Secure Compliant Cloud

Sherlock Cloud is a secure, multi-tenant, private Cloud platform that provides managed services to meet the computing and data management needs of our academic, government, and industry customers. Sherlock Cloud is compliant with the Federal Information System Management Act (FISMA), Health Information Portability and Accountability Act (HIPAA), and NIST Controlled Unclassified Information (CUI) requirements.

Managed Services

Most organizations consider technology to be a means to an end and lack the necessary resources and expertise to effectively operate enterprise infrastructure. That is where we come in. We have a team of experts with the knowledge and experience to provide a holistic solution. Our compliant managed services are designed for customers who need a secure environment to protect data and prefer a more hands-off approach when it comes to the intricacies and requirements of compliance.

Custom Solutions

We understand that every organization is unique and requires a tailored solution. Our team works cooperatively with our customers to create custom solutions that meet and exceed their needs. The Sherlock Cloud platform has already helped support a number of critical applications including preventing Medical Fraud, Cancer Research, Enterprise Risk Management, Population Health Research and more.

Compliance in AWS

We have expanded our compliance expertise to now offer our customers a solution utilizing the AWS Cloud. Our customers will have the option to choose managed compliant services operating on premise at SDSC, in the AWS Cloud, or a combination of the two. Sherlock belongs to a select group of academic cloud service providers that partner with AWS to offer compliant managed services.


Navigating the sea of compliance can be challenging and confusing, and failure to properly secure your organization’s intellectual assets could leave you vulnerable to attacks and unwanted penalties for failure to comply. Our experts are available to help guide you through the unchartered waters of compliance, enterprise IT and cybersecurity, and minimize the challenges.

Data Lab

Sherlock Data Lab helps transform digital data into meaningful information using a hybrid approach to data management that includes both a top-down and bottom-up design. The framework provides data integration capabilities, allowing data to be captured, rationalized, homogenized, and managed using best practices and standards. This includes dynamic mappings, transformations, and master data management techniques utilizing established governance methodologies, with specific focus on data quality and metadata management.

Sherlock at Work

Sherlock Cloud was established to provide managed compliant services to meet the secure computing and data management needs of our academic, government, and industry customers. Our compliance involves managing the entire software and hardware platform and the necessary management processes (end-to-end compliant services). Not only is our comprehensive compliance portfolio a proven resource, but we strongly believe our intangibles, namely our superb team, experience, and knowledge provide our customers with an edge. We work together with our customers to jointly solve problems and create an environment that not only meets, but surpasses, their needs.

Nilofeur Samuel
Director, UCOP Risk Services

The Sherlock Cloud team was able to seamlessly take our data and application infrastructure from an open environment to their secure HIPAA-compliant environment in approximately 6 months. This aggressive timeline would not have been feasible absent the expertise and necessary skillset possessed by Sherlock Cloud. The end product has greatly helped secure our data and applications, and we are extremely pleased with the outcome.

James Lacey
Professor & Director of Cancer Etiology, Beckman Research Institute, City of Hope

Sherlock Cloud is entirely HIPAA- and FISMA-compliant, meaning the Sherlock Cloud team has specific experience providing the type of data security that our CTS Data Mart and research require. Our partnership with SDSC’s Sherlock Cloud will modernize the long-standing CTS project through Sherlock Cloud’s innovative data management solutions, which will make the California Teachers Study an example for other studies like this.

Andrew Hackbarth
President, Ursa Health

Thanks for your attention to these periodic support requests. Problems will always occur, but you all continue to distinguish yourselves by the immediate full-court press deployed to address them. We appreciate it.

Bob Sinkovits
Principal Investigator, Human Vaccines Project

The Sherlock Cloud was exactly what we needed for the Human Vaccines Project. Rather than building the infrastructure from scratch to manage our sensitive data, Sherlock made it easy for us to deploy our services and databases in a secure environment so that we could focus on the science instead of worrying about compliance.

Sherlock Service Offerings

Sherlock Cloud contains a FISMA-certified environment that has successfully passed yearly audits since its inception in 2008. This environment was developed and is maintained in accordance with NIST 800-53 requirements, which govern system access, information control, and management processes. Sherlock Cloud is the largest FIMSA-certified cloud within the UC system.

Continue reading

Leveraging our FISMA experience, we expanded our cloud offering to include a HIPAA-compliant environment. This environment was built according to NIST 800-53 requirements to comprehensively address the administrative, physical, and technical safeguards required by HIPAA. Sherlock Cloud’s HIPAA environment has successfully passed external and internal audits, thereby ensuring the security and privacy of Protected Health Information (PHI) and electronic Protected Health Information (ePHI).

Continue reading

A more recent addition to the Sherlock Cloud portfolio is our CUI-compliant environment (NIST 800-171). The federal government requires nonfederal entities to protect non-classified information that they receive from a federal entity; CUI must be protected when processed, stored, transmitted and used in nonfederal information systems. As the CUI requirements provided in NIST 800-171 are based on the NIST 800-53 Moderate baseline (and FIPS 200), the Sherlock Team was able to seamlessly create an environment that provides the necessary safeguards.

Continue reading

Sherlock Cloud is collaborating with AWS to duplicate its managed services in the AWS Cloud to leverage scale and automation public Clouds offer. Sherlock Cloud understands that public Cloud offerings such as AWS and Azure do not offer compliant services; customers are expected to buy compliant compute and storage services and build the necessary management services on top to meet compliance. Sherlock Cloud’s approach is to address this gap by building the necessary services on top of the public Cloud resources, thereby offering customers end-to-end compliance.

Continue reading

Our Clients