Data security is a key concern in deciding to move to cloud-based genomic storage and analysis. Illumina BaseSpace Sequence Hub is hosted on Amazon Web Services (AWS) and provides a combination of Amazon’s comprehensive and well-tested approach to platform security, overlaid with Illumina’s own security testing and procedures. These procedures include reviews and tests by independent security professionals. This cloud genomics solution meets or exceeds the security provided by many institutional IT infrastructures.
Illumina sequencing instruments have onboard control and workflow software. This software includes a robust data-streaming component, which acts as a software broker with the BaseSpace Sequence Hub API. Through this broker, you can transfer individual base call (*.bcl) files over an encrypted connection to the BaseSpace Sequence Hub. You can then verify the files and assemble them into samples for analysis on the interface. You can perform this transmission and analysis during the sequencing of a run.
The instrument control software does not allow publicly addressable inbound communications. All communication is made through standard https requests initiated by the user at the instrument. Each data-upload transaction is linked to an authenticated user account.
Illumina works with Amazon Web Services (AWS), the leader in cloud-based infrastructure. AWS hosts customer-facing services and critical operations for both private industry and US government departments, including Treasury, DOE, and State. Amazon security processes and standards are publicly available for review. AWS standards and accreditation include:
SOC 1/SSAE 16/ISAE 3402 (auditing)
FISMA moderate (US Federal Government; for reference, the NIH data centers are rated FISMA moderate)
PCI DSS Level 1 (electronic payments)
ISO 27001 (international security standard)
FIPS 140-2 (encryption)
Also, security staff and controlled access procedures protect AWS data centers. Staff with system access undergoes background checks, and all hardware is located behind firewalls that are configured by default to block all traffic. Operating security patches are automatically applied to AWS servers, including BaseSpace Sequence Hub servers. AWS actively monitors its firewalls to check for vulnerabilities, a service beyond the resources of most institutions. BaseSpace Sequence Hub encrypts all data, something that is rarely done in the institutional IT setting.