SOPHiA GENETICS leverages Microsoft 365 E5 and Microsoft Sentinel to minimize security risks and reduce costs

SOPHiA GENETICS is a Swiss-based company that supplies data-driven solutions for healthcare providers. Founded in 2011, SOPHiA GENETICS now has offices in Switzerland, France, the UK, and the USA. The company’s flagship offering is SOPHiA AI, a cloud-based platform that uses AI to analyze genomic data. SOPHiA AI makes it possible to identify genetic variants, diagnose diseases, and make well-founded decisions about how to treat patients. SOPHiA GENETICS receives Horizon 2020 funding from the European Union and has won accolades such as the Swiss Technology Award.

Partner

Ontinue is a leading provider of AI-powered Managed Extended Detection and Response (MXDR) services, empowering modern organizations to securely embrace their digital future. Ontinue ION leverages an AI-powered platform, human expertise, and their customers’ own Microsoft tools to deliver tailored protection that conforms to the customer’s environment and operations. The result is fast threat detection and response, and continuous security posture hardening. With ION handling the daily security operations, CISOs and their teams get more time back in their day to focus on the next big initiative to propel their organization forward.

A powerful network for medical research

SOPHiA DDM from SOPHiA GENETICS is a cloud-based software as a service (SaaS) platform that enables healthcare organizations to quickly and reliably derive valuable insights from their data. This places both their processes and their decisions on a solid, data-based foundation. The technology is used for diseases such as cancer and hereditary conditions where a combination of genomic and phenotypical information is critical to discovering the diseases, determining therapeutic pathways, and developing medication. The aim is to guarantee equal access to healthcare for patients around the globe. Since the company makes highly sensitive data available, IT security is naturally a very important issue. SOPHiA GENETICS has been collaborating with Microsoft for a number of years and uses Microsoft 365. For the company, it was therefore only logical to extend this partnership into the field of security. With the aid of Microsoft tools and expert advice from Microsoft and Ontinue, this collaboration led to a security system that was implemented quickly and helped consolidate the overall IT landscape. Not only that, it fully met all the security demands of SOPHiA GENETICS’ highly sensitive business model. “Cooperation with Microsoft leaves SOPHiA GENETICS ideally equipped for the future," said Jonathan Sinclair, Chief Information Security Officer at Sophia Genetics. "With such a reliable partner by our side, we are free to concentrate on our core business: supporting healthcare organizations and their patients.”

Identifying and minimizing security risks

For medical institutes that want to use its data network, SOPHiA GENETICS provides data analytics via a software as a service platform. Physicians use genomic and phenotypical information to analyze the type of cancer their patients are suffering from and upload this data to the network platform. Staff at SOPHiA GENETICS compare it with information from their global network to identify potential forms of treatment. These are then proposed to the doctors.

For many years, SOPHiA GENETICS' IT security strategy was based on a best-of-breed approach: Rather than relying on one single producer, the company deployed solutions from different providers. However, as threats became more complex and the company needed watertight security for the highly sensitive data it managed, this approach proved to be less than ideal. The complexity of the client’s data management pushed the managed security service provider (MSSP) to its limits. Moreover, the MSSP had no connectivity with technologies such as Microsoft Azure, which SOPHiA GENETICS was already using. The people at SOPHiA GENETICS had to transfer data from their own cloud to the MSSP, configure it in advance and update it separately for the provider. This way of working was laborious and time-consuming. But it also created a security risk, because the provider was not using the same Microsoft tools for endpoint security as SOPHiA GENETICS itself. The result? Huge expenses in terms of time, money, and human resources.

Greater security, better control, and more efficiency

Since the company had already long been engaged in strategic collaboration with Microsoft in other areas and used the Azure cloud infrastructure, approaching Microsoft to find security solutions for its complex network was the obvious thing to do. The goal was to have all data managed on a single secure platform to which external healthcare providers would also have secure access. This also eliminated the need to transmit data or enter it by hand. Instead, all data could now remain safely in SOPHiA GENETICS‘ cloud thanks to the new solution. Access is regulated and managed by the company itself.

This solution minimized the security risks caused by data transmission with the past solution, as well as cutting costs. Microsoft supplied SOPHiA GENETICS with the right security package in the shape of Microsoft 365 E5 and Microsoft Sentinel. Implementation could not have gone more smoothly: Adding the new security elements to the existing Microsoft tools was quick and easy. SOC provider Ontinue partnered with SOPHiA GENETICS‘ IT managers during implementation.

Step by step, the entire security structure was migrated to Microsoft solutions. Beyond replacing the existing solutions, it was also important to establish an end-to-end security architecture that far surpassed the previous standard. Although SOPHiA GENETICS uses devices and servers from different vendors, Microsoft solutions provide comprehensive protection against cyberattacks.

In addition, Microsoft partner Ontinue has established an around the clock SOC that detects, analyzes, and remedies 99.5% of critical incidents, without requiring customer escalation. Ontinue uses Microsoft Azure Lighthouse to access SOPHiA GENETICS’ security environment (Microsoft Sentinel) from its own SOC infrastructure. In the client’s environment, central collection, correlation, and monitoring of everything very quickly made it possible to consolidate the company’s IT landscape, make it more efficient, and also sharply reduce the cost in terms of money and human resources. All SOPHiA GENETICS staff received special security and data protection training across the various communication channels.

“Implementation was rapid and very simple, as we were able to build on the existing Microsoft infrastructure," said Sinclair. "All the data was migrated within a few months, which saved us a lot of time and money.”

Secure global data management for the medical care of tomorrow

Collaborating with Microsoft gives SOPHiA GENETICS the added benefit of access to a global network of data centers, which Microsoft makes available to its customers. This means that SOPHiA GENETICS‘ data is stored on location at regional data centers, improving security and guaranteeing faster access. This arrangement also ensures compliance with local legislation regarding the handling of sensitive data. In close collaboration with Microsoft and its partner Ontinue, the IT managers at SOPHiA GENETICS continuously adapt their security strategy to changing threat scenarios and deploy cutting-edge security solutions to respond to threats and attacks. In the future, SOPHiA GENETICS plans to analyze the genetic data collected in its global network even more efficiently within a digital patient journey. It will thus enjoy even greater benefits from experience gained in other cases, giving patients the best possible support during treatment. Thanks to the end-to-end security measures now in place, there should be nothing that can stand in the way of this vision. "Cooperating with Microsoft is a real game changer. It makes my job as CISO so much easier," said Sinclair. "We have been able to significantly reduce both personnel requirements and costs. And communicating directly via Teams gives us the transparency we need to make fast decisions. Going forward, we will continue to use this technology."