❓ PNR Frequently Asked Questions

🔐 Is My Research Data Encrypted?

Given our significant mitigating controls, we've determined that encryption at rest need not be used by default in the Protected Network for Research. Internet connection to the secure enclave is predominantly disallowed by firewall. Multifactor authentication is required, and network segmentation prohibits internal connection between projects. The storage and VM infrastructure for all projects therein is limited to hardware in our on-premise enterprise-grade data centers, which have tightly controlled and monitored physical access (24/7/365). All storage is logically spread across many different physical disks (Network-Attached Storage (NAS)), such that loss or theft of many disks would be required in order to have a "usable" dataset. Given that the data at rest must be decrypted for actual computational use, encrypting on disk provides almost no benefit when all the disks are in such a secure physical environment (where loss or theft is exceptionally unlikely to occur and being able to remove a usable set of disks equally so). All portable physical media is encrypted and protected appropriately.