Scientific researchers increasingly need to move and share protected data, including HIPAA-regulated data and controlled unclassified information. Handling this data can be problematic, so they often resort to using distilled, de-identified data, thereby limiting the bounds of research.
To address this issue, we have updated the Globus service so connected systems can be configured with higher assurance levels, allowing investigators to easily manage protected data throughout the research lifecycle. In addition to leveraging existing Globus security features, such as multi-factor authentication and federated login, Globus now supports stricter identity verification, application and device isolation, and detailed audit logging. Data may be accessed via high assurance Globus endpoints, where users must authenticate with a specific identity within a specified time period within each application. Data managers have enhanced stewardship capabilities, such as detailed audit trails to allow close monitoring of all data access and sharing. As a result, scientists can work together via approved, compliant methods on richer datasets that will enhance their research and accelerate the pace of discovery. In this presentation, we will provide an overview of how the Globus service may be used in a wide variety of scenarios related to managing, and collaborating with, protected data. We will emphasize Globus features for authentication, authorization, auditing, and data confidentiality/integrity/availability that make it possible to manage protected and ‘open’ data in a consistent manner. We will also address how systems can be easily configured to access protected data via Globus.
