How Cloudnexa Helped Coriell Life Sciences Pass HITRUST and Land Contracts Worth Millions of Dollars

The Client

Coriell Life Sciences

Industry

Life Sciences

Location

Philadelphia, PA

Coriell Life Sciences is a biotechnology company specialized in precision medicine care.

Kevin Livelsberger is the Director for Security and Compliance at Coriell Life Sciences and a HITRUST Certified Common Security Framework Practitioner (CCSFP).

The Challenges

Preparing for HITRUST Certification

When Kevin Livelsberger first started as Coriell Life Sciences’ Director of Security and Compliance nearly two years ago, one of his first priorities was getting a clear assessment of their AWS operating environment. The company was preparing to apply for a HITRUST r2 certification, which encompasses several frameworks that are vital for their industry, including HIPAA.

As part of their larger compliance initiative, they needed to make sure their AWS infrastructure followed best practices and was fully secured.

Coriell Life Sciences also had several contractual obligations that required them to get HITRUST certified. If they failed their assessment, they would have been in danger of losing those contracts.

“If we couldn’t get our HITRUST certification, we would ultimately have been in danger of losing contracts that depended on it. We would have lost our standing and our reputation as one of the leaders in precision medicine. That would have been a huge hit to our revenue streams.”

The Solution

A Well-Architected Framework Review and a clear security posture roadmap

Once Kevin granted Cloudnexa access to their AWS, their dedicated Cloud Architect conducted a Well-Architected Framework Review (WAFR) to assess Coriell Life Science’s security risks and vulnerabilities.

Cloudnexa then put together a security posture roadmap to ensure that AWS workloads were encrypted and user groups and configurations were set up correctly for access control. They began working with Coriell Life Sciences to fix the vulnerabilities they uncovered. Within 60 days, their architecture was 100% in line with AWS best practices.

The assessment saved Kevin and his team countless hours of compliance work. It also gave his team a much better scope of their AWS environment, which was extremely valuable for evidence collection as they prepared for their HITRUST assessment.

“The review saved us time and money because we didn’t have to go and figure out these details on our own.”

Results

Three new contracts worth millions of dollars

Thanks to Cloudnexa’s security recommendations, Coriell Life Sciences passed their HITRUST certification with flying colors.

In comparison, if they had tried to conduct a similar assessment internally, Kevin estimates they would have spent at least 20 to 30 hours just trying to understand controls and configurations, which their Cloudnexa Cloud Architect was able to show them in a matter of minutes.

Partnering with Cloudnexa has more than paid off for Coriell Life Sciences: Since passing their certification they’ve signed three new contracts that required HITRUST, resulting in millions of dollars of revenue for their company.

“I couldn’t be happier with where we are security-wise, given where we were when I first came in the door. Cloudnexa working with us to get those security best practices in place for our AWS architecture was really key in setting the foundation. We are in a much, much better security posture than we were just two years ago.”