The “s” in eResearch…stands for security
Compared to other computing and data domains, eResearch has historically overlooked general information security processes. Initially, the focus was on open collaboration, which contrasts with the restrictive boundaries that information security seeks to implement. Additionally, eResearch involves complex, bespoke, and temporary workflows, deterring the adoption of corporate one-size-fits-all solutions. Furthermore, a general perception of low risk, combined with funding and resource constraints, has led to reduced uptake of cybersecurity practices.
However, this is rapidly changing. Both researchers and IT departments are being compelled to quickly enhance their security posture. The proliferation and increasing sophistication of cyber-attacks have introduced not only financial and operational risks but also reputational risks for both institutions and researchers. Moreover, research data increasingly includes sensitive information, making it attractive to malicious actors.
The positive development is that academic institutions are beginning to recognize the importance of security and the unique challenges within the eResearch space. We are collaborating with researchers to find balanced solutions that maintain the open collaborative model while incorporating layered security controls. This presentation will focus on the current challenges and potential solutions, with particular emphasis on lessons learned from operating the Auckland node of ARDC’s Nectar Research Cloud.
ABOUT THE AUTHORS
Sean Matheny began his career working in the physics department of the largest radiation oncology treatment provider in the U.S. There, he helped to improve QA, dosimetry, and treatment planning and delivery via technology, machine learning, and automation. For the last 8 years, he’s primarily worked in roles that have enabled research cloud platforms and HPC (high performance computing) in both the Centre for eResearch (University of Auckland), and NeSI. Currently, he helps operate the Auckland node of the Nectar Research Cloud, at Centre for eResearch.
Tom Laurenson is a Senior Security Engineer in the Centre of eResearch Platform team at the University of Auckland. His primary responsibility is improving the security posture of research at UoA, from a technical standpoint. Tom recently returned to academia, after various technical positions in the industry as a security engineer and pentester. Before that, he was a lecturer at the Otago Polytechnic after receiving a PhD from the University of Otago. Tom is passionate about programming, breaking stuff, security, and finding the harmonious balance of risk, security and getting things done.
Michael Karich is Deputy Chief Information Security Officer – Research at the University of Auckland, and the Chief Information Security Officer at NeSI. Across these roles, he strives to support and enable secure research operations across the entire data lifecycle. Before this, he held roles in HPC and cloud infrastructure, data management, and research security. With Computer Science and IT Operations qualifications, Michael pulls from a broad background to empower the secure use of new technologies in groundbreaking research. He is currently focusing on the enhancement of internationally known research capability through governance, staff enablement, and process management.
-----
For more information about the eResearch NZ / eRangahau Aotearoa conference, visit:
https://eresearchnz.co.nz/
