idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute



Similar documents
What is Cloud Computing? Why call it Cloud Computing?

Cloud Computing. Adam Barker

vcloud Suite Architecture Overview and Use Cases

Cloud Courses Description

Cloud Courses Description

The Private Cloud Your Controlled Access Infrastructure

Cloud Services. May 28 th, 2014 Athens, Greece

Cloud Computing Technology

Security Best Practices Overview

Oracle Applications and Cloud Computing - Future Direction

Assignment # 1 (Cloud Computing Security)

Cloud Security:Threats & Mitgations

Oracle Database Cloud Service Rick Greenwald, Director, Product Management, Database Cloud

NET ACCESS VOICE PRIVATE CLOUD

Chapter 11 Cloud Application Development

Amazon Web Services Demo Tech Exchange. Slides:

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

If you do NOT use applications based on Amazon Web Services raise your hand.

CLOUD COMPUTING. When It's smarter to rent than to buy

The Cloud, Virtualization, and Security

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

Visions of Clouds and Cloud Security. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Software and Cloud Security

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone

URL:

Design of Cloud Services for Cloud Based IT Education

ABOUT ME. My name is Davor Guttierrez

Introduction What is the cloud

CSE543 Computer and Network Security Module: Cloud Computing

Altus UC Security Overview

MANAGED MICROSOFT AZURE SERVICES

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

CompTIA Cloud+ 9318; 5 Days, Instructor-led

Cloud Hosting. QCLUG presentation - Aaron Johnson. Amazon AWS Heroku OpenShift

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

What s New in Microsoft Server 2012? #TECH1. Mike Georgopoulos Senior Consultant, esentio Technologies

Double-Take Cloud Migration Center (CMC) Tech Brief

NEXT-GENERATION, CLOUD-BASED SERVER MONITORING AND SYSTEMS MANAGEMENT

Networks and Services


Cloud Computing. Chapter 1 Introducing Cloud Computing

CloudFTP: A free Storage Cloud

Cloud Computing Trends

Effective End-to-End Cloud Security

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

CLOUD SERVICES FOR EMS

A Comparison of Clouds: Amazon Web Services, Windows Azure, Google Cloud Platform, VMWare and Others (Fall 2012)

Introduction to Cloud computing. Viet Tran

SURFsara HPC Cloud Workshop

Addressing Data Security Challenges in the Cloud

SaaS Security for the Confirmit CustomerSat Software

Cloud Hosting. Quick Guide 7/30/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

Cloud Computing. Chapter 1 Introducing Cloud Computing

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012

NCTA Cloud Operations

WINDOWS AZURE EXECUTION MODELS

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

ITP 140 Mobile App Technologies. Web Hosting and Cloud by Nathan Greenfield

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Trust but Verify. Vincent Campitelli. VP IT Risk Management

Restricted Document. Pulsant Technical Specification

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management

VMware for your hosting services

Private Distributed Cloud Deployment in a Limited Networking Environment

<Insert Picture Here> Private Cloud with Fusion Middleware

Layered Tech Cloud Data Center Service Guide

Introduction to VMware EVO: RAIL. White Paper

OpenNebula Open Souce Solution for DC Virtualization

WHITEPAPER. One Cloud For All Your Critical Business Applications.

Introducing Data Management (a Cloud Service) David Cohen, Architect and Senior Technologist Cloud Infrastructure Group EMC Corporation

Security Overview Enterprise-Class Secure Mobile File Sharing

Getting Started Hacking on OpenNebula

The last 18 months. AutoScale. IaaS. BizTalk Services Hyper-V Disaster Recovery Support. Multi-Factor Auth. Hyper-V Recovery.

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

OTM in the Cloud. Ryan Haney

Security Information & Policies

Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on

Appendix C to DIR Contract Number DIR-TSO-2736 SunGard Availability Services Discount Level: 25% Managed Data Center Services - Cloud Hosting

CLOUD COMPUTING & SECURITY -A PRACTICAL APPROACH

Data Centers and Cloud Computing

NCTA Cloud Architecture

How To Compare Cloud Computing To Cloud Platforms And Cloud Computing

Mit Soft- & Hardware zum Erfolg. Giuseppe Paletta

Digital Forensics for IaaS Cloud Computing

OpenNebula Open Souce Solution for DC Virtualization

GoodData Corporation Security White Paper

Cloud S ecurity Security Processes & Practices Jinesh Varia

IBM EXAM QUESTIONS & ANSWERS

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar

OpenNebula The Open Source Solution for Data Center Virtualization

CHOOSE CONNECTRIA CLOUD AND MANAGED HOSTING

Het is een kleine stap naar een hybrid cloud

FileCloud Security FAQ

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Transcription:

integrating Data for Analysis, Anonymization, and SHaring idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute Claudiu Farcas, Antonios Koures

Outline Infrastructure Overview Typical Scientific Cloud Challenges idash Cloud & SHADE Repeatable Results Status and Future Plans 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 2

idash Environments PHI Website PHI Repo. Miconcur icons Enterprise Non-PHI Non-PHI Repo. NLP Privacy Virtualization Hardware Cloud Proj.1 Proj.2 Proj.3 Proj.4 HIPAA Firewalls Separate VPN pool Physical separation Redundancy Two Factor Authentication Encryption at rest/in transit Centralized logging Intrusion detection Proxies and filters Hardened (secured) system configurations Remote Backups/DR 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 3

Typical Scientific Analysis Short reads Call Deleterious SNPs Complex stuff SaaS PaaS IaaS Biomedical researchers, Clinicians, Other end-users Examples: Google Docs, Office 365 Bioinformatics researchers, Front-end developers Examples: Heroku, Google App Engine Algorithm developers, Bioinformatics researchers, Sysadmin Examples: Amazon EC2, Microsoft Azure 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 4

To Cloud or Not to Cloud? Typical bioinformatics applications are NOT cloud aware Almost nothing at PaaS this is not web development Most published cloud papers use public Amazon VMs Privacy & Security are afterthought Data still goes around with unencrypted FTP End-to-end analyses need serious work This is a young field of science, practitioners have limited IT skills. 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 5

idash Cloud & SHADE Overview Compute & storage elastic, HIPAA-compliant On-demand User-friendly Data analysis environment AUTOMATED Compute nodes Memory Disk storage Networking Powered by VMware compute request, direct upload & download of proprietary data, tool, recipe to CLOUD Data Tools Recipes upload & download to SHADE middleware and HIPAA security developed by idash Safe HIPAA-compliant d Data deposit box Environment HIPAA and non-public data Powered by MIDAS public data, tools, recipes 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 6

Repeatable Results idash Short reads Context Blueprint Reference DB Test data Configuration Helper tools Context Instance Reference DB Input Test data Results Configuration Helper tools Call Deleterio us SNPs idash OS Short reads Call Deleterious SNPs 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 7 Context Blueprint Reference DB Test data Configuration Helper tools Short reads Call OS Deleterious SNPs Context Blueprint Reference DB Test data Configuration Helper tools Short reads Call OS Deleterious SNPs Context Bookshelf Blueprint Reference DB Test data Configuration Helper tools Short reads Call OS Deleterious SNPs MyDATA idash Cloud + SHADE OS Short reads Call Deleterious SNPs

Improvements in Y4 Ordered and installed additional hardware to increase cloud capacity and provide tiered services: 180TB Dell Compellent tiered storage (SSD, 15K, 7.2K) 2 Dell R920 servers with 1TB Ram, 4 Intel E7-4870v2 CPU s/15 Core Software and Security Improvements Implemented Data Replication for DR Upgraded to vcloud 6.0 Improved VM provisioning automation Improved user portal Improved automation of storage tiering 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 8

idash Cloud 3 computation tiers 3 storage tiers 10GbE throughout Full redundancy RSA Two Factor Auth. Remote data replication 800+ cores 7TB+ RAM 600TB+ storage

Future plans Improve User Experience and Management Improve collaborative environment (SocialCast, SHADE) Implement seamless vmotion of VM s between physically separate datacenters Experiment with VMware EVORail with idash Cloud -> Cloud in a Box Implement ITBM (IT Business Management) 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego 10

Thank you! (More) Questions? 9/25/2014 Supported by the NIH Grant U54 HL108460 to the University of California, San Diego

Secure VM Templates Full disk encryption Built-in Firewall Secure shared memory No root SSH Protected su Harden sysctl networking Disabled Open DNS Recursion IP Spoofing protection Hardened PHP for webapps Apache application firewall - ModSecurity ModEvasive protection of webapps from DDOS attacks Automatic logs scanning and banning of suspicious hosts - DenyHosts and Fail2Ban Intrusion Detection - PSAD Periodic checking for RootKits - RKHunter and CHKRootKit Autoscan for open Ports - Nmap Analysis of system log files - LogWatch SELinux / Apparmor application boundary enforcement System security auditing with Tiger

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information