Enterprise Data Enterprise Data Decentralized Control, Data Decentralized Control, Data

Security and PrivacySecurity and Privacy

Data EncryptionData EncryptionInformation Sharing/Information Sharing/Protection Protection of Research Dataof Research Data

Next StepsNext Steps

Michael Michael Pickett - DukePickett - Duke

Data Encryption – Some Data Encryption – Some ToolsTools

Linux EncFS AES-128/256 or BlowfishLinux EncFS AES-128/256 or Blowfish http://arg0.net/wiki/encfshttp://arg0.net/wiki/encfs

Mac FileVault – AES-128Mac FileVault – AES-128 http://www.apple.com/macosx/features/http://www.apple.com/macosx/features/

filevault/filevault/ Windows (XP SP1+) Encrypting File Windows (XP SP1+) Encrypting File

System – AES-256 or 3DES System – AES-256 or 3DES http://www.windowsecurity.com/articles/http://www.windowsecurity.com/articles/

Where_Does_EFS_Fit_into_your_Security_PlaWhere_Does_EFS_Fit_into_your_Security_Plan.html n.html

Information Information Sharing/Protection of Sharing/Protection of

Research DataResearch Data

NSB - LONG-LIVED DIGITAL NSB - LONG-LIVED DIGITAL DATA COLLECTIONSDATA COLLECTIONS http://www.nsf.gov/nsb/documents/2005http://www.nsf.gov/nsb/documents/2005

/LLDDC_report.pdf/LLDDC_report.pdf

NSB - LONG-LIVED DIGITAL NSB - LONG-LIVED DIGITAL DATA COLLECTIONSDATA COLLECTIONS

What data do we not want to lose? What data do we not want to lose? Data deemed useful over long period (data Data deemed useful over long period (data

we would desire to migrate across tech we would desire to migrate across tech generations)generations)

Importance defined by peers (e.g. Protein Importance defined by peers (e.g. Protein Data Bank)Data Bank)

Metadata required to make the raw data Metadata required to make the raw data useful and to replicate findings (derived useful and to replicate findings (derived data?)data?)

Are we worried about intruders altering Are we worried about intruders altering data that our researchers collect or use?data that our researchers collect or use?

Current Policy ExamplesCurrent Policy Examples

Earth/Ocean Sciences – 2 yrs to Earth/Ocean Sciences – 2 yrs to deposit in national data center deposit in national data center

Cognitive Brain Science – 1 year to Cognitive Brain Science – 1 year to deposit in library or data archivedeposit in library or data archive

NIH – grant must include data NIH – grant must include data sharing plan if > $500K (data to sharing plan if > $500K (data to replicate – not summaries) & PI replicate – not summaries) & PI keeps data for 3 years after grant keeps data for 3 years after grant endsends

The FutureThe Future Recommendation 4: Recommendation 4: The NSF should The NSF should

require that research proposals for require that research proposals for activities that will generate digital data, activities that will generate digital data, especially long-lived data, should state especially long-lived data, should state such intentions in the proposal so that such intentions in the proposal so that peer reviewers can evaluate a peer reviewers can evaluate a proposed proposed data management plan.data management plan.

Building policy and infrastructure to Building policy and infrastructure to help researchers do this will be a help researchers do this will be a competitive advantage (for securing competitive advantage (for securing faculty and grants)faculty and grants)

Next StepsNext Steps Are security breaches at colleges and Are security breaches at colleges and

universities on the rise?  universities on the rise?  What are we doing to address the What are we doing to address the

protection (privacy, security, integrity) of protection (privacy, security, integrity) of information? information?

Are there things we should be doing Are there things we should be doing differently than industry and differently than industry and government?government?

What infrastructure (technology, What infrastructure (technology, procedures, policy, templates) should we procedures, policy, templates) should we provide for our schools?provide for our schools?