Secure Compute Research Environment

Overview

The Secure Compute Research Environment (SCRE), is a private, secure, virtual environment for researchers to remotely analyze sensitive data, create research results, and output results and analyses.

The SCRE was developed by ETS in cooperation with the Institute for Social, Behavioral and Economic Research (ISBER) with additional funding from the Office of Research.

Many restricted data providers require a minimum set of standards in the DSP: a standalone computer in a uniquely-keyed physical location, standard user account with strong password, no internet connection, USB/optical media disabled, printing disabled and an antivirus installation. The SCRE is intended to be an alternative to the creation of an individual solution each time a researcher needs to analyze restricted datasets.

The environment is described in a detailed Data Security Plan (DSP), pre-approved by the UCSB CISO for use with selected agency and data provider DSPs. Researchers may attach this DSP document in applications to various agencies and data providers for restricted data set licenses.

SCRE minimizes security and implementation burdens for researchers who cannot easily construct personal data security plans. The environment is scalable to allow access to many users simultaneously. The environment is operated securely including the application of updates when they are available.

The SCRE will facilitate cost and time savings, alleviate space allocation difficulties, and eliminate redundancies of multiple systems deployment across campus.

Security Controls

Initially, SCRE was designed with the Critical Security Controls for Effective Cyber Defense (CSC Top 20) v5.1, surpassing the basic security controls required by many restricted data providers.

Over time, additional controls required by government data providers, such as the NIST 800-53rev4 Minimum Security Controls for Safeguarding Controlled Technical Information from Table 1 of DoD DFARS clause 252.204-7012 - Safekeeping of Unclassified Controlled Technical Information), were implemented into the SCRE.

Most recently, the environment was upgraded to comply with NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

SCRE features include:

  • An assigned virtual machine (Research Virtual Desktop) for every research project on a secured private network.
  • An encrypted, password-protected disk image for storage of the restricted dataset, interim research results, and applications’ temporary file storage.
  • Several pre-loaded licensed applications, including Microsoft Office Professional, Adobe Acrobat Pro, Mathematica, R and R Studio, SPSS, SAS, and Notepad++.  A pool of licenses are available for use for Matlab, Stata SE and ArcGISPro.
  • JMP and Atlas.TI installed but not licensed. (If you would like to use either of these, please provide a valid license file.) 
  • Additional software (BYOS) can be installed on individual virtual desktops to meet special requirements.
  • User-friendly, multi-factor authentication service (MFA) for login to the VPN web portal as well as the File Transfer Gateway web application.
  • Researchers connect to the SCRE through a virtual private network via a web browser. This ensures a secure connection from their remote Research Virtual Desktop.

SCRE can be accessed from any internet-connected device, using any HTML5-compliant web browser (i.e. Internet Explorer 10/11, Mozilla Firefox, Google Chrome, Apple Safari). No additional plug-ins (i.e. Java, ActiveX) or software clients need to be installed on the researcher’s local device.

The overall user experience in the SCRE is very similar to using other traditional Remote Desktop-type clients, but with substantial security controls in place.

Request Information

Requests for a new SCRE Research Virtual Desktop should be made using the form here.

Contact scre-support@lists.ets.ucsb.edu with any follow-up questions.

Requests for new environments are usually completed within one week.

Special Considerations

Data security plans restrict the ability to remove data from the protected environment.

Initial upload of a researcher's secured dataset to his/her SCRE Research Virtual Desktop will be performed by the SCRE Operator upon creation of each Research Virtual Desktop. A File Transfer Gateway web application is available within the SCRE to securely upload data files into Research Virtual Desktops, as well as share files with other colleagues and SCRE users.

Researchers can export data files outside of the SCRE when explicitly permitted by the restricted data provider, using a secondary approval process. More information about how to use the File Transfer Gateway is available in the SCRE User Guide.

Support

After consulting the SCRE Service support pages, existing SCRE customers should contact their local or departmental IT support staff with any support questions.

Requests for modifications to existing SCRE Research Virtual Desktops should be made using the form here.

Tier 2 technical support questions can be sent from researchers' local IT staff via email to scre-support@lists.ets.ucsb.edu

Additional Service Information

Service Level Agreements (SLAs)

Not applicable.