GenomicOS employs a defense-in-depth strategy, layering multiple security mechanisms to ensure that your genomic data remains protected even if individual safeguards are compromised.
GenomicOS can be deployed in completely isolated environments with no internet connectivity, providing maximum security for sensitive genomic data.
Principle of Least Authority
GenomicOS implements the Principle of Least Authority (POLA) as a cornerstone of its security architecture, ensuring that every component, process, and user has access only to the specific resources required to perform its designated function, nothing more.
Each analysis pipeline, tool, and user interface in GenomicOS operates within strictly defined permission boundaries. When a genomic analysis tool needs to process a specific dataset, it receives temporary, read-only access to precisely the data required, not your entire file system.
Infrastructure as Code
GenomicOS leverages Infrastructure as Code (IaC) principles with OpenTofu to ensure consistent, secure, and auditable infrastructure deployments. This approach transforms infrastructure management from manual processes into versioned, testable code. Infrastructure is deployed through code that is version-controlled, tested, and automatically validated, eliminating human error and ensuring security standards are consistently applied across all deployments.
-
Components are modularised for better security isolation, easier auditing, and repeatable deployments across environments.
-
Constant security assessments, with automated scanning and regular penetration testing to identify vulnerabilities.
-
A dedicated team maintains an always-active on-call schedule, ensuring immediate response to security events and infrastructure issues.
seL4
seL4-inspired architecture isolates critical system components into separate protection domains, ensuring that a compromise in one area cannot affect others. This compartmentalisation creates security boundaries that contain potential threats and prevent privilege escalation.
- •Formal verification of critical security components
- •Strong isolation between system components
- •Minimal trusted computing base reducing attack surface
- •Controlled information flow between components
Biosecurity
- We don’t scope access to legacy regulatory compliance, real security goes beyond checklists.
- Security and Privacy by default.
- Options for higher levels of authentication.
- Defensive in Dept
- Local First