Can I just add that I am not totally convinced by the account management benefits claimed.á The rights that are given to collaborators are given by users.á So we trust them to manage these appropriately….

 

Jeremy Harrington | IT Director

The Institute of Cancer Research | 15 Cotswold Road | Belmont | Sutton | Surrey | SM2 5NG

 

Tel: +44 (0)208 722 4055 | Mob: +44 (0)7919 282029

Email:  [log in to unmask] | Web:  www.icr.ac.uk |

Please follow us on Twitter: @ICR_London : Facebook: www.facebook.com/theinstituteofcancerresearch

 

Making the discoveries that defeat cancer

 

From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Tedds, Jonathan A. (Dr.)
Sent: 31 July 2015 09:56
To: [log in to unmask]
Subject: Re: Advice on cloud services

 

Just to add to this - even the most sensitive NHS based data may sometimes be stored via cloud-type external IT infrastructure IF the right information governance and security is in place. ISO27001 would be a minimum initial data centre security requirement and then the NHS or equivalent information governance audit built on top of that. So, for example, an NHS Trust may well make an arrangement with a private or other cloud supplier but it will require many further restrictions including UK location for data centre etc. So it won't necessarily be one of the best known international suppliers.

 

John makes a very good point that an appropriate secure 'cloud' based solution may well be considered to be safer and more reliable. Not least if there is a critical need for maximum up time and redundancy for the service, which often compares very favourably with in house data centre provision.

 

From a research point of view, the advantages of cloud based services for external collaboration often make an enormous difference in practice since local solutions often require setting up of multiple external accounts, often with (almost) full local privileges, which is also not ideal! Hopefully this will soon be a thing of the past :)

 

But of course each case must be considered on it's merits and external provision won't always be the answer now.

 

Regards,

Jonathan

Dr Jonathan A. Tedds
Senior Research Fellow                              @jtedds

Health And Research Data Informatics (HARDi)               

PI BRISSKit Biomedical Research Software Service

Editor-in-Chief, Open Health Data Journal

Co-Chair Research Data Alliance – WDS Publishing Data Interest Group

Department of Health Sciences

College of Medicine, Biological Sciences and Psychology
University of Leicester
22-28 Princess Road West
Leicester, LE1 6TP, UK
Tel: +44(0)116 229 7780 (w), +44(0)779 504 6277 (m)


On 31 Jul 2015, at 09:38, John Milner <[log in to unmask]> wrote:

To an extent yes, but that doesn’t cover the risk of loss etc, one can always use one’s own encryption with other services. Services such as Dropbox and Box, onedrive, Google etc, are very convenient and often more secure than many in house services used by academics, but they do not provide the level of guarantee I think is needed for high value and high sensitivity data. That needs more sophisticated management and so more tailored cloud services. These are already available from some of the well know repository software suppliers.

 

John K. Milner

Mail to: [log in to unmask]

 

From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Jeremy Harrington
Sent: 31 July 2015 08:35
To: [log in to unmask]
Subject: Re: Advice on cloud services

 

John

Box does claim higher security than other cloud file services (encryption specifically).  You don’t regard that as providing any greater comfort?

 

Jeremy Harrington | IT Director

The Institute of Cancer Research | 15 Cotswold Road | Belmont | Sutton | Surrey | SM2 5NG

 

Tel: +44 (0)208 722 4055 | Mob: +44 (0)7919 282029

Email:  [log in to unmask] | Web:  www.icr.ac.uk |

Please follow us on Twitter: @ICR_London : Facebook: www.facebook.com/theinstituteofcancerresearch

 

Making the discoveries that defeat cancer

 

From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of John Milner
Sent: 30 July 2015 18:04
To: [log in to unmask]
Subject: Re: Advice on cloud services

 

There are some more complicated issues here. One drive is just a lump of storage oftentimes associated with O365 and I reckon is to be treated much like you'd treat the hard drive on a laptop, but bigger and more reliable, we hope, with the added benefit of being able to share it more easily.

 

Services like Dropbox and Box are similarly designed as convenient dumping and sharing grounds and I don't yet see them as suitable resting places for high value high sensitivity data.

 

If you are going to store high value high sensitivity data then you need to have infrastructure as a service in the cloud and this really implies having an institutional repository built in the cloud, which may well be more cost effective and scalable than having in house hardware, but requires the same level of careful design and management.

 

John

Sent from my iPad


On 30 Jul 2015, at 17:53, Tim Banks <[log in to unmask]> wrote:

The University of Leeds staff terms and conditions for use of OneDrive can be found here:

http://it.leeds.ac.uk/download/136/staff_terms_and_conditions_for_using_onedrive-university_of_leeds

 

The main clause of interest is:

18. In accordance with the University’s Information Security Policy, Highly Confidential information must not be copied to or stored within the Service unless encrypted and then only for the shortest period necessary for business operations.

(we do permit the storage of ‘confidential’ data in OneDrive).

 

Definitions of data types along with some examples can be found in the Information Protection Policy:

http://it.leeds.ac.uk/download/53/information_protection_policy

 

Tim

---------------------------------------

Faculty IT Manager, IT

University of Leeds

Leeds

 

http://www.essl.leeds.ac.uk/people/staff/banks

From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Jill Evans
Sent: 30 July 2015 16:16
To: [log in to unmask]
Subject: Advice on cloud services

 

Dear All

 

I’d really appreciate some advice/opinions on cloud services.  In particular, has anybody changed, or is thinking of changing, the advice they give researchers on use of cloud services for storing data?

 

IT here has recently implemented OneDrive for Business which gives researchers a massive amount of storage space with data guaranteed to be held on EU servers.  Cloud is fine, indeed wonderful, for many types of data, for sharing and working collaboratively, etc., but I’m still pretty much of the opinion that it shouldn’t be used for any extremely sensitive data where there is an implicit risk to confidentiality or reputation, and so on.

 

I have noticed some more relaxed attitudes to cloud-based services recently in the UK and elsewhere but I am still telling people not to use cloud for sensitive data and if they do store data in the cloud, back up to a different location.  This is somewhat in conflict with what IT would like. 

 

I would happily change this advice but I would like some reassurance that new practices are: 1) endorsed by the RDM community 2) comply with funder requirements (almost certainly they would not) 3) underpinned by legislation (I understand a new European DPA is under discussion which may provide specific guidance on cloud).

 

At the risk of sounding na´ve or uniformed, if considering using cloud for sensitive data, does encryption and restricting access make it OK now?  I can’t imagine telling some of our Health researchers to put all their data in the cloud…maybe I’m just hopelessly behind the times but alarm bells are ringing.

 

Thanks and best wishes

 

Jill

 

Jill Evans

Research Data Manager

University of Central Lancashire

Research Office

Greenbank Building

Preston

PR1 2HE

 

01772 894033

 

[log in to unmask]

[log in to unmask]

Follow @UCLanRDM on Twitter for the latest news and events

Research at UCLan: http://www.uclan.ac.uk/research/ 

 

 


The Institute of Cancer Research: Royal Cancer Hospital, a charitable Company Limited by Guarantee, Registered in England under Company No. 534147 with its Registered Office at 123 Old Brompton Road, London SW7 3RP.

This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer and network.


The Institute of Cancer Research: Royal Cancer Hospital, a charitable Company Limited by Guarantee, Registered in England under Company No. 534147 with its Registered Office at 123 Old Brompton Road, London SW7 3RP.

This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer and network.