Research Data and Secure Storage Options

Research Data and Secure Storage Options

Research Data and Secure Storage Options Ashok Mudgapalli, MS, Ph.D. Director of Research IT Office (RITO) Agenda I. UNMC Data Classification II. Research Data Storage Options III. UNMC Box IV. UNMC Box Security V. Contacts and Resources VI.Q&A How do I classify my Research Data? 1 Public Data 2 Private / Confidential Data

3 Secure DoD Data 4 VA Data Public Data Definition Examples Password Protection Data Transfer Data if lost poses little to no risk to the University or you. Public policies and procedures manuals, Campus maps, Job postings, Non-private University contact information, press releases, course information, published research results No password protection required. These data can be transferred in any manner at the owners risk, but Internet, USB, data sharing sites all OK. Cloud / Premise Server storage is recommended, but not required, and password protection Server Storage recommended to prevent inappropriate or unauthorized modification of information. Publicly exposed documents should be read only category

Cloud / External No protection requirements required. Storage Workstation No protection requirements required. However, the computer should be encrypted as and Laptop per UNMC policy 6051. Storage Removable / No protection requirements required. However, the media should be encrypted as per Portable Media UNMC policy 6051. Storage Disaster Should be backed up in a separate location to prevent loss. Recovery Remote Access No password required. Private / Confidential Data Definition Unauthorized disclosure, alteration or destruction could result in a significant risk to you, research subjects, patients, or students and/or the University or its employees or its affiliates. Examples I. Student Records, non-public research data, employment or admission applications, personnel files, individual benefits information, birth date, and personal contact information, Donor contact information and non-public gift amounts, Privileged attorneyclient communications, Non-public policies, UNMC internal memos and email, budgets, plans, and financial information, contracts, University and employee ID numbers. II. All Protected Health Information (PHI) which includes any of the following: 1. Patient Names

2. All geographical subdivisions smaller than a State (e.g., street address, city, county, precinct, zip code) 3. Date other than year directly related to an individual (birth, admission , discharge, or death date); or age over 89 unless aggregated as 90 or older 4. Phone or FAX number 5. E-mail or Internet Protocol (IP) addresses, or Web Universal Resource Locators (URLs) 6. Social Security, Medical record, or Health plan beneficiary numbers 7. Account, or Certificate/license numbers 8. Vehicle identifiers and serial numbers, including license plate numbers 9. Device identifiers or serial number 10. Biometric identifiers, including finger and voice prints 11. Full face photographic images and any comparable images; or 12. Any other unique identifying number (e.g., Passport or visa numbers Private / Confidential Data Continue Examples III. Export controlled information under U.S. laws; Data protected by state or federal regulations; and/or Data protected by confidentiality agreements Password Limited to those permitted under law, regulation and policies, and on a need to know Protection basis. At least one physical (e.g., locked room and /or card access) or electronic barrier (e.g., software- and/or hardware-based firewalls) should be in place when not under direct individual control of an authorized user. Data Transfer Encryption and/or password protection required to transmit information through a

network. Use UNMC email services to transfer confidential information within the network and to external entities. Transfer should be encrypted if sent over the Internet, or university-approved resources (e.g., Box or SharePoint). Cloud / Server storage is highly recommended unless otherwise stated by law, regulation, Premise contract, or other agreement. Server security must follow internal and external Server Storage requirements including physical and logical access protection. Workstation and Laptop Storage Data if stored on a workstation or laptop must follow internal and external requirements including physical and password protection. It is recommended that these data be placed in a folder with additional password or encryption. Removable / Encrypted external hard drive or other university approved resources (e.g., Box) but not Portable USB or other portable devices should be used unless otherwise agreed upon by law, Media Storage regulation, contract, or other agreement. Removable and portable media must be encrypted and contain a layer of logical and physical access protection unless under the direct use of authorized individuals. Disaster All Private/Confidential Data should be backed up on a server in a separate physical Recovery location that contains similar logical and physical security controls in place.

Remote Requires VPN secure remote access. Access Secure DoD Data Definition Unauthorized disclosure, alteration or destruction of these data could cause a significant level of risk to the United States, University or other partners . Security controls should be applied as defined by the level of security of the data. Examples Non-public information provided to a contractor, Information developed during the course of a DoD contract, grant, or other legal agreement, Privileged information contained in transactions, Military Health System Information, data protected by state or federal privacy regulations and data protected by confidentiality agreements, or other sensitive information that does is not include in the Private/Confidential data type . Password Protection Access is limited to those permitted under law, regulation, and policies, and on a need to know basis. Access defined by the defined level of security. Data Transfer

Defined by level of DoD security classification but may require special military-grade encryption or information security protocols. Cloud / Premise Defined by level of DoD security classification but may require special military-grade Server Storage encryption or information security protocols. DoD classified information needs to be stored separately on devices accessible to only those approved to access. Degree of security as defined but may require special militarygrade encryption or information security protocols. Removable / Removable and/or portable media storage is not allowed. If need to be used, UNMC Portable Media recommended encryption, access control and password protection need to be applied. Workstation and Laptop Storage Storage Cloud / External Cloud or external third party storage is prohibited. Storage Disaster All DoD classified information must be backed up according to law, regulation, contract, Recovery or other agreement. Remote Access Remote access via the UNMC VPN utilizing two factor authentication is allowed.

Definition Examples VA Data Unauthorized disclosure, alteration or destruction could result in a significant risk to you, research subjects, patients, the VA or its employees or its affiliates. I. Non-public research data, personnel files, internal memos and email, budgets, plans, and financial information, contracts. II. All Protected Health Information (PHI) III. Private Personal Information (PPI) Limited to those permitted under law, regulation and policies, and on a need to know basis. At least one physical (e.g., locked room and /or card access) or electronic barrier (e.g., software- and/or hardware-based firewalls) should be in place when not under direct individual control of an authorized user. Data Transfer Encryption and/or password protection required to transmit information through a network. Use UNMC email services to transfer confidential information within the network and to external entities. Transfer should be encrypted if sent over the Internet. Cloud / Premise Must be on VA servers. Password Protection Server Storage Workstation Data if stored on a workstation or laptop must follow internal and external requirements

and Laptop including physical and password protection. It is recommended that these data be Storage backed-up on VA servers. Removable / Removable and portable media must be VA approved, encrypted, and Federal Portable Media Information Processing Standard Publication (FIPS PUB) 140-2 compliant. Storage Cloud / External Cloud or external third party storage is prohibited. Storage Disaster All Private/Confidential Data should be backed up on a server in a separate Recovery physical location that contains similar logical and physical security controls in place. Remote Access Requires VA VPN secure remote access. Research Data Storage Options I. Enterprise Storage (PHI) II. Archival Storage (PHI) III. BOX Cloud Storage (PHI) IV. Storage at Peter Kiewit Institute (non-PHI) V. Attic Storage (non-PHI at PKI) VI.XSEDE Supercomputer facility storage (non-PHI)

II. Research Data Storage - Local Storage Option Can protect PHI? Cost/year Suitable for Comments Enterprise (on site) Yes $499/TB Daily or more frequent access More robust and

dynamic environment, Automatic Replication and weekly backup Enterprise Archive (on site) Yes $100/TB Long term No backup or replication storage $250 / TB ($105 / TB if no replication and backup) Daily or more frequent access Holland Computing No (nonCenter , Omaha PHI only)

Department /College/Unit server (if available) Yes or No Limited by Daily or departmental more server capacity frequent access Automatic backup / replication if desired Reserved for active small research datasets; folders with PHI should be password protected; Automatic backup/ no replication II. Research Data Storage in Cloud Storage Option BOX Cloud (Enterprise Grade)

OneDrive for Business Can protect PHI? Yes Cost/year Suitable for Comments $420 flat fee unlimited space for data that can be accessed regularly Daily or more frequent

access Automatic backup / replication, Each file must be =< 15 GB size. 90 days of worth of deleted files available. Yes Free (no cost) Daily or more frequent access Offered by UNMC ITS (Microsoft 365 solution). Contact ITS Help Desk for more information. II. Research Data Storage Off Site Storage Option Can

protect PHI? XSEDE (NSF funded No infrastructure across USA). Not a Cloud Third party vendor No storage solutions, Dropbox, Amazon Cloud, Google docs Cost/year Suitable for Comments Free Daily or more frequent access Daily or more

frequent access No Backup or Replication, Should be reserved for high computing jobs. Annual renewal is needed. NOT RECOMMENDED for any research data storage because no Business Associate Agreement with UNMC nor may not be HIPAA certified Negotiated *Replication: Creates a copy of the file (live) at remote location **Backup: Backup files point in time to remote location UNMC Box Security (Info from Box security team) Secure data centers: User data is stored on enterprisegrade servers that undergo regular audits and are monitored 24/7 Redundancy: Files are backed up daily to additional facilities

All files uploaded to Box are encrypted at rest using 256bit AES encryption For files in transit, AES 256 is a supported cipher, however Box default to use RC4-128 encryption. Box do this to mitigate a known vulnerability in SSL called the BEAST attack, which an attacker could use to hijack someone's web session when other ciphers (including AES 256) are used. 128 bit encryption is currently considered safe and secure for data in transit UNMC paid users should use their UNMC NET ID and password to log into Box UNMC Box Security (Info from Box security team) Box is SAS70 Type II and Safe Harbor certified, ISO27001 certified (globally recognized security standard) and supports RC4 encryption Disaster Recovery Box physical infrastructure is designed not only for disaster recovery, but true disaster avoidance, building in advanced measures for N+1 redundancy for all components, geographical diversity, physical security, and environmental controls. Access to systems are monitored around the clock by onsite monitoring and guards, and access to cages are restricted to only top-level clearance Box employees,

managed by keys and biometric scanning Whos Who RITO PERSONNEL Ashok Mudgapalli, MS, Ph.D. Role Director of Research IT Phone 559-9072 Contact Email [email protected] Mike Gleason, Ph.D. Programmer Analyst III 559-9088 [email protected]

Praveen Reddy, MS Programmer Analyst II 559-3821 [email protected] Leela Krishna Golla, MS Programmer Analyst II 559-4838 [email protected] Mike Zietz, BS Programmer Analyst II 559-4857

[email protected] Chanikya Gopisetty, Programmer MS Analyst 559-4878 [email protected] Resources Research IT Office web site (http://www.unmc.edu/vcr/rito/index.html) UNMC BOX Cloud Storage (https://app.box.com/login/) ITS OneDrive for Business Cloud (http://www.unmc.edu/its/onedrive.htm) XSEDE (Extreme Science and Engineering Discovery Environment) (http://www.xsede.org)

Recently Viewed Presentations

  • Evaluation Of The Locations Of Kentucky&#x27;s Traffic Crash Data

    Evaluation Of The Locations Of Kentucky's Traffic Crash Data

    Evaluation Of The Locations Of Kentucky's Traffic Crash Data. Eric Green, GISP, MSCE, PE. ... Eric Green, M.S.C.E, ... Evaluation Of The Locations Of Kentucky's Traffic Crash Data Last modified by: Eric Green
  • www.wardworks.com

    www.wardworks.com

    Authentication & Authorization of SharePoint IIS and SmartCards Implementation Considerations and Pitfalls Dan Usher MCP, MCTS, Security+ SharePoint Architect and Implementation / Deployment Engineer UVA - BS Physics Joel Ward MCP, MCAD Solutions Developer and Architect Penn State - BA...
  • Research Group Overview - Stanford University

    Research Group Overview - Stanford University

    Tutorial Outline/Schedule Multiuser Basics Digital Subscriber Lines (DSL) Wireless LAN Ethernet-like (VDSL) Digital Audio Broadcasting DAB coverage map Digital Video Broadcasting DVB adoption Brief Mutlicarrier Modulation Review (single user) Multitone: DMT Loading Basics (SINGLE USER) DMT Uses OFDM - no...
  • Objects First With Java - Chapter 7 - School of Computing

    Objects First With Java - Chapter 7 - School of Computing

    Java without BlueJ Java without BlueJ BlueJ is an Integrated Development Environment (IDE) for Java. BlueJ provides an editor and access to the standard Java compiler and run-time system. Its innovation lies in its capabilities for creating objects and invoking...
  • Explanatory Essay DAY 4 Writing an Introduction Bell

    Explanatory Essay DAY 4 Writing an Introduction Bell

    Many people do not recognize, and in fact, underappreciate street art in today's society. Like any part of human culture, street art goes back historically speaking, includes different types, and serves multiple purposes. Street art is more than just a...
  • Simulating Retinal Images Following Refractive Surgery

    Simulating Retinal Images Following Refractive Surgery

    1866 Research director at Zeiss Optical Works. 1868 Developed apochromatic lenses which further reduce chromatic aberration beyond what an achromat is capable of. 1871 Describes a refractometer for measure index of refraction at various wavelengths. Abbe sine condition describes requirements...
  • Double N Adventures - WordPress.com

    Double N Adventures - WordPress.com

    Cancellations: 50 percent deposit is fully refundable for any cancellations received in 48 hours.. Bad Weather: In case of inclement weather, clients can choose to participate in an indoor training session on the originally scheduled day or reschedule their outdoor...
  • The Quantum Width of a Black Hole Horizon

    The Quantum Width of a Black Hole Horizon

    A global picture of quantum de Sitter space Donald Marolf May 24, 2007 Based on work w/Steve Giddings. Perturbative gravity & dS Framework Matter QFT on dS w/ perturbative gravity Framework (Moncrief, Fischer, Marsden, …Higuchi, Losic & Unruh) Quantum Theory...