Protecting sensitive research data and meeting researchers needs: Duke University's Protected Network
This addresses the need for secure data handling in research, particularly for sensitive information like PII and PHI, but is an incremental solution building on existing virtualization and authorization technologies.
Duke University developed the Protected Network, a secure IT environment using virtualization and authorization groups to support research with sensitive data, which has been used by about 200 projects since 2011.
Research use of sensitive information -- personally identifiable information (PII), protected health information (PHI), commercial or proprietary data, and the like -- is increasing as researchers' skill with "big data" matures. Duke University's Protected Network is an environment with technical controls in place that provide research groups with essential pieces of security measures needed for studies using sensitive information. The environment uses virtualization and authorization groups extensively to isolate data, provide elasticity of resources, and flexibly meet a range of computational requirements within tightly controlled network boundaries. Since its beginning in 2011, the environment has supported about 200 research projects and groups and has served as a foundation for specialized and protected IT infrastructures in the social sciences, population studies, and medical research. This article lays out key features of the development of the Protected Network and outlines the IT infrastructure design and organizational features that Duke has used in establishing this resource for researchers. It consists of four sections: 1. Context, 2. Infrastructure, 3. Authentication and identity management, and 4. The infrastructure as a "platform."