University researchers will have access to a new, customizable environment specifically designed for research involving high-risk and sensitive data starting Wednesday (Feb. 18).
The Secure University Research Environment (SURE) is HIPAA-compliant and available to all WVU researchers for new projects.
This Microsoft Azure-based environment improves security and increases flexibility for researchers who need to store and work with regulated data deemed “sensitive” by the University. Built by Information Technology Services, SURE is designed to help keep data secure while allowing researchers to focus on what they do best — research.
The hub-and-spoke design of SURE has several key benefits:
Risk reduction. With sensitive or high-risk data contained in separate, secure spokes, damage from a ransomware attack or other cybersecurity incident is reduced in general. Should an incident occur at all, damage would be limited to the targeted spoke. Data exfiltration is controlled by an “airlock” process that requires a data approver to sign off.
Flexibility. Researchers could start with a standard set of virtual machines, data storage and a standard list of software in each “spoke,” along with the ability to customize the environment to meet their unique project needs.
The initial release will support Windows-only VMs, with Linux options to be added soon. ITS will manage the environment, including the operating system. Future plans are to allow researchers to bring their own operating system, provided they are willing to administer the system safely and securely. This would include accepting responsibility for any problems that arise.
Costs for using SURE will be split between the PI/department and ITS, so PIs will need to budget for this service with new projects. ITS does not have the capacity to move existing projects to SURE. For a consultation about SURE and to obtain a pricing estimate, contact ITS Research Services. WVU Login credentials are required.
While use of SURE is not required, all WVU research data must be stored on approved enterprise solutions. Independently purchased and managed systems create inconsistent approaches to data protection and can put intellectual property at WVU at risk.