Protecting sensitive research data and meeting researchers needs: Duke University's Protected Network

Research use of sensitive information – personally identifiable information (PII), protected health information (PHI), commercial or proprietary data, and the like – is increasing as researchers’ skill with “big data” matures. Duke University’s Protected Network is an environment with technical controls in place that provide research groups with essential pieces of security measures needed for studies using sensitive information. The environment uses virtualization and authorization groups extensively to isolate data, provide elasticity of resources, and flexibly meet a range of computational requirements within tightly controlled network boundaries. Since its beginning in 2011, the environment has supported about 200 research projects and groups and has served as a foundation for specialized and protected IT infrastructures in the social sciences, population studies, and medical research. This article lays out key features of the development of the Protected Network and outlines the IT infrastructure design and organizational features that Duke has used in establishing this resource for researchers. It consists of four sections: 1. Context, 2. Infrastructure, 3. Authentication and identity management, and 4. The infrastructure as a “platform.” * Mark R. DeLong is Director of Research Computing, Office of Information Technology, Duke University, 334 Blackwell Street, Durham, NC 27701 (email: [email protected]); Andy Ingham is Senior IT Analyst, Office of Information Technology, Duke University, 334 Blackwell Street, Durham, NC, 27701 (email: [email protected]); Robert Carter is IT Consultant, Identity Management, Office of Information Technology, Duke University, 334 Blackweel Street, Durham, NC 27701 (email: [email protected]); Rachel Franke is Associate Director, Research Data Security, Social Science Research Institute, Duke University, Campus Box 90989, Durham NC 27708 (email [email protected]); Michael Wehrle is Analyst Programmer II, Social Science Research Institute, Duke University, Campus Box 90989, Durham NC 27708 (email: [email protected]); Richard Biever is Chief Information Security Officer, Duke University, 334 Blackwell Street, Durham, NC 27701 ([email protected]); Charley Kneifel is Senior Technical Director, Office of Information Technology, Duke University, 334 Blackwell Street, Durham, NC 27701 (email: [email protected]). Research and products reported in this article were supported by NSF grants ACI1246042, CNS-1243315, ACI-1440588, and ACI-1443014.