KeyPoint – A universal trusted research environment for sharing, accessing and analysing sensitive data

KeyPoint – A universal trusted research environment for sharing, accessing and analysing sensitive data

Peter Marendy¹, Stephen Bird¹, Hoylen Sue¹, Diego Guillen¹, John Perry^1,2, Vitaly Gnyubkin^1,2, Michael Mallon^1,2, Mark Hoffmann^1,3, Kathy Dallest¹, Jason Ferris³, Dom Gorse<sup>1,4

1</sup>Queensland Cyber Infrastructure Foundation (QCIF), St Lucia, Queensland, Australia
²University of Queensland – Research Computing Centtre, St Lucia, Queensland, Australia
³University of Queensland – Faculty of Medicine, St Lucia, Queensland, Australia
⁴University of Queensland – Institute for Molecular Biosciewnce, St Lucia, Queensland, Australia

Abstract

Situation: Sensitive data is increasingly common in many research fields with researchers requiring secure and trusted digital environments to hold, analyse and collaborate on data, ensuring its security and unlocking its full potential.

Task: To address the demand for secure research environments, Trusted Research Environments (TREs) are a necessity. TREs provide governed and highly secure environments with the appropriate resources for collaborative research analysis. They enforce data governance and security based on the Five Safes Data Sharing Principles.

Action: KeyPoint is a distinct TRE in Australia that goes beyond population health data and enables national users to authenticate using their home institution’s identity provider through the Australian Access Federation (AAF). KeyPoint ensures data governance at scale, and expandability by employing a self-contained vault architecture with strong role-based access controls and complete separation of research activities.

Result: KeyPoint has been developed and deployed on the Nectar Research Cloud with security controls such as ISO 27001 and the NIST Cybersecurity Framework in mind. It incorporates OpenStack for virtualisation, AAF for authentication, Vault-specific Active Directory instances for access and authorisation management, and Flutter and Dart for the user interface. It employs Leostream and Guacamole for virtual desktop orchestration. All actions in KeyPoint trigger messages that are audited for forensic purposes, providing a high level of security. KeyPoint’s advanced capabilities in data analysis, including AI and machine learning, have already been adopted by ground-breaking projects and empowers researchers to tackle complex research challenges across unlimited domains.

Biography

Peter is currently employed as Head of Data and Software Solutions at the Queensland Cyber Infrastructure Foundation (QCIF), which provides eResearch infrastructure and services for Queensland research institutions and contributes to the National Research Infrastructure.

In this role, Peter is responsible for leading a team that delivers innovative, high quality, and time driven results for a wide variety of research programs from within universities, research institutes, and commercial companies. The team has expertise in workflows, specialised computing, data capture and management, and working with sensitive data.

Prior to his role with QCIF, Peter led the Microsystems research within CSIRO’s Cybernetics research Group. During his time at CSIRO, Peter also led projects such as Bees with Backpacks, Optimising Pollination, Smart Hives, Probing Biosystems – Implantables, Brain Implants, and Smart Helmets for optimising the timing of Cranioplasty.

Peter brings his experience in team/capability management, project management, and customer focused collaboration and relationships.

He also has more than 20 years of software engineering experience across multiple domains, including Digital Agriculture, Energy, Food and Nutritional Sciences, Health, Marine Sensing, Robotics, and Visual Analytics, in research and innovation environments.

Peter Marendy holds a Bachelor of Computing (Hons) from James Cook University and a Graduate Certificate in Research from University of Tasmania. His area of research is focussed on using context information to determine query intent to allow search across heterogeneous datasets and return relevant results that may not necessarily match the original search terms.

https://orcid.org/0000-0002-5499-9863