Security
Tag.bio runs within your secure network

Built with security in mind
The Tag.bio platform is hosted entirely within your network and your cloud. Source data storage and access is tightly controlled in your secure environment.
Data Flow
Full control over your data
Your data stays within your secure network. It’s imported to the Tag.bio cluster and securely transmitted to Tag.bio Analysis Platform and Developer Studio via SSL.
Ingestion of source data (AWS example)
The Tag.bio Analysis Platform will ingest the source data from the databases already in place. The data is transformed into the Tag.bio format and stored on the EFS volume which is encrypted via AWS KMS. Periodic backups will transfer the data in Tag.bio format to the Tag.bio S3 bucket. The bucket is encrypted via AWS KMS. All data transfers are encrypted via TLS.
Tag.bio cluster (AWS example)
AWS EC2 instances run the Tag.bio Analysis Platform. It connects to your data, imports and indexes it, and provides query results to the Tag.bio Analysis Platform via SSL.
Git Server & Backups
Git server
Tag.bio data products are defined in JSON source code and stored in your git server. When a developer pushes changes to your git repository, your git server triggers (via a webhook) the Tag.bio cluster to pull the changes and deploy them.
Backup capabilities
The Tag.bio cluster backs up its configuration and user-generated data daily.
Isolated Environment
Limited internet exposure
You do not need to expose the Tag.bio Analysis Platform outside of your private networks, and you can use your VPNs or IP whitelisting to limit Internet exposure of your environment.
Limited internet access
Create a compliant analytics workspace within your secure, private network. The Tag.bio cluster only makes outbound requests to the internet to download application software from Tag.bio and ancillary open source components from hosts such as the Docker Registry.
Secure Access
Tag.bio Analysis Platform access
End-users are authenticated through your SSO, and use the Tag.bio Analysis Platform and API protected with HTTPS/TLS 1.2. The Tag.bio Analysis Platform uses an Oauth Bearer token and the SDK uses an API key over HTTPS Basic Authentication. Access to sites, data products, and analysis apps are defined in the admin area of the Tag.bio Analysis Platform.
Data and analytics access
Since your end-users can only access the Tag.bio Analysis Platform using SSO, they can be limited to what data products and analysis apps they can see.
Analysis history
All of the analysis activities, such as analysis results and cohorts, are automatically saved to your end-user’s account. This means that you retain their analysis history even when they transition out of your team.
Development Studio
Integrate a secure Jupyter hub environment to the Tag.bio Analysis Platform in your security private network. Your developers then use secure API keys to access the data, which are tied to your SSO user authorizations and privileges.
Admin Functions
Your Analysis Platform Administrator
Your designated site administrators can add your SSO users to Tag.bio Analysis Platform and datasets, and determine what analysis protocols they’re allowed to run.
Tag.Bio Deployment Administration
You can authorize a tag.bio systems administrator to deploy, upgrade, monitor, and troubleshoot the Tag.bio Analysis Platform running in your network. The Tag.bio administrator will use network and cloud credentials that you issue and manage. The platform can be deployed on your standard system images according to your organization’s policy.