How to secure data institutionwide

Starting with a centrally controlled and protected environment is key
By: | January 30, 2020
(gettyimages.com: OstapenkoOlen)(gettyimages.com: OstapenkoOlen)
Damian Doyle is assistant vice president of enterprise infrastructure solutions in the Division of Information Technology at the University of Maryland, Baltimore County. He is a UB Tech® 2020 featured speaker.

Damian Doyle is assistant vice president of enterprise infrastructure solutions in the Division of Information Technology at the University of Maryland, Baltimore County. He is a UB Tech® 2020 featured speaker.

The recent proliferation of business intelligence systems and analytical capabilities has provided colleges and universities with amazing insights into student behaviors and administration processes that were previously inaccessible. These platforms are complex and intertwined with every aspect of higher ed business.

As the data continues to flow in at an ever-increasing rate, the number of people who need access to it is also rising. Whether it is for student advisement, class trends, enrollment metrics, research expenditures, or financial reporting and analysis, this data is part of the lifeblood of an institution. 

Historically, the easiest way to work with needed data has been to download it for analysis and visualization using any available tools or software. All too often, this has led to snippets of the sensitive information being scattered across dozens or hundreds of machines across campus, in multiple business units. How do we enable faculty and staff to easily work with the data, using their preferred tools, while maintaining security over the data? 

Creating a secure data enclave

At the University of Maryland, Baltimore County, we have built a secure enclave inside our Amazon Web Services cloud for our business intelligence system. We are creating a safe space for users to work with the data they need while ensuring the safety of critically important information. To accomplish this, we have created a set of desktop workstations inside the secure enclave. These machines, managed by central IT, are easily patched and maintained without bothering users. At the same time, developers and users can access the data needed using the tools they are accustomed to. The biggest difference now is we can ensure that the data never leaves the enclave. 

We are creating a safe space for users to work with the data they need while ensuring the safety of critically important information.

Beyond the additional security benefits achieved by keeping all data inside a centrally controlled and protected environment, there are several other benefits for universities. This type of solution shifts the processing power away from the end user’s machine. They don’t need a powerful desktop or laptop to conduct complex analysis or visualizations of the data. The computing horsepower is inside the cloud, making upgrades as simple as a reboot when needed.

We had a developer who wanted to experiment with a new type of visualization of class data, and after a quick discussion, we were able to upgrade their computing power so they could work more effectively. Developers and end users can access all of their tools from any type of machine, including Chromebooks or iPads, since the machine is virtual. Long term, this can lower the expense of user workstation replacement costs. 


Read: Voices in Tech: Building an information security program from the ground up


Taking tech a step further

Shifting our thinking in this way has led us to consider what other problems we can solve with this type of structure. Very often, higher ed institutions suffer from a “key man” problem, in which a single person has a wealth of knowledge that can vanish with them, without proper documentation or training of replacement personnel. That is why at UMBC, we are also adopting Jupyter notebooks as documentation and collaboration tools within the secure enclaves we created. Jupyter notebooks, and other similar solutions, are documents that contain live code, equations and visualizations, along with text to explain the methodology and processes used. This approach allows us to create a more fluid transfer of knowledge. Many of our analysts find it a more natural method to document their processes, and it serves as a great introduction for new analysts to easily acclimate themselves to our systems and techniques. 

Utilizing these new mindsets and technologies is allowing us to focus on protecting our sensitive and critical data without sacrificing our abilities to analyze and act on that same data. Too often security is seen as roadblock to flexibility and innovation. This approach shifts the conversation, placing security at the heart of what we do, while providing people universitywide with the tools they need. This results in improvements to student success and to the management and operations of the university as a whole. 


Damian Doyle is assistant vice president of enterprise infrastructure solutions in the Division of Information Technology at the University of Maryland, Baltimore County. He is a UB Tech® featured speaker, presenting the “Designing a Business Intelligence System in a Protected, Yet Easily Accessible Environment session.


For all UB Tech® news, click here.


Interested in technology? Keep up with the UB Tech® conference.