An innovative new service at Indiana University aims to help researchers overcome common challenges in their work: staying compliant and keeping data safe. Often, the very nature of collaborative research makes the data vulnerable to outside influences.
SecureMyResearch provides researchers with consulting and resources to help them protect research data and comply with cybersecurity requirements in grants, contracts, and data use agreements. The service aims to reduce the cybersecurity and compliance burden, letting researchers do what they do best—world class research.
SecureMyResearch offers services that help conduct research securely, whether working with regulated or unregulated data, such as:
- A one-stop, self-service resource (known as the 'cookbook') that provides recipes for common research use cases that have security and compliance baked in
- One-on-one consulting
- Advocacy, a vehicle to provide researcher feedback to the appropriate stakeholders
I was a researcher for a long time, so I can tell you from my own experience that researchers don't really have the time for anything other than research ~ Anurag Shankar
The cookbook offers information and recipes (step-by-step directions) developed by IU technology and cybersecurity experts using proven ingredients that have security baked in. Many of the 'recipes' are also pre-approved for certain types of critical data, for instance, HIPAA protected health information (PHI). While the directions the cookbook provides are specific to IU, the use cases are applicable to researchers everywhere. The cookbook is open to anyone—even those outside IU—at no cost.
SecureMyResearch is led by Senior Security Analyst Anurag Shankar. Shankar provides leadership in regulatory compliance related to research (HIPAA, FISMA, and DFARS) and cybersecurity risk management for IU’s Center for Applied Cybersecurity Research (CACR). He has over two decades of experience in providing research computing services and building HIPAA-compliant solution for biomedical researchers at IU. Shankar holds a Ph.D. in astronomy.
“I was a researcher for a long time, so I can tell you from my own experience that researchers don't really have the time for anything other than research,” said Shankar. “That became especially apparent when I started serving the researchers in the IU School of Medicine beginning around 2009. I thought, well, they probably understand HIPAA and how to secure their data. And they, of course, proved me wrong.”
For many years, Shankar was building secure solutions for them because as a former researcher, he understood their needs.
"I helped them for a long time and started building a collection of use cases,” said Shankar. “As I was doing it, it became clear that what the researchers wanted was either someone to take care of security entirely so they didn’t have to, or to tell them exactly what to do. They were happy to follow instructions."
As part of a university-wide push to secure not only systems but the university’s research, these use cases, or recipes, were compiled for researchers to easily use. And, if they need more hands-on help, the other components of consulting and advocacy come into play.
Shankar knew that researchers have a lot on their minds and a short attention span. The name SecureMyResearch was chosen because it is easy for researchers to 'get’ and remember. The service was formally launched in early August, and, happily, researchers are already sending in a lot of tickets.
“The clients who are coming in are researchers who have some kind of cybersecurity requirement, for example HIPAA, or terms in a data use agreement,” said Shankar. “They are coming to us asking, ‘do we have systems centrally that can support this thing?’ Or, ‘here's data I need to secure. Can you recommend a solution to us?’ There are also some new types of controlled information that are appearing in contracts. We are preparing for that as well.”
“The idea of the cookbook is to address resource limitations—we have only two full-time people,” added Shankar. “That's not enough to provide consulting to every researcher on every IU campus. So, we have built a knowledge base, the cookbook, with recipes that offer secure workflows for a given use case. Just like in a conventional knowledge base, where you put in a keyword and get back questions to click on, the cookbook returns use cases. Clicking on a use case provides a list of steps that, if followed, ensures security and compliance. We cannot provide consulting on a massive scale, but we can give researchers solutions for the most common things they want to do, with security already baked in so they can concentrate on research.”
SecureMyResearch is a joint initiative by Indiana University’s Center for Applied Cybersecurity Research (CACR), Information Security in the Office of Vice President for Information Technology (OVPIT), and UITS Research Technologies, and supported by the Office of the Vice President for Research and the Office of the Vice President for Information Technology.