For help in creating a request for AWS Cloud Services or VM hosting, please contact Research Technologies at UIS-RT@georgetown.edu
Study data and databases are saved in secure storage, either hosted in virtual private cloud provisioned by University Information Services, on public cloud such as Amazon Web Service, or at the UIS Data Center. Both infrastructures provide researchers with secure compute, storage, and network environments to conduct research and share findings on public facing websites. This newly adopted hybrid IT infrastructure gives GU researchers access to the latest technology and more compute power in a secure and cost-efficient manner. For added security, SSH access to remote servers and networked systems on campus is only possible through the Georgetown University VPN. Box is also available for secure, encrypted collaborative file sharing in the cloud. It provides secure storage for HIPAA/PHI data as well as encrypted data transmission during data transfer on the Internet enabling uses access files from any available computer with a web browser and Internet connection.
Georgetown University’s collaboration with Amazon Web Services (AWS) provides a highly secure and scalable environment for production hosting of enterprise applications and data. Through The use of both electronic and physical security measures access to these sites are strictly controlled and monitored. Several layers of electronic measures, including two factor authentication. perimeter firewalls or AWS security groups protect all cloud and networked systems within and beyond the data center and IDS systems. All system access is granted via a centralized authentication system within the University, which is strictly monitored and updated. Additionally, all systems within the data center must pass an architectural security review prior to entering service.
Physical Security of a Computer on a Network: We secure any computer on which sensitive data resides in a locked room, or secure the computer to a table with a lock and cable.
Controlling Access to the Data: We restrict access to sensitive data to project personnel using the security features available via the operating system, as well as require strong passwords and multifactor authentication (MFA). We also use Administrative Tools, Local Security Policy to enable password complexity, and password-protect screen saver and activate after three minutes of inactivity. Depending on the nature of the research, we have the capacity to install encryption software for directories containing secure data. It is also common to configure analysis software to point temporary work files to an encrypted sensitive data directory. At the workstation-level, we install and periodically run a secure erasure program. This program is run monthly and after the secure data has been removed from the computer at the end of the study period, and we do not copy or move sensitive data out of the secured directory for any reason.
- Components of a Data Management Plan
- Identify data types from project and how they will be disseminated.
- URL = lab website
- URL= data records website
- Data type
- Where Deposited
- By Whom
- Sharing of Results and Management of Intellectual Property
- IP issues (restrictions) related to the use of any of the materials.
- Distribution of resources requiring protection of Intellectual Property
- Making the public aware of new resources