ABOUT
A publicly traded biotechnology company with a platform-based approach to therapeutic and preventive medicine tailored to immuno-oncology, infectious, rare and autoimmune diseases.
Industry: Bio-Technology
Size: 1,000-5,000 Employees
ABOUT CUSTOMER
191 AWS Accounts in Organization
- 122 known internal accounts,
- 12 known external third-party accounts
- 57 unknown accounts
3,608 Amazon S3 buckets

Kickoff
Week 1
Week 2
Critical Findings

AI Risks from Untrustworthy Data
Amazon SageMaker discovered training on HIPAA transcripts, explicit content, and untrusted scraped data, violating multiple compliance frameworks

Sensitive Data Everywhere
Sensitive data (PII, medical illness (HIPAA) data, business-critical data) found in 98 buckets across 24 AWS accounts, including 57 previously unknown accounts.

Supply Chain Risk
1419 vendor identities with access to the environment, accounting for over 10% of all unused permissions. 3 vendor identities were identified with access to data stores containing proprietary trade secrets.

“I want access to Symmetry DataGuard like yesterday."
Principal Cybersecurity Engineer