Research Data Management at UF: Security

ResearchVault is a secure computing environment where scientists and collaborators can conduct research on restricted and confidential data.  Researchers can:

• Securely store restricted data like electronic protected health information (ePHI)
• Store and work with larger data sets than is possible on a regular workstation
• Perform work on stored data sets with familiar software tools running on virtual machines located in the UF data center
• Concurrently run more programs than on a regular workstation
• Display work results on a graphical interface that is securely transmitted to remote devices such as desktops, laptops, or iPads
• Work collaboratively with other researchers on the same data sets using different workstations

File-Express allows any individuals with UF Gatorlink accounts to securely exchange files that may be too large, or otherwise blocked by traditional e-mail methods. Using a secure server and the Gatorlink Authentication system, users can easily share files with members of both the UF and Non-UF community.

Maximum single file size: 5GB

Default expiration length: 1 day(s)

Maximum expiration length: 5 day(s)

All mobile computing and storage devices, regardless of ownership, must have all storage encrypted. UF has a policy requiring that mobile devices have encryption and passwords and comply with all security requirements applied to UF desktop computers.

UF Office of Information Security Its website contains information on resources, security policies and standards, services, how to report a security incident, among other resources.

UF IT Data Security Standard UF policy on data security. It includes data roles and responsibilities, data classifications in terms of security, and procedures    

The UF Privacy Office is dedicated to preventing unauthorized access to information (collected in all formats: on paper, electronically, and verbally)  and to ensure the appropriate use of information by putting in place  physical, electronic, and managerial safeguards.

When managing research data, three levels of security have to be considered:

Physical data security: controlling access to rooms and buildings where data, computers or media are held; transporting sensitive data only under exceptional circumstances

Network data security: sensitive or critical data should not be stored on servers or computers connected to an external network, particularly servers that host internet services. Use of firewall protection and upgrades and patches to operating systems to avoid viruses and malicious code.

Security of computer systems and files: locking computer systems with a password; implementing password protection of, and controlled access to, data files, e.g. no access, read only, read and write or administrator-only permission; encryption; not sending personal or confidential data via email, etc.

From: Veerle Van den Eynden, Louise Corti, Matthew Woollard, Libby Bishop and Laurence Horton (2011) Managing and sharing data: best practive for researchers. UK Data Archive, University of Essex, Essex, UK

Measures used to minimize the risk of breaching the confidentiality of data include the following:

• Mandatory agreements to maintain confidentiality
• Data encryption
• Electronic firewalls and locked storage facilities,
• Password authentication of users
• Disaster prevention and recovery plans
• Security measures for backup tapes

From: Data Sharing Workbook, NIH, 2004