Protecting sensitive research data and meeting researchers needs: Duke University's Protected Network

Research use of sensitive information -- personally identifiable information (PII), protected health information (PHI), commercial or proprietary data, and the like -- is increasing as researchers' skill with "big data" matures. Duke University's Protected Network is an environment with technical controls in place that provide research groups with essential pieces of security measures needed for studies using sensitive information. The environment uses virtualization and authorization groups extensively to isolate data, provide elasticity of resources, and flexibly meet a range of computational requirements within tightly controlled network boundaries. Since its beginning in 2011, the environment has supported about 200 research projects and groups and has served as a foundation for specialized and protected IT infrastructures in the social sciences, population studies, and medical research. This article lays out key features of the development of the Protected Network and outlines the IT infrastructure design and organizational features that Duke has used in establishing this resource for researchers. It consists of four sections: 1. Context, 2. Infrastructure, 3. Authentication and identity management, and 4. The infrastructure as a "platform."