Although it may seem counterintuitive, transplanting your lab’s data and workflows from your on-premises servers to a third-party’s cloud-based laboratory information management system (LIMS) makes your lab more secure. However, moving your lab’s operations into the cloud also splits responsibility for security between you and your cloud LIMS vendor.
Security in the cloud is one factor laboratories must consider when adopting a LIMS. This blog post will discuss the shared security responsibilities in a software-as-a-service (SaaS) business model and explain how LabLynx’s cloud-based LIMS offers security advantages over an in-house application. For more advanced discussion on this topic, download the Guide to Lab Security with a LIMS.
What is software as a service?
In the SaaS business model, providers host their applications in the cloud rather than distribute standalone software packages. Customers subscribe to the service, which their users access over the internet through their browsers.
Letting third parties run critical business applications was once unthinkable, especially when those applications handled proprietary and sensitive information. Attitudes are much different today. Nearly three-fourths of respondents to a recent survey[1] said their SaaS services outnumber their proprietary applications.
Laboratories see many benefits when they switch to a SaaS LIMS. For example, cloud-based applications are more accessible. Productivity improves when your users can access data analyses and reporting systems from home. In addition, SaaS applications are easier to scale in response to surges in testing demand.
Security is one of the most important benefits of adopting a SaaS LIMS. Your organization no longer needs to protect the servers and other resources of an on-premises LIMS. By comparison, SaaS providers devote more resources to securing their cloud infrastructure. However, that does not mean the adopter of a SaaS solution is completely free from security concerns; it becomes a shared responsibility.
What is the SaaS shared responsibility model?
The shared responsibility model for SaaS offerings essentially means that security becomes a shared responsibility between you and the third-party service provider. This shared responsibility model clearly assigns security management based on what each participant controls directly. Amazon Web Services (AWS) describes this division as security “of the cloud” vs. security “in the cloud.”
Security of the cloud
AWS takes responsibility for its cloud infrastructure, from physically securing its data centers to patching routers and other network hardware. Amazon’s scale lets it employ security experts who constantly monitor the AWS platform for potential threats. Because the company serves governments around the world and businesses in every industry, AWS security controls support compliance programs such as:
- AICPA SOC 2,
- ISO 27001,
- FedRAMP,
- HIPAA,
- GxP,
- CCPA, and
- GDPR.
Security in the cloud
While AWS keeps its infrastructure secure, AWS customers are responsible for securing what they do with Amazon’s cloud platform. For example, they must test and deploy the guest operating system’s latest security updates.
Most SaaS providers build their applications upon cloud platform services such as AWS and assume many of the customer responsibilities in the shared model, including:
- Securing the guest operating system,
- Controlling access to production environments, and
- Monitoring for suspicious behavior or security breaches.
Customers of a SaaS provider take on the remaining security responsibilities, which they control directly, including:
- Creating and enforcing security policies,
- Managing user and administrator access,
- Securing private networks and endpoints, and
- Complying with business policies, industry standards, and regulations.
Cloud security with a LabLynx LIMS
LabLynx offers a SaaS LIMS solution that runs on AWS. As the world’s largest cloud platform service, AWS serves organizations as diverse as BMW, Pinterest, Astra Zeneca, Netflix, and NASA’s Jet Propulsion Laboratory. We leverage this state-of-the-art cloud infrastructure to provide security features, including:
- Advanced encryption of data at rest, in transit within the AWS infrastructure, and in transit over the internet to your lab’s user devices;
- Hourly, daily, and weekly backups to protect your lab’s data integrity and assist with incident recovery; and
- Around-the-clock security monitoring of AWS and LabLynx systems.
Your LabLynx LIMS gives you direct control of your lab’s data security, letting you:
- Define and enforce password policies,
- Integrate your LIMS with your organization’s identity and access management (IAM) system,
- Integrate with third-party multi-factor authentication (MFA) services,
- Limit access to data and workflows based on user roles, and
- Monitor LIMS security with auditing and logging tools.
To understand more about how a LabLynx LIMS enhances your lab’s security, download the Guide to Lab Security with a LIMS.
References
[1] https://venturebeat.com/security/report-saas-app-spending-up-but-security-lags-behind/