• No results found

idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute"

Copied!
12
0
0

Loading.... (view fulltext now)

Download now ( 12 Page )

Full text

(1)

integrating Data for Analysis, Anonymization, and SHaring

iDASH Infrastructure to Host Sensitive Data:

HIPAA Cloud Storage and Compute

(2)

Outline

Infrastructure Overview

Typical Scientific Workflow

Cloud Challenges

iDASH Cloud & SHADE

Repeatable Results

(3)

Enterprise

iDASH Environments

Firewalls

Separate VPN pool

Physical separation

Redundancy

Two Factor Authentication

Encryption at rest/in transit

Centralized logging

Intrusion detection

Proxies and filters

Hardened (secured) system

configurations

Remote Backups/DR

PHI

Non-PHI

Cloud

Virtualization

Hardware

Website

PHI Repo.

Miconcur

iCONS

Non-PHI

Repo.

NLP

Privacy

Proj.1

Proj.2

Proj.3

Proj.4

HIPAA

(4)

Workflow

Typical Scientific Analysis

SaaS

PaaS

IaaS

Algorithm developers, Bioinformatics researchers, Sysadmin

Examples: Amazon EC2, Microsoft Azure

Bioinformatics researchers, Front-end developers

Examples: Heroku, Google App Engine

Biomedical researchers, Clinicians, Other end-users

Examples: Google Docs, Office 365

Short reads

reference

Index

reference

Align to

Call variants

Annotate

variants

Pick high

impact

Deleterious

SNPs

(5)

To Cloud or Not to Cloud?

Typical bioinformatics applications are NOT

cloud aware

Almost nothing at PaaS – this is not web

development

Most published cloud papers use public

Amazon VMs

Privacy & Security are afterthought

Data still goes around with unencrypted FTP

End-to-end analyses need serious work

(6)

iDASH Cloud & SHADE Overview

S

afe

H

IPAA-compliant

A

nnotated

D

ata deposit box

E

nvironment

C

ompute & storage

e

L

astic, HIPAA-compliant

O

n-demand

U

ser-friendly

D

ata analysis environment

HIPAA and

non-public data

public data,

tools, recipes

Po wer ed b y MI DA S

Data

Tools

Recipes

upload & download

to

SHADE

compute request,

direct upload & download of

proprietary data, tool, recipe

to

CLOUD

middleware and HIPAA security developed by iDASH

Compute nodes

Memory

Disk storage

Networking

Po wer ed b y VM wa re

AUTOMATED

(7)

Repeatable Results

Workflow

Short

reads

Index

reference

Align to

reference

Call

variants

Annotate

variants

Pick high

impact

Deleterio

us SNPs

Blueprint

Workflow

Short reads

Index

reference

Align to

reference

Call

variants

Annotate

variants

Pick high

impact

Deleterious

SNPs

Co

nt

ex

t

Reference DB

Test data

Configuration

Helper tools

OS

Blueprint Workflow Short reads Index reference Align to reference Call variants Annotate variants Pick high impact Deleterious SNPs Co nt ex t Reference DB Test data Configuration Helper tools OS Blueprint Workflow Short reads Index reference Align to reference Call variants Annotate variants Pick high impact Deleterious SNPs Co nt ex t Reference DB Test data Configuration Helper tools OS Blueprint Workflow Short reads Index reference Align to reference Call variants Annotate variants Pick high impact Deleterious SNPs Co nt ex t Reference DB Test data Configuration Helper tools OS

Instance

Workflow

Short reads

Index

reference

Align to

reference

Call

variants

Annotate

variants

Pick high

impact

Deleterious

SNPs

Co

nt

ex

t

Reference DB

Test data

Configuration

Helper tools

OS

iDASH

Bookshelf

MyDATA

Input

Results

iDASH

(8)

Improvements in Y4

Ordered and installed additional hardware to increase

cloud capacity and provide tiered services:

180TB Dell Compellent tiered storage (SSD, 15K, 7.2K)

2 Dell R920 servers with 1TB Ram, 4 Intel E7-4870v2 CPU’s/15

Core

Software and Security Improvements

Implemented Data Replication for DR

Upgraded to vCloud 6.0

Improved VM provisioning automation

Improved user portal

(9)

iDASH Cloud

3 computation tiers

3 storage tiers

10GbE throughout

Full redundancy

RSA Two Factor Auth.

Remote data replication

800+ cores

7TB+ RAM

(10)

Future plans

Improve User Experience and Management

Improve collaborative environment

(SocialCast, SHADE)

Implement seamless vMotion of VM’s

between physically separate datacenters

Experiment with VMware EVORail

with iDASH Cloud -> “Cloud in a Box”

(11)

Thank you!

(12)

Secure VM Templates

Full disk encryption

Built-in Firewall

Secure shared memory

No root SSH

Protected su

Harden sysctl networking

Disabled Open DNS Recursion

IP Spoofing protection

Hardened PHP for webapps

Apache application firewall

-ModSecurity

ModEvasive protection of

webapps from DDOS attacks

Automatic logs scanning and

banning of suspicious hosts

-DenyHosts and Fail2Ban

Intrusion Detection

- PSAD

Periodic checking for RootKits

-RKHunter and CHKRootKit

Autoscan for open Ports - Nmap

Analysis of system log files

-LogWatch

SELinux / Apparmor

application

boundary enforcement

System security auditing

with

References

Download now ( PDF - 12 Page - 1.92 MB )

Related documents

Annex H6. Clocaenog Forest Wind Farm Cumulative Assessment Figures

Prevailing Background Noise Level Lower Absolute Noise Criterion : ETSU-R-97 Upper Absolute Noise Criterion : ETSU-R-97 Predicted LA90 Clocaenog Forest WTGs Predicted LA90 Tir

An exact formula for default swaptions’ pricing in the SSRJD stochastic intensity model

Default swaps have been shown in Brigo and Alfonsi (2005) to be relatively insensitive to the corre- lation between brownians driving the intensity and interest rate processes when

Meter Test-Socket Adapter

Please use the following steps to connect the socket adapter to the SEL-735 or SEL-734 meter and test set.. Ensure the circuit

Classification Techniques (1)

• Memorizes entire training data and performs classification only if attributes of record match one of the training examples exactly. –

Genre Based Approach: A Way to Enhance Students’ Writing Ability

The implementation of error analysis based action research by using genre based approach in writing class improves students’ grammar in writing recount

Contents THE. - Fall Special Thanks to Contributing Editors.

The Supreme Court disagreed and held that if an appellate court determines that the expert report is deficient and remands the case to the trial court, the trial court still has

NÁVRH ELEKTRONICKÉHO OBCHODU PRE FIRMU KNIHA MARCELA KUTEJOVÁ DESIGN OF A E-SHOP FOR THE BOOK STORE MARCELA KUTEJOVÁ

Štruktúra stránok bude zaistená odbornou firmou, ktorú si uţ firma Marcela Kutejová, s.r.o., vytypovala a zadanie projektu tejto firme sa bude upresňovať aj na

Case Law. Control, Ethics and Disciplinary Body & Appeals Body. Case Law. CEDB & Appeals Body. 2014/2015 (July December)

It remains for the Appeals Body to examine whether the Control, Ethics and Disciplinary Body respected the regulations and legal principles, in particular those of legality