REED+ Secured Research is Purdue’s ecosystem for sensitive research data. REED+ gives Purdue researchers the ability to meet compliance for their research data. As a managed research ecosystem with sufficient storage, high speed computing capability, and security, REED+ strives to efficiently and cost effectively handle Purdue’s controlled research data and processing needs in a manner compliant with the highest level of cybersecurity applicable to unclassified data possessed by Purdue University and Purdue University researchers. Development of the REED+ ecosystem is supported by the National Science Foundation under Grant No. 1840043.
REED+ helps researchers meet compliance for their HIPAA, FERPA, ITAR, and EAR data needs. With the security set in place, researchers can feel at ease knowing their data is meeting compliance without the hassle of figuring it all out on their own. This also allows Purdue to undertake research opportunities that wouldn’t otherwise be possible.
Purdue has many storage solutions available to researchers. Each storage solution has specific data types or contract obligations that they meet compliance needs for.
Box Secure Storage
- Accessible anywhere with an internet connection without a VPN.
- Collaborators can easily be added and removed from projects as needed.
- File versioning allows for files to be rolled back to previous versions quickly and easily.
- Approved for HIPAA, FERPA, and NIST 800-171 data storage.
- Maximum file upload size of 15 GB.
- Data not housed within University servers.
- Maintenance and vulnerability patching are outside of the control of the University.
Where Box would be the ideal storage solution
- If your project is working with restricted or sensitive data (i.e. HIPAA, NIST 800-171, FERPA) and the majority of your data is stored in separate, smaller files.
- If a project will often require a user to access data from different machines or from an off campus location over the course of the project.
- If a project will require document sharing with collaborators from many different institutions, or if multiple institutions will be working jointly on a single project.
- Data is housed on University managed servers.
- Data Redundancy.
- No maximum file upload size.
- Integrated with community clusters.
- Not approved for storage of most controlled data, including HIPAA, ITAR, and NIST 800-171.
- Requires university network connection, either physical or over VPN.
- Affected by university-wide disruptions (i.e. power outages).
Where Data Depot would be the ideal storage solution
- If a research lab needs large amounts of storage space quickly, especially when using community clusters for research, and will rarely need to access data from off campus.
- If a research project will need to store files greater than 15 GB in size and maintain quick access to those files over the course of the project.
- Data is housed locally at Purdue.
- Data is stored both in a local cache for small and recently opened files, and on robotic tape permanently.
- There is no storage quota in Fortress, monthly usage is emailed to users.
- Two copies of each file are stored in two separate locations to protect from data loss due to hardware failure.
- Accidentally deleted files cannot be recovered once they are deleted.
- Firewall rules must be changed to allow connections from specific hosts before data can be accessed.
- Fortress does not automatically switch between copies if the primary copy cannot be accessed. The researcher will need to contact Research Computing to gain access to the secondary copy.
- Scheduled maintenance on the first Wednesday of each month from 8am to 12pm.
- Not approved to hold most controlled data, including HIPAA, FERPA, ITAR, NIST 800-171, and CUI.
- If a researcher needs to store a large amount of unclassified data for an extended period of time and will be accessing data from university machines throughout the project.
- If a researcher will be working with Data Depot already and needs a long-term storage area for large files—a Fortress group storage space is automatically created when any Data Depot research group space is created.
|Security Level||Example Data Types||Cloud||On Premises|
|Published and shared broadly||Personal Box
L1 & L2 Box
Data Depot / Fortress / Isilon
L1 & L2 Box
Data Depot / Fortress / Isilon
|Lab or Departmental Storage
|Encrypted Hard Drives
Export Control Research
|Government Regulated Technology
Defense non-Classified related Data
Based on the project proposal given by the PI, SPS will help the PI set dates and deadlines for project parts such as a data security plan, review and secure budget approval prior to submitting the finalized proposal to the granting agency. Working with SPS, the PI will be guided in communicating their data needs with RCAC and ITSP to complete a data security plan that fulfills their needs. After completing the data security plan and funding has been granted, researchers will complete the necessary training, and receive access to their controlled environment.