Cambridge Cognition: Secure Neuroscience Technology for Better Brain Health – Case Study

Ensuring business-critical data is safe and accessible is important in any industry, but particularly for biotech firms and pharmaceutical companies performing clinical trials.

Founded in the United Kingdom (U.K.) in 2002, Cambridge Cognition specializes in the creation and delivery of cognitive tests to assess brain health within three market segments: academia, pharmaceutical clinical trials, and digital health. Each industry depends on the reliable collection and flow of data to perform accurate clinical tests. This means Cambridge Cognition is operating in an environment with no margin for error; where seconds of downtime can result in clients wasting time and money, with the potential to negatively impact a treatment plan or compromise results.

Cambridge Cognition’s decision to host data in the cloud was dependent on the vision to make data accessible from anywhere and on any device. The challenge was whether that could be done successfully while guaranteeing the security of information at rest and in transmission – all the advanced science, technology, and functionality have no value if the software is not available or is unable to send data or retrieve information from the server, when running the tests. Lost data from a trial or missed timepoints could require a client to repeat part or the entirety of a study, costing more than $100,000.

“Any failure costs the client money, because they don’t get the data, and they can’t retake the data for that time point at a later time,” explained Ricky Dolphin, CTO of Cambridge Cognition. “For us, in terms of choosing a provider to deliver our software technology, we needed to have complete reliability and to be able to deploy through the internet worldwide onto people’s devices for ease of use,” he concluded.

With an excess of 50 concurrent studies with a global distribution at any given time, ensuring availability was still only one piece of the puzzle. Given the sensitive nature of the data and the need to comply with regulations, maintaining the security of the data is paramount. On their own, fines for violating the General Data Protection Regulation (GDPR) can be significant for any company but, when combined with the loss of reputation that can result from a breach or violation, the effect can be devastating.

“We were looking for a vendor that understood the market and the sensitivity of healthcare data,” says Dolphin. “We wanted a service provider that was going to be responsive to a customer of our size and give us a feeling of comfort backed by true security.”

“With service from a larger provider, we would have to review the offerings on the web, figure out the services we needed, and then construct the solution,” he continues. “With Armor, I could call or have a face-to-face meeting and explain what was important to us. Armor then constructed the solution and presented it back to us. We could then discuss and execute our customized plan.”

“The issue with our previous security provider was a lack of active security and a lack of understanding about what mattered to us,” says Dolphin. “One occasion springs to mind where the larger provider were planning to move the data center, and the downtime and lack of fallback if things went wrong was unacceptable. Shortly after we switched to Armor, our previous security provider had a denial-of-service (DoS) attack that affected their servers, so it was a decision that was proved correct.”

Cambridge Cognition ultimately chose to host in Armor's private cloud with the Armor Anywhere solution, which gives clients a virtual private cloud (VPC) with built-in security controls designed to provide industry-leading prevention, detection, and response services. The solution goes beyond alerting, blocking 99.999% of all malicious security events and reducing the dwell time of threat actors from days to minutes with a 24/7/365 security operations center (SOC).

“We want to be able to focus on our business and not have to put together a team to do this or that, look into the dark web, etc.,” says Dolphin. “One of the key things that strikes me is that Armor partners with major cloud players to deliver additional services that they believe are valuable to strengthen an organization’s security.”

When considering different vendors, it was critical for Cambridge Cognition to find a provider that could meet its compliance needs—from HIPAA to ISO/IEC 27001—and was willing to be audited.

Larger providers typically do not allow visits to their datacenters and or anything that seems close to an audit. Being able to do an on-site visit allowed leadership to speak with knowledge to customers about their security posture, as well as their security processes made possible by Armor. This level of knowledge and communication continues to make a significant difference.

Another significant factor in the decision-making process was having a provider with global reach. As Cambridge Cognition expands its footprint, having a provider with datacenters in the United States, Europe, and the Asia-Pacific region is important to its leadership because compliance regulations can make the movement of information between data centers on different continents challenging. In the case of a global clinical trial, there may also be users who want to analyze data across multiple regions but do not want certain data to leave the region where it is stored.

“In terms of our growth with Armor, having datacenters in the United States and Europe, as well as in Asia-Pacific, helps us provide reassurance when we are doing business in areas where controlling data flow and replication is particularly critical,” explains Dolphin.

As part of its due diligence, Cambridge Cognition analyzes its relationship with Armor to ensure it continues to make financial sense as Cambridge Cognition grows.

“When we look at other options to examine our strategy, we always consider what it would cost to layer the type of security we get from Armor on top of whatever offering we use,” Dolphin says. “It continues to make the most sense to stay with Armor.”

Cambridge Cognition has used its Armor secured platform to deliver over 1 million cognitive tests, and that number continues to grow with the needs of the industry.