Protecting sensitive research data and meeting researchers needs: Duke University's Protected Network

TL;DR

Duke University's Protected Network provides a secure, flexible environment for research involving sensitive data, supporting numerous projects through virtualization, strict controls, and tailored infrastructure since 2011.

Contribution

This paper details the design, implementation, and organizational features of Duke's Protected Network, a novel secure research environment for sensitive data handling.

Findings

Supported about 200 research projects since 2011

Utilizes virtualization and authorization groups for data isolation

Provides a flexible, secure platform for diverse research needs

Abstract

Research use of sensitive information -- personally identifiable information (PII), protected health information (PHI), commercial or proprietary data, and the like -- is increasing as researchers' skill with "big data" matures. Duke University's Protected Network is an environment with technical controls in place that provide research groups with essential pieces of security measures needed for studies using sensitive information. The environment uses virtualization and authorization groups extensively to isolate data, provide elasticity of resources, and flexibly meet a range of computational requirements within tightly controlled network boundaries. Since its beginning in 2011, the environment has supported about 200 research projects and groups and has served as a foundation for specialized and protected IT infrastructures in the social sciences, population studies, and medical research. This article lays out key features of the development of the Protected Network and outlines the IT infrastructure design and organizational features that Duke has used in establishing this resource for researchers. It consists of four sections: 1. Context, 2. Infrastructure, 3. Authentication and identity management, and 4. The infrastructure as a "platform."