{"id":12482,"date":"2025-01-28T09:48:27","date_gmt":"2025-01-28T17:48:27","guid":{"rendered":"http:\/\/www.sumologic.com\/?post_type=resource&p=12482"},"modified":"2026-03-18T14:19:22","modified_gmt":"2026-03-18T22:19:22","slug":"medidata","status":"publish","type":"resource","link":"https:\/\/www.sumologic.com\/case-studies\/medidata","title":{"rendered":"Medidata"},"content":{"rendered":"\n
<\/div>\n\n\n\n

Challenge<\/h3>\n\n\n\n

Medidata needed insight into the security posture of its systems and be able to spot potential indicators of attacks from within its on-premises systems and cloud services, so that it could stop attacks as quickly as possible and be able to substantiate its high level of security to its clients.<\/p>\n\n\n\n

<\/div>\n\n\n
<\/div>
\u201cSumo Logic has helped us effectively manage our hybrid infrastructure and accelerate innovation.\n\u201d<\/div><\/div>

Glenn Watt, CISO<\/p><\/div>

\"Glenn<\/a><\/div><\/div><\/div><\/div><\/div>\n\n\n
<\/div>\n\n\n\n

Results<\/h3>\n\n\n\n

Medidata logs more than 2 terabytes of system event data each month. With Sumo Logic, Medidata has the same level of security visibility into cloud systems as on-premise systems. Now Medidata can proactively resolve security incidents that would have otherwise gone undetected.<\/p>\n\n\n\n

<\/div>\n\n\n\n

\u201cSumo Logic has helped us effectively manage our hybrid infrastructure and accelerate innovation. Now we can collect logs from both our onpremise data center as well as our cloud applications, make sense of it and take action in real-time, and that\u2019s really the golden nugget.\u201d Glenn Watt, CISO, Medidata<\/p>\n\n\n\n

In this way, the Medidata Clinical Cloud helps life science organizations reduce their risks associated with clinical trials and improve outcomes, all while lowering their costs and the amount of time to completion. Medidata\u2019s customer base spans biopharmaceutical companies, medical device and diagnostic companies, academic and government institutions, contract research organizations, and other research organizations, 24 of the top 25 global pharmaceutical companies that are developing life-enhancing medical treatments and diagnostics.<\/p>\n\n\n\n

Founded in 1999 in New York, with offices now throughout the United States, the United Kingdom, and Japan, Medidata relies heavily on technology to run its business and provides its services. That business technology includes a combination of on-premise data centers and public cloud systems. Today, Medidata\u2019s traditional data center in Houston, Texas, runs a number of on-premises applications that are core to its business such as its platform host Electronic Data Capture, and Safety Gateway which identifies potentially serious adverse effects in a clinical trial and contains the largest storehouse of Medidata\u2019s information. \u201cThat data center is very important and it\u2019s very large, but the rest of the applications Medidata relies on run within Amazon Web Services (AWS),\u201d says Glenn Watt, CISO at Medidata.<\/p>\n\n\n\n

The need for transparency and insight<\/h4>\n\n\n\n

To protect its systems and data, Medidata had put into place a mature security program with numerous security controls and processes within its physical data center, as well as utilizing the security features provided by AWS, such as AWS security groups. In addition to those existing efforts to secure its on-premises and cloud systems, Medidata needed to improve its level of transparency into security events on its systems, help substantiate its high level of security diligence to clients, prevent data leakage, and be able to analyze attacks in near real-time.<\/p>\n\n\n\n

What Watt needed to achieve was the ability to analyze Medidata\u2019s log and system files for events that would indicate something could be going awry or an attack was underway. The team needed to do so without having to depend upon outdated signature-based or intrusion detection systems that issue countless false positives when tuned too tightly, or miss incidents altogether when tuned too loosely. \u201cWe\u2019re generating just under two terabytes a month of log files. No one can realistically go through all of that data and identify the correlations necessary to spot attacks, and that\u2019s why we needed a strong security data analytics capability,\u201d Watt says.<\/p>\n\n\n\n

Additionally, that capability would go a long way to help alleviate the concerns of some of Medidata\u2019s customers about so much of their business operating within the cloud. Because of the nature of the data and the increased amount of third-party vetting and due diligence today, a number of Medidata\u2019s clients question Medidata when it comes to how they secure their cloud-based systems. \u201cFrom our customers\u2019 perspective, the first thing they see is that we have considerable operations in the cloud. Some are very skeptical that as there\u2019s an inherent fear of the cloud and the fact that it may not be secure. And that data may be vulnerable and at worst, perhaps manipulation of the data,\u201d Watt says.<\/p>\n\n\n\n

To find the right solution, Watt originally evaluated the top SIEMs and a number of security data analytics tools available on the market. Unfortunately, very few would work both on-premises and within AWS and many even required equipment to be on-premises. \u201cMy first question to all of the vendors we evaluated was whether or not the system ran within AWS. If it didn\u2019t, it was a five-minute discussion,\u201d Watt says. \u201cBut the solution had to do more than work within AWS; it had to also work in our data center, and I wanted a solution that did not require any additional hardware or software.\u201d<\/p>\n\n\n\n

The move to Sumo Logic<\/h4>\n\n\n\n

After careful evaluation, Medidata realized they could accomplish this with a cloud-native data analytics solution and chose Sumo Logic. Sumo Logic delivers real-time, continuous intelligence across Medidata\u2019s entire infrastructure and application stack, and provided Medidata with a solution that helps it to automatically generate auditready compliance reports from both its on-premises and AWS event logs. Sumo Logic also provides Medidata a way to simplify cloud and on-premises audits and strengthen its security posture with a composite view across the network, server, and application stack.<\/p>\n\n\n\n

Additionally, predictive analytics powered by machine learning algorithms uncovers unknown security events without relying on rules or predefined schemas to ward off impending threats. Watt was pleased with the smooth Sumo Logic implementation. \u201cIt took literally minutes to get up and running,\u201d he says. \u201cOur engineers worked with the Sumo Logic engineering team and within 20 minutes it was done, and it\u2019s remained that easy. From our first report, we were able to get actionable information that has been extremely valuable on a daily basis.\u201d<\/p>\n\n\n\n

Seeing only what matters<\/h4>\n\n\n\n

With nearly two terabytes of log data being generated a month, Watt needed a way to rapidly separate what mattered from what didn\u2019t. \u201cSumo Logic does that exceptionally well; no question about that. Before Sumo Logic, we didn\u2019t even know what we didn\u2019t know, so things were going on and there were threats that were presenting themselves at our front door that we were unaware of. With Sumo Logic, it\u2019s like somebody took the blindfold off, and we could see what was potentially impacting our business,\u201d Watt says.<\/p>\n\n\n\n

Sumo Logic also has helped Watt to demonstrate Medidata\u2019s high level of data security and its ability to respond to incidents. \u201cWe have customers who have to know what we are doing when it comes to our security efforts. They need proof, and with the reports that Sumo Logic provides, that is made possible. With Sumo Logic, Medidata can now more easily substantiate its security efforts and have visibility into events on AWS as well as the ability to identify any potential suspicious traffic that may arise. Also, that same reporting helps Medidata comply with CFR Part 11 from the Food and Drug Administration, which mandates numerous cybersecurity regulatory requirements that Medidata must meet.<\/p>\n\n\n\n

Spotting attacks in real time<\/h4>\n\n\n\n

It\u2019s not just about regulatory compliance and monitoring for the sake of monitoring and compliance and customer assertions; Sumo Logic also provides actionable security information and has successfully blocked attacks that were underway. \u201cLate one night, Sumo Logic triggered an alert on what appeared to be an attack coming in against our servers. We were notified and within minutes and concluded that it looked like an attack and we blocked the source,\u201d recalls Watt.<\/p>\n\n\n\n

Sumo Logic provided Medidata the insight it needed to identify the root source of that apparent attack within minutes. The apparent attack was coming from a client\u2019s server. Watt reached out to the client over the phone, thinking that what was being observed could have been an attack underway, or a false positive. Either way, it was crucial that the client be informed. However, the client informed Watt that it had been conducting a penetration test that weekend.<\/p>\n\n\n\n

\u201cSomebody entered something incorrectly during the penetration test, so not only did they attack their own servers during the attack, but also a server that Medidata was using with the client. I told them that we picked up an attack, and that we stopped it within minutes, and that\u2019s what we\u2019re going to do every time we see something,\u201d Watt says. \u201cThey were knocked off their socks. They couldn\u2019t believe that we were able to react that swiftly, and that we were protecting them at that level. And we could not have done it without Sumo Logic,\u201d he says.<\/p>\n\n\n\n

\u201cOur move to Sumo Logic has been a great success in every aspect. We can see what we need to see in both our physical data center and within Amazon Web Services. Sumo Logic helps us to substantiate what our customers need to know about our security program; there are potentially a lot of attacks and activities that are unknown to us and Sumo Logic helps us to now see that activity,\u201d Watt says.<\/p>\n\n\n\n

<\/div>\n\n\n\n
\n
\n
\n

\u201cWe can collect logs from both our on-premise data center as well as our cloud applications, make sense of it and take action in real-time, and that\u2019s really the golden nugget.\u201d<\/em><\/em><\/strong><\/p>\n\n\n\n

\u2014Glenn Watt, CISO<\/strong><\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n

<\/div>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Read this case study to find out how Sumo Logic has helped Medidata to gain better visibility, solving its problem with security analytics.<\/p>\n","protected":false},"author":4,"featured_media":58189,"template":"","meta":{"_acf_changed":true,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"6","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"resource-type":[29],"resource-solution":[56,45],"translation_priority":[221]},"selected_primary_terms":{"resource-type":[],"resource-solution":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"3185,3180,3170","_relevanssi_noindex_reason":"","inline_featured_image":false},"resource-type":[29],"resource-solution":[45,56],"class_list":["post-12482","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource-type-case-studies","resource-solution-case-study","resource-solution-secops-and-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource\/12482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/58189"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=12482"}],"wp:term":[{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-type?post=12482"},{"taxonomy":"resource-solution","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-solution?post=12482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}