmas, CEO, GenomeNext
Stephen Coty, Chief Security Evangelist,
Alert Logic
Patrick McDowell, Solutions Architect,
AWS
Compliance & Shared Responsibility
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability ZonesEdge Locations
Identity & Access Control
NetworkSecurity
Customer applications & contentYou get to define your controls IN the Cloud
AWS takes care of the security OF the Cloud
YouInventory & Config
Data Encryption
AWS and you share responsibility for security
Key AWS Certifications and Assurance Programs
The AWS infrastructure is protected by extensive network and security monitoring systems:
• Network access is monitored by AWS security managers daily
• AWS CloudTrail lets you monitor and record all API calls
• Amazon Inspector automatically assesses applications for vulnerabilities
Constantly monitored
The AWS infrastructure footprint protects your data from costly downtime
• 33 Availability Zones in 12 regions for multi-synchronous geographic redundancy
• Retain control of where your data resides for compliance with regulatory requirements
• Mitigate the risk of DDoS attacks using services like AutoScaling, Route 53
Highly available
AWS enables you to improve your security using many of your existing tools and practices
• Integrate your existing Active Directory
• Use dedicated connections as a secure, low-latency extension of your data center
• Provide and manage your own encryption keys if you choose
Integrated with your existing resources
GenomeNext MissionGenomeNext is a bioinformatics company dedicated to accelerating the promise and capability of precision medicine and scientific discovery.
Automated informatics and data management solutions designed to simplify, expedite and enhance analysis workflows to significantly advance medical research and expand understanding of the basis, treatment and prevention of complex diseases by aggregate population scale analysis.
Our solutions provide the market with genomic data and analysis at an unprecedented combination of quality, cost, and scale without requiring the investment in high-performance computing resources and specialized personnel.
GenomeNext Overview
Our genomic analysis platform derives significant sustainable
competitive advantage and performance from proprietary
parallelization technologies and bioinformatic architecture, delivering unparalleled performance, capability
and flexibility.
+We develop and commercialize big-
data analytics and integrated systems for the evaluation of genetic
variation and function. Our proprietary informatics and data
management solutions are designed to simplify, expedite, and enhance
genetic analysis workflows.
+Our cloud-driven, SaaS solutions
provide the market with genomic data and analysis at an unprecedented
combination of performance, quality, cost and scale without requiring the
investment in high-performance computing resources and specialized
personnel.
HumanPopulation
SamplePreparation
DNASequencing
Analysis
Annotation Reporting
Data
PharmaBiotech
GenomeCenters
ResearchInstitutes
DiagnosticProviders
Genomic Analysis Big Data Analytics Cloud Computing
Next Generation Sequencing
Illumina HiSeq 2500 Illumina MiSeq
Molecular diagnosticsClinical treatment Clinical outcomes
Human Genome: 40 hours
TranslationalBioinformatics
Data, Data, DATA…1000+ samples
26 Trillion Base Pairs
1.2 terabytes
3 billion sequence reactions
Data Explosion
Secondary Analysis of Human Genome Sequencing Data
The Problem:• 2 days for raw data• ~2 weeks for the
analysis
GenomeNext Analysis PipelinePeer Reviewed Pipeline Featured in Genome Biology:
http://www.genomebiology.com/2015/16/1/6
An ultra-fast, highly scalable, highly efficient, balanced parallelization strategy for the discovery of human genetic variation for research,
clinical and population-scale genomics, delivering 100% Reproducible and 100% Deterministic regardless of platform or level of parallelism
AWS Solution
1,000 Genomes Project
GenomeNext ComplianceGenomeNext maintains a strong commitment to protect not only the privacy and security of our customer’s data but also to promote and support our customer’s compliance requirements.
• HIPAA security & privacy rules
• Clinical development compliance and the FDA
• Clinical laboratory improvement amendments (CLIA)
• European Union safe harbor principles
• FISMA moderate ready
AWS HIPAA Compliant Solutions• Sign AWS Business Associate Agreement
• Design HIPAA compliance around approved HIPAA approved AWS Services: DynamoDB, EBS, EC2, Elastic MapReduce (EMR), Elastic Load Balancer (ELB), Glacier, Relational Database Service (RDS), Amazon Redshift, and S3.
• Understand and isolate your HIPAA data in order to take advantage of other AWS services
AWS Monitoring and Security Controls
CloudWatch CloudTrail AWS ConfigAWS Flow Logs
S3 Logging Elastic Load Balancing Logging
Amazon Inspector AWS Config Rules
AWS Security Best Practices
• Implement least privileged communication and administration
• Separate Development and Production into distinct AWS account
• Utilize MFA for AWS access
• Decouple AWS Solution
Application Level SecurityAWS does a great job protecting their services; however, it is the customer’s responsibility to protect the applications that are deployed on AWS. Therefore; GenomeNext looked to Alert Logic for Log Management, Intrusion Protection/Detection, Web Application Firewall, Compliance reporting, and security monitoring operations:
• Alert Logic Threat Manager
• Alert Logic Log Manager
• Alert Logic Web Security Manager
HIPAA Requirements Summary
Security Architecture
Firewall/ACL IntrusionDetection
Deep PacketForensics
Network DDOS
NetflowAnalysis
Backup
Patch MgmtVulnerabilities
Server/App
Log Mgmt SDLC
Anti-Virus Encryption GPG/PGP
Host Anti Malware
FIM
NAC Scanner
Mail/Web Filter Scanner
IAM Central Storage
What Does Compliance Not Cover
Threat Intel & Security Content
24 x 7 Monitoring &
Escalation
Cloud, Hybrid, and On-Premises
Environment
Web Application Events
Network Events
Log Data
Data Collection
Big Data Analytics Platform
Continuous Detection of
Threats & Exposures
Threats & Exposures Remediation Tactics
Enterprise Cyber Security Teams
• Monitor and maintain non-managed hardware deployment uptime
• Cyber security awareness program
• Incident response team
• Collect and maintain content for all non-managed devices
• Operational implementation of all security infrastructure
• Network and application penetration testing and audit team
24x7 Security Operations Center and Intelligence
Monitor intrusion detection and vulnerability scan activity
Search for industry trends and deliver intelligence on lost or
stolen data
Collect data from OSINT and underground sources to
deliver intelligence and content
Identify and implement required policy changes
Escalate incidents and provide guidance to the response team to quickly mitigate
incidents
Monitor for Zero-Day and new and emerging
attacks
Cross product correlate data sources to find
anomalies
Security beyond Compliance
Alert Logic Cloud Security SummitWhat: Alert Logic Cloud Security SummitWhere: The Andaz Hotel – NYCWhen: June 14th – 8:30am – 4pm
Hear from AWS key speakers, industry experts, analysts and customers on their experiences with security and compliance challenges in a cloud environment and how organizations can close security gaps to de-risk greater adoption of cloud services.
Register Today
Every attendee will get the following:• An Alert Logic Hoodie and Goodie bag• Entered into our raffle to win a fully paid trip to AWS re:Invent 2016 (Ticket, Hotel, and Flight).
Must be present to win prize
Questions?
James Hirmas@JHC_JamesHirmas
James.Hirmas@Genomenext.com
www.genomenext.com
Stephen Coty@StephenCoty
scoty@alertlogic.comwww.alertlogic.com
Patrick McDowell@patrickmcdowell
mcdowep@amazon.comaws.amazon.com
top related