1 of 15

Development of CSC’s SD Desktop service�

Juha Törnroos

CSC – IT Center for Science Ltd.�ELIXIR Finland

2 of 15

2

3 of 15

Agenda

  • What we did?
  • Why we did it?
  • How we did it?
  • Is it good?
  • Should you do it?

3

4 of 15

What is sensitive data?

    • Race or ethnic origin
    • Political opinions
    • Religious or philosophical belief
    • Trade union membership
    • Genetic information
    • Processing of biometric data for the unambiguous identification of a person
    • Health data
    • Sexual behavior or orientation of a natural person
    • Criminal convictions or offense

4

GDPR

Confidential data

  • IP rights
  • Health and social data from citizens consented for research
  • Information regarding national safety

  • Location of endangered species
  • Other conservation efforts

Ecological data

5 of 15

5

6 of 15

6

7 of 15

Agenda

  • What we did?
  • Why we did it?
  • How we did it?
  • Is it good?
  • Should you do it?

7

8 of 15

Under the hood

  • Based on opensource
  • Relies on international standards
  • Leverages other services when possible �(ELIXIR AAI, SD Connect)

8

9 of 15

Demo

9

10 of 15

Agenda

  • What we did?
  • Why we did it?
  • How we did it?
  • Is it good?
  • Should you do it?

10

11 of 15

Extra stuff

12 of 15

CSC Sensitive Data (SD) services – focus on the end-user

12

SD

Desktop

SD

Connect

SD

Submit

Compute

(ePouta)

Store (Allas)

Publish

CSC

13 of 15

Sensitive Data Services: SD Desktop

13

SD Desktop is a simple web UI for accessing secure virtual machines in ePouta.

Unlike regular ePouta, SD Desktop runs in a CSC hosted ePouta tenant, which

    • does not require specific customer network connection, IT support, or admin skills;
    • is accessible from the Internet with a modern web browser;
    • is maintained and managed by CSC; and
    • still has security built-in.

Hopefully, it can also soon be used for sending jobs to HPC!

14 of 15

Sensitive Data Services: SD Connect

14

SD Connect is a simple web UI providing a drag-and-drop method for storing sensitive data into Allas.

Like all Allas usage, this is per user (or per project) usage.

The user is fully responsible for

    • encryption of the data;
    • managing the encryption keys; and
    • any data sharing she intends to do.

But it can also act as an gateway to other SD services.

15 of 15

Sensitive Data Services: SD Submit

15

SD Submit is both a web and a CLI tool for storing your sensitive datasets “permanently”.

Datasets that are submitted to sensitive data platform

    • are still fully and solely owned by the submitter;
    • will have a persistent identifier (DataCite DOI);
    • can be authorized to identified users for read-only access;
    • are automatically stored with encryption; and
    • do have a secondary copy.

Dataset authorization is checked upon login to SD Desktop, and data is automatically available if authorization(s) exist.