The Secure Research Environment (SRE) is a Population Data BC service for Researchers who access data through PopData. The SRE provides a central location for access to and processing of research data, secure storage and backup of data extracts and free software for data analysis.
The SRE is a secure private cloud accessible only via an encrypted Virtual Private Network (VPN) through a firewall and use of a YubiKey® token for authentication. With PopData providing Researchers with a safe and secure alternative to storing the data extract themselves, they may rest assured that the Data Stewards' requirements for security standards are being met and that the risk of unauthorized access to privacy sensitive data is minimized.
SRE security features
- Protected by a firewall. No access to Internet is permitted within the SRE.
- Researchers connect using encrypted VPN (Virtual Private Network) client software, ensuring privacy of the connection
- Rather than relying on insecure passwords, authentication uses Yubikey™ tokens which provide two factor authentication (something you have; the token, and something you know; the passphrase)
- All data are stored on encrypted disks
- Each project is partitioned — users see only their own project data.
- Geographic restrictions are possible for projects (e.g. access only from within Canada)
- Import/export restrictions are configurable on a per-project basis
- All machines run anti-virus software
- Continuous monitoring of all systems, network, and imports/exports
SRE Researcher features
- Access to over 60 well-provisioned virtual machines.
- Additional high-capacity machines offer greater speed and memory for long running jobs.
- A large suite of analytical software.
- Worry free management of data backup, antivirus protection, and other related computer maintenance
- Remote access from any computer or operating system
- Ability to share data and code between project members within the SRE
SRE General features
- Regular daily backup of all data (plus encrypted offsite backups).
- All data is stored on fast SSD (solid state disk) based storage
- Central administration means that accounts and/or projects can be disabled or suspended at project closure, ethics expiry, or in the event of a privacy incident.
- Redundant and fault tolerant systems maintain greater than 99.9% uptime.