Data ingress process

Introduction

The Data Safe Haven has various technical controls to ensure data security. However, the processes and contractual agreements that the Dataset Provider agrees to are equally important.

Bringing data into the environment

Attention

Before starting any data ingress, make sure that you have gone through the data classification process.

Talk to your System Manager to discuss possible methods of bringing data into the environments. It may be convenient to use Azure Storage Explorer. In this case you will not need log-in credentials, as your System Manager can provide a short-lived secure access token which will let you upload data.

Tip

You may want to keep the following considerations in mind when transferring data in order to reduce the chance of a data breach

• use of short-lived access tokens limits the time within which an attacker can operate

• letting your System Manager know a fixed IP address you will be connecting from (eg. a corporate VPN) limits the places an attacker can operate from

• communicating with your System Manager through a secure out-of-band channel (eg. encrypted email) reduces the chances that an attacker can intercept or alter your messages in transit