Case Study

Seven Bridges Leverages Symmetry toPerform Custom Genomic Data Tracing and Secure Critical Clinical Information

Seven Bridges enables researchers to extract meaningful insights from genomic and phenotypic data to advance precision medicine. The Seven Bridges ecosystem consists of a compliant analytic platform, intelligently curated content, transformative algorithms, unprecedented access to federated data sets, and expert on-demand professional services.

This holistic approach to bioinformatics is enabling researchers — at the world’s leading academic, biotechnology, clinical diagnostic, government, medical centers, and pharmaceutical entities — to increase R&D efficiency, enhance the hypothesis resolution process, isolate critical biomarkers, and even turn a failing clinical trial around while also reducing computational workflow times and data storage costs.

Brian Castagna

“We found DataGuard a highly effective tool to collaborate with our devOps team, and are placing data firewall policies into
code that enable stronger data security and help with achievement of our compliance audits.”

Headshot of Brian Castagna

Background information

Seven Bridges has been offering genomic data processing and bioinformatic services on the Amazon Web Services (AWS) cloud since early 2012, processing petabytes of genomic data for enterprise and government customers. Seven Bridges identified Symmetry Systems as their vendor of choice because Symmetry is the only partner that can perform custom genomic data tracing within Seven Bridges’ own environment so they can secure clinical information while meeting compliance regulations.

Seven Bridges has always prioritized the security and privacy of patient data because genetic information is one of the most personal and privileged assets an organization can handle. Conversely, researchers in academic and commercial environments see intellectual property as the holy grail of their work and the safekeeping of that information as a top concern.

Seven Bridges’ Stance On Security

The Seven Bridges Security Framework involves three main areas:

1) data security to secure information during its full lifecycle, 

2) platform and infrastructure security, and 

3) security controls while ensuring compatibility with a broad range of trusted information security frameworks and compliance requirements.

Some of these compliance standards and regulations include:
  • SOC 2 Type 2, ensuring controls meet the AICPA Trust Services Security, Availability, and Confidentiality Principles and Criteria
  • HIPAA and HITECH Breach Notification requirements, code of practice for the security of protected health information (PHI)
  • ISO/IEC 27001:2013, an internationally recognized information security standard
  • ISO/IEC 27017:2015, code of practice for information security controls for cloud services
  • ISO/IEC 27018:2014, code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  • ISO/IEC 27701:2019, requirements, control objectives, controls and guidelines for implementing a privacy information management system (PIMS)
  • ISO/IEC 9001:2015, an internationally recognized quality management standard
  • FDA 21 CFR Part 11 requirements, for clinical trial electronic records
  • The General Data Protection Regulation (GDPR) directive that regulates the processing of personal data within the European Union
  • The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

The Challenge

With supply chain attacks on the rise and the abrupt move of operations for many organizations to the cloud, Seven Bridges recognized that traditional data security solutions would no longer be enough to support the trust built with their customer base. Seven Bridges hosts sensitive genomic data, and the challenge was now to confirm how it is accessed, who is accessing it, and if it’s properly protected.

Seven Bridges is the steward of their customers’ data, and the sensitivity of clinical trial data can have a major impact on both a personal and global scale. Trust is their business.

While the need to prevent reputational damage and meet expanding compliance and regulation protocols led Seven Bridges to Symmetry Systems, it was what the multi-cloud data security pioneer discovered that solidified the partnership. 

The power of Symmetry Systems lies in uncovering the unknown. Many organizations do not understand what their problem is because there is no way to see exposure points buried under billions of data points. The danger is dormant.

Why Symmetry Systems?

DataGuard is fueled by Artificial Intelligence (AI) and Machine Learning (ML) technology to provide customizable data tracing. There are no limitations to the labels used to categorize and identify data or data flows, and results are driven by powerful pattern recognition and context algorithms that were built based on nearly a decade of research.

DataGuard offers a new level of customization by allowing security teams to train classifiers rather than using pre-built workflows that do not necessarily meet the unique needs of the business. This avoided the need for a separate DLP system.

DataGuard is compatible with existing tools and policies such as AWS, CIS, CRS, GCP, and Azure.

DataGuard operates within Seven Bridges’ cloud so they can maintain control over their own environment without adding on risk or compliance woes that occur when onboarding a vendor.

DataGuard provides a holistic view of the Seven Bridges environment that can be easily communicated to the C-suite.

DataGuard was quick to start and a very light lift for Seven Bridges’ Security and Tech Ops teams, working seamlessly with their existing tools and procedures.

The experts at Symmetry Systems showed a high level of technical expertise and thorough communication, working as an extension of the Seven Bridges team.

Solving the Problem

Symmetry Systems’ DataGuard empowers Seven Bridges to protect personally identifiable information (PII), protected health information (PHI), genomic data and the integrity of world-leading clinical trials while maintaining customer trust and compliance best practices.

After the initial analysis, DataGuard identified:

  • Dormant data
  • Sensitive data
  • Least privilege dormant permissions
  • Cross-account accesses
  • Data preparation for compliance  

Seven Bridges could focus on creating custom genomic data tracing to secure patient data and proprietary information.

DataGuard operates seamlessly within Seven Bridges’ compliant cloud environment and existing data firewall policies within  AWS, GCP, and Azure. As a result, Seven Bridges can employ DataGuard without having to take extra steps to maintain FedRAMP and other compliance.

See DataGuard in Action

Witness the benefit of fine-grained, data-centric security insights for yourself with a custom demonstration of the DataGuard platform. Contact us today and see your current data security posture in no time.