GenomeNext, a genomic informatics company, analyzes massive amounts of data which represent human blueprints to deliver comprehensive genomic insights into genetic variation and disease to healthcare and scientific organizations. To meet the challenges of their exponential data growth, they turned to Amazon Web Services, which offers physical security, instance isolation, and protection for the foundation services. As an added layer of security, GenomeNext also turned to Alert Logic to secure their applications and exceed government and regulatory compliance. In this webinar, learn how GenomeNext utilized security-as-a-service (SaaS) with Alert Logic to secure their applications on AWS, and how you can securely plan, architect, and execute similar big data projects. Join us to learn: • How GenomeNext met key compliance requirements, including ongoing log management, intrusion detection, and scalable web application firewall (WAF) coverage • How to architect on AWS for big data projects like genome sequencing • How to design application security so that it integrates with AWS

1. Securing Gene Sequencing Data
on AWS
Learn how GenomeNext utilized security-as-a-service (SaaS) with Alert Logic to
secure their applications on AWS for HIPAA Compliance, and how you can
securely plan, architect, and execute similar big data projects.

2. Before We Start
Housekeeping
• Use the question box at anytime
• Today’s event will be recorded and available on-demand
following the conclusion
• Please see the attachments section for a copy of the slide
deck and other resources

3. Today’s Speakers
James Hirmas, CEO,
GenomeNext
Stephen Coty, Chief
Security Evangelist,
Alert Logic
Patrick McDowell,
Solutions Architect,
AWS

4. Compliance & Shared
Responsibility

5. AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls IN
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
AWS and you share responsibility for security

6. Key AWS Certifications and Assurance Programs

7. The AWS infrastructure is protected by extensive network and security
monitoring systems:
• Network access is monitored by AWS
security managers daily
• AWS CloudTrail lets you monitor
and record all API calls
• Amazon Inspector automatically assesses
applications for vulnerabilities
Constantly monitored

8. The AWS infrastructure footprint protects your data from costly downtime
• 33 Availability Zones in 12 regions for
multi-synchronous geographic redundancy
• Retain control of where your data resides
for compliance with regulatory requirements
• Mitigate the risk of DDoS attacks using
services like AutoScaling, Route 53
Highly available

9. AWS enables you to improve your security using many of your existing
tools and practices
• Integrate your existing Active Directory
• Use dedicated connections as a secure,
low-latency extension of your data center
• Provide and manage your own encryption
keys if you choose
Integrated with your existing resources

10. GenomeNext Mission
GenomeNext is a bioinformatics company dedicated to accelerating the promise
and capability of precision medicine and scientific discovery.
Automated informatics and data management solutions designed to simplify,
expedite and enhance analysis workflows to significantly advance medical
research and expand understanding of the basis, treatment and prevention of
complex diseases by aggregate population scale analysis.
Our solutions provide the market with genomic data and analysis at an
unprecedented combination of quality, cost, and scale without requiring the
investment in high-performance computing resources and specialized personnel.

11. GenomeNext Overview
Our genomic analysis platform
derives significant sustainable
competitive advantage and
performance from proprietary
parallelization technologies and
bioinformatic architecture, delivering
unparalleled performance, capability
and flexibility.
+
We develop and commercialize big-
data analytics and integrated
systems for the evaluation of genetic
variation and function. Our
proprietary informatics and data
management solutions are designed
to simplify, expedite, and enhance
genetic analysis workflows.
+
Our cloud-driven, SaaS solutions
provide the market with genomic data
and analysis at an unprecedented
combination of performance, quality,
cost and scale without requiring the
investment in high-performance
computing resources and specialized
personnel.
Human
Population
Sample
Preparation
DNA
Sequencing
Analysis
Annotation Reporting
Data
Pharma
Biotech
Genome
Centers
Research
Institutes
Diagnostic
Providers
Genomic Analysis Big Data Analytics Cloud Computing

12. Next Generation Sequencing
Illumina HiSeq 2500 Illumina MiSeq
Molecular diagnostics
Clinical treatment
Clinical outcomes
Human Genome: 40 hours
Translational
Bioinformatics
Data, Data, DATA…
1000+ samples
26 Trillion Base Pairs
1.2 terabytes
3 billion sequence reactions

13. Data Explosion

14. Secondary Analysis of Human Genome
Sequencing Data
The Problem:
• 2 days for raw data
• ~2 weeks for the
analysis

15. GenomeNext Analysis Pipeline
Peer Reviewed Pipeline Featured in Genome Biology:
http://www.genomebiology.com/2015/16/1/6
An ultra-fast, highly scalable, highly efficient, balanced parallelization
strategy for the discovery of human genetic variation for research,
clinical and population-scale genomics, delivering 100% Reproducible
and 100% Deterministic regardless of platform or level of parallelism

16. AWS Solution

17. 1,000 Genomes Project

18. GenomeNext Compliance
GenomeNext maintains a strong commitment to protect not only the privacy and security of our
customer’s data but also to promote and support our customer’s compliance requirements.
• HIPAA security & privacy rules
• Clinical development compliance and the FDA
• Clinical laboratory improvement amendments (CLIA)
• European Union safe harbor principles
• FISMA moderate ready

19. AWS HIPAA Compliant Solutions
• Sign AWS Business Associate Agreement
• Design HIPAA compliance around approved HIPAA approved AWS Services: DynamoDB, EBS,
EC2, Elastic MapReduce (EMR), Elastic Load Balancer (ELB), Glacier, Relational Database
Service (RDS), Amazon Redshift, and S3.
• Understand and isolate your HIPAA data in order to take advantage of other AWS services

20. AWS Monitoring and Security Controls
CloudWatch CloudTrail AWS ConfigAWS Flow Logs
S3 Logging Elastic Load
Balancing Logging
Amazon Inspector AWS Config Rules

21. AWS Security Best Practices
• Implement least privileged communication and administration
• Separate Development and Production into distinct AWS account
• Utilize MFA for AWS access
• Decouple AWS Solution

22. Application Level Security
AWS does a great job protecting their services; however, it is the customer’s responsibility to protect
the applications that are deployed on AWS. Therefore; GenomeNext looked to Alert Logic for Log
Management, Intrusion Protection/Detection, Web Application Firewall, Compliance reporting, and
security monitoring operations:
• Alert Logic Threat Manager
• Alert Logic Log Manager
• Alert Logic Web Security Manager

23. HIPAA Requirements Summary

24. Security Architecture
Firewall/ACL
Intrusion
Detection
Deep Packet
Forensics
Network
DDOS
Netflow
Analysis
Backup
Patch MgmtVulnerabilities
Server/App
Log Mgmt SDLC
Anti-Virus Encryption GPG/PGP
Host
Anti Malware
FIM
NAC Scanner
Mail/Web Filter Scanner
IAM Central Storage

25. What Does Compliance Not Cover
Threat Intel &
Security
Content
24 x 7
Monitoring &
Escalation
Cloud, Hybrid,
and On-Premises
Environment
Web Application Events
Network Events
Log Data
Data
Collection
Big Data
Analytics
Platform
Continuous
Detection of
Threats &
Exposures
Threats & Exposures Remediation Tactics

26. Enterprise Cyber Security Teams
• Monitor and maintain non-managed hardware
deployment uptime
• Cyber security awareness program
• Incident response team
• Collect and maintain content for all non-
managed devices
• Operational implementation of all security
infrastructure
• Network and application penetration testing
and audit team

27. 24x7 Security Operations Center and Intelligence
Monitor intrusion detection and
vulnerability scan activity
Search for industry trends and
deliver intelligence on lost or
stolen data
Collect data from OSINT and
underground sources to deliver
intelligence and content
Identify and implement
required policy changes
Escalate incidents and provide guidance to
the response team to quickly mitigate
incidents
Monitor for Zero-Day and
new and emerging
attacks
Cross product correlate
data sources to find
anomalies

28. Security beyond Compliance

29. Alert Logic Cloud Security Summit
What: Alert Logic Cloud Security Summit
Where: The Andaz Hotel – NYC
When: June 14th – 8:30am – 4pm
Hear from AWS key speakers, industry experts, analysts
and customers on their experiences with security and
compliance challenges in a cloud environment and how
organizations can close security gaps to de-risk greater
adoption of cloud services.
Register Today
Every attendee will get the following:
• An Alert Logic Hoodie and Goodie bag
• Entered into our raffle to win a fully paid trip to AWS re:Invent 2016 (Ticket, Hotel, and Flight).
Must be present to win prize

30. Questions?
James Hirmas
@JHC_JamesHirmas
James.Hirmas@
Genomenext.com
www.genomenext.com
Stephen Coty
@StephenCoty
scoty@alertlogic.com
www.alertlogic.com
Patrick McDowell
@patrickmcdowell
mcdowep@amazon.com
aws.amazon.com