By RCC Director Professor David Abramson
Sensitive research data is becoming more important, and RCC is exploring how we can provide greater protection for UQ’s data stores.
Currently, all research data (including UQ Research Data Manager collections annotated with the Q descriptor) stored on RCC infrastructure are protected in multiple ways.
Physically, they are stored on computers housed in the Polaris [Tier 3] Data Centre, which has enormous physical security. This means it is highly unlikely data can be physically removed from the site.
Over and above this, RCC protects all data with password-level protection that ties back to a central authentication provider (the Australian Access Federation) and UQ’s own single sign on (SSO) platforms, meaning unauthorised access is unlikely unless the password has been compromised.
Further, Q collections mounted on RCC systems are similarly protected by passwords and secure keys (public/private key interchange).
While users can take a further step of manually encrypting their data, this can be complicated and requires additional steps. It also requires users to encrypt and unencrypt data on demand, and to keep track of keys and passwords.
RCC is currently exploring methods of automatically encrypting data “at rest”. This means that certain collections can be tagged as secure when they are created, and UQ’s MeDiCI data fabric can encrypt the data at rest on the disk. When mounted on a RCC high-performance computer, data can then be unencrypted automatically using a series of secure key management systems.
While normal password-level protection is sufficient for most data collections, we are currently experimenting with this automatic encryption system, based on IBM Spectrum Scale, the software that underpins MeDiCI.
The new service would apply to any secure collections tagged as Q, which means they are also available automatically on all RCC high-performance computing systems.
Coupled with UQ’s multi-factor-authentication initiative, these combined approaches bring further assurance, diligence and robustness to the safety and security of research data at UQ.
