Enabling a Robust Infrastructure Architecture with Comprehensive Security Controls for Medical Research



Executive Summary

One of the overarching benefits that cloud solutions provide is the ability for customers to quickly provision and scale up their implementations rapidly due to expected or real-time demand. Like many organizations that had a tremendous growth through the last few decades, the University of California, San Francisco (UCSF) School of Medicine built and maintained large data centers to operate research and patient care related applications. The self-managed data center has finite resources and lengthy processes for the procurement and deployment of additional capacity.

UCSF’s mission is dedicated to "advancing health worldwide." The IT leadership team identified that a key technical capability to increase their velocity towards this mission was the ability to quickly deploy transient environments with high compute and storage requirements. The platform for this capability would need to be secure, agile, and cost-effective. The goal was to deliver actionable results that impact real patient outcomes.

The Challenge

UCSF wanted to see if there was a way to move into the cloud since the benefits were so compelling. However, their biggest area of concern was security. Because the research data they were utilizing was medical in nature and contained Protected Health Information (PHI), UCSF was required to adhere to HIPAA regulations and subjected them to high levels of internal scrutiny and the NIST Security Framework. They reached out for assistance from AWS Premier Consulting Partner ClearScale with the organizational policies and procedures which ultimately would allow them to have ClearScale design an appropriate architecture that provided tight security controls while still allowing UCSF to have easier provisioning and deployments.

The ClearScale Solution

The design that UCSF chose to implement for this capability was referred to internally as the "secure envelope." Several IT functions were compartmentalized into separate AWS accounts (SecOps, DevOps, Remote Access, and Data Storage) to increase security posture and reduce blast radius. The "secure envelope" services enabled research users to quickly deploy their own environments that were automatically integrated with security and compliance controls. UCSF created an account vending machine model.

In this model, new research deployments were created in unique accounts for isolation. All of the research deployments automatically use approved AMIs and all services are connected to the appropriate controls in the SecOps account. Researchers had the freedom to configure, and iterate through application deployments using configuration management tools. With this design, research projects can be deployed quickly and comply with a set of predefined security services. All controls were identified and mapped to the NIST Framework to address HIPAA requirements.

The Benefits

This collaborative approach with AWS Premier Consulting Partner ClearScale enabled UCSF School of Medicine to increase infrastructure delivery speeds by 90x by using the AWS Infrastructure-as-a-Service (IaaS) platform. Not only did it reduce time to deliver the necessary infrastructure, but it enabled bursts in capacity to handle transient workloads at a variable cost. Security teams can manage controls across the organization, reduce overall risk, and protect patient data. Researchers have been able to take their ideas into action on day one. The ultimate result is that UCSF has pushed the limits again towards their mission of "advancing health worldwide."

Talk to Us

To speak with ClearScale now, call 1-800-591-0442

ClearScale is ready to handle your next cloud project. Get in touch today to speak with a cloud expert and discuss how we can help.
San Francisco

One Market St., Spear Tower

Suite 3600

San Francisco, CA 94105

O: 1-800-591-0442

San Jose

5450 Thornwood Dr

Suite #L

San Jose, CA 95123


1400 16th Street,

Suite 400

Denver, CO 80202

O: 1-720-932-8028


2942 N 24th Street,

Suite 114

Phoenix, AZ 85016

O: 1-602-560-1198

New York

165 Broadway, 23rd Floor

New York City, NY 10006

O: 1-646-759-3656


11757 Katy Freeway

Suite 1300

Houston, Texas 77079

O: 1-281-854-2088


100 King Street West

Suite 5600

Toronto, Ontario, M5X 1C9

O: 1-416-479-5447

About Us  |  Careers  |  Privacy Policy