Security objectives#

The diagram below shows an overview of the security objectives outlined in our design choices preprint.

Sample security controls

Caution

The Alan Turing Institute does not yet operate any Tier 4 environments and so our suggested default controls for Tier 4 environments are still under development. Organisations are responsible for making their own decisions about the suitability of any of our default controls, but should be especially careful about doing so if considering using the Data Safe Haven for projects at the Tier 4 sensitivity level.

Security considerations#

In order to configure your Data Safe Haven deployment according to your needs you may want to consider the following:

  • Multifactor authentication and password strength requirements

  • Allowed networks for inbound and outbound connections

  • Level of control over user devices

  • Physical security

  • Whether to allow copy-and-paste from user devices

  • How to manage data ingress and egress

  • How to manage software ingress and egress

  • Whether to allow access to some or all packages from external repositories

  • Which external URLs to allow through the firewall

These are a mixture of technical, policy and physical controls.

The built-in technical controls applied in the Data Safe Haven are detailed here. The configuration used at the Alan Turing Institute is included here for reference.