Dr Amr Hassan1, Mr Daniel Langenhan1, Mr Matthew Barry1
1Monash University, Clayton, Australia
With the increasing focus on security controls within a university setting, it is imperative that universities offer the right balance between commoditised services for the enterprise and bespoke services for research. Delivering this within an operating model where common security postures and practices can be maintained, and pairing this to the risk appetite of the institution is a challenge. The potential reputational damage, legal, and economic consequences for research subjects, the researcher’s institution, and the researcher remains front of mind.
Secure Data Enclaves (SDE) is a software-defined, secure, and centralised private cloud infrastructure that aims to give Monash research users a safe environment to host, process, and analyse their sensitive data. From inception, the design was focussed around creating a capability with security at its core, that did not require the user to sacrifice their overall experience.
On the infrastructure level, SDE offers capabilities such as:
– Software-Defined Micro-segmentation and Network virtualisation,
– Software-Defined-Storage with advanced capabilities such as Erasure Coding, and Stretch Clusters,
– Encryption-at-Rest and Multi-tenancy with full segregation between different workloads,
– Privileged Access Model with a dedicated identity zone; and
– Full Storage Auditing Capabilities.
The platform architecture and design enables the team to offer each workload its dedicated enclave with well defined and monitored traffic routes to ensure that only authorised access is allowed. Within our presentation, we will discuss the design pattern of the platform and how it can be used to address the challenges of hosting, analysing and processing sensitive data at scale.
Dr Amr Hassan is the Delivery leader for Technology Services and eResearch at Monash University. He leads the infrastructure platforms team at eSolutions. He holds an interdisciplinary PhD in Computational Sciences, an M.Sc in Scientific Computing, and a B.Sc. of Computer Science.