Compliance in AWS
Sherlock partnered with AWS to duplicate its managed services in the AWS Cloud to leverage scale and automation AWS cloud offers. Sherlock understands that public Cloud platforms do not offer end-to-end compliant capability; customers are expected to deploy compliant compute and storage services and build the necessary management services on top to meet compliance. Sherlock’s approach is to address this gap by building the necessary services on top of the public Cloud resources, thereby offering customers end-to-end compliance.
Sherlock innovation accelerator solutions provide quick access to on-demand, elastic, secure, data services to tackle a variety of data. These turnkey services span the entire data pipeline including ingestion & integration, storage, compute and end user tools. Users have the option to “build your own data pipeline” that is fully customizable. Automation enables infrastructure provisioning, segmentation and security groups setup, encryption, data pipeline setup and tuning - all operating within the secure boundaries of Sherlock Cloud.
Big Data Platforms
Sherlock's Innovation Accelerator Platforms provide organizations quick access to on-demand, elastic, secure, big data platforms to tackle large amounts of data. Sherlock’s first offering as part of this capability is the Amazon EMR platform, a turnkey HIPAA-compliant EMR platform configured with Apache Spark. AWS EMR platform is deployed in minutes with automation to enable infrastructure provisioning, security groups setup, encryption, cluster setup, Hadoop configuration, and cluster tuning - all operating within the secure boundaries of Sherlock Cloud.
Leveraging our FISMA experience, we offer a HIPAA-compliant cloud solution. This environment was built according to NIST 800-53 requirements to comprehensively address the administrative, physical, and technical safeguards required by HIPAA. Sherlock’s HIPAA environment has successfully passed external and internal audits, thereby ensuring the security and privacy of Protected Health Information (PHI) and electronic Protected Health Information (ePHI). Our HIPAA-compliant cloud hosting solution is available on-premise, in AWS cloud or a combination of the two environments.
A more recent addition to the Sherlock portfolio is our CUI-compliant environment. The federal government requires nonfederal entities to protect non-classified information that they receive from a federal entity; CUI must be protected when processed, stored, transmitted and used in nonfederal information systems. As the CUI requirements provided in NIST 800-171 are based on the NIST 800-53 Moderate baseline (and FIPS 200), Sherlock cloud is able to seamlessly create an environment that provides the necessary safeguards.
Sherlock offers Federal Information System Management Act (FISMA) complaint cloud hosting, which implements hundreds of National Institute of Standards and Technology (NIST) controls governing system access, information control, and management processes. Sherlock Cloud has successfully passed yearly audits since its inception in 2008, and is the largest FIMSA-certified cloud within the University of California system. Sherlock’s FISMA-compliant hosting solution is available on-premise and in AWS cloud.
Sherlock Analytics provides a platform for analyzing large, sometimes disparate data sets using best of breed tools and analytic approaches. This includes the analysis infrastructure, expertise, tools, and processes needed to apply algorithms and statistical methods that yield tangible results on both static datasets and real-time streaming data. The platform also provides business intelligence capabilities that can be used by less technical users to analyze data or expose customizable dashboards to management for enhanced decision support.
Navigating the sea of compliance can be challenging and confusing, and failure to properly secure your organization’s intellectual assets could leave you vulnerable to attacks and unwanted penalties for failure to comply. Sherlock understands the requirements of research computing and how the needs of researchers and investigators may differ from those of the typical end users of commercial Cloud platforms. Our experts are available to help guide you through the unchartered waters of compliance, enterprise IT and cybersecurity, and minimize the challenges.
Compliance in Azure
Sherlock is partnering with Microsoft to duplicate its managed services in the Azure Clouds. Sherlock understands that public Cloud offerings such as Azure and AWS do not offer end-to-end compliant capability; customers are expected to deploy compliant compute and storage services and build the necessary management services on top to meet compliance. Sherlock Cloud’s approach is to address this gap by building the necessary services on top of the public Cloud resources, thereby offering customers end-to-end compliance.