Design choices for productive, secure, data-intensive research at scale in the cloud
This work addresses the challenge of balancing security and productivity for research organizations conducting data-intensive projects in the cloud, though it appears incremental as it builds on existing threat profiles and design patterns.
The authors tackled the problem of enabling secure and productive data science research at scale in the cloud by developing a framework that categorizes data sensitivity into five tiers and specifies corresponding security policies. This approach allows for the instantiation of tailored, secure research environments for each project, aiming to maximize productivity and minimize risk.
We present a policy and process framework for secure environments for productive data science research projects at scale, by combining prevailing data security threat and risk profiles into five sensitivity tiers, and, at each tier, specifying recommended policies for data classification, data ingress, software ingress, data egress, user access, user device control, and analysis environments. By presenting design patterns for security choices for each tier, and using software defined infrastructure so that a different, independent, secure research environment can be instantiated for each project appropriate to its classification, we hope to maximise researcher productivity and minimise risk, allowing research organisations to operate with confidence.