Data security and confidentiality

Data security and confidentiality is a foundational component of CJARS. Agency partners can only trust us with their data if we treat it at least as carefully as they do. And although many records in CJARS are considered legally public, all are treated equally sensitively as Personally Identifiable Information (PII) data. This page outlines the technical specifications in place to ensure a secure computing environment.

Need-to-know access by CJARS staff

To protect and safeguard sensitive PII, the CJARS research group performs work on their Secure Data Enclave (SDE) via an encrypted Remote Desktop Protocol (RDP) that requires two-factor authentication. The SDE is a fully encrypted, dedicated physical server hosted on a private network by the University of Michigan (U-M) Institute for Social Research (ISR) and managed by the Survey Research Center’s (SRC) Computing and Multimedia Technologies (CMT) department within the ISR. In effect, the SDE is isolated from the greater ISR networks by a dedicated hardware firewall. This highly segmented network provides additional layers of security for ISR systems. The table below details security and hardware specifications of the CJARS SDE server.

Secure Data Enclave specifications

Data Center
  • Housed within 24x7x365 climate-controlled data center
  • Data center access protected by two-factor locked doors
  • Limited access to IT system administrators and authorized personnel with security badge
Surveillance
  • 24x7x365 environmental condition monitoring
  • 24x7x365 motion-sensitive cameras that send pictures to designated personnel when triggered
Visitation
  • Escorted at all times by ISR employee
Power
  • 2x APC Smart-UPS 3000 to withstand brief outages
Identity and Access
  • System authentication and authorization managed by Microsoft Active Directory (AD)
  • Sign Acceptable Use Policy and complete annual security awareness training to gain authorization via RDP connection
  • Multifactor authentication via Duo Security for RDP connection
Auditing and Accountability
  • Network access monitored by automated intrusion detection system (IDS)
  • Data transfers into or out of SDE reviewed by the project PI or their direct delegate and logged using log correlation system
  • Audited system logins
Firewall
  • Externally-facing services located behind border firewall to allow access to specific hosts and services
  • Internally-facing services separated by another firewall with a limited set of exception rules
  • Administrative access to network devices limited to encrypted protocols
  • Ingress and egress filtering to prevent unauthorized data exfiltration
Encryption
  • Windows BitLocker full-disk encryption using 256-bit AES key
Procedure
  • Daily backups via enterprise-level disk-to-disk backup system
  • Full monthly backups written to encrypted tapes and stored in a locked, fire-resistant safe at a remote storage facility
Data Redundancy
  • Daily hard copy backups encrypted and replicated between two physical buildings separated by two city blocks
Media Protection
  • Transported in locked containers and attended by trained staff
  • Physically destroyed under staff supervision when no longer required
Processor
  • 3x Intel Xeon E5-2643 v3 Quad-Core CPU Processor 3.40 GHz
Number of Processors
  • 12 (3x Quad-Core CPU)
Operating System
  • Microsoft Windows NT 6.2 Server
System Type
  • 64-bit Operating System, x64-based processor
System Memory (RAM)
  • 256 GB
Hard Drive Capacity
  • 2 TB
Hypervisor
  • Windows Hyper-V Host Server (4 virtual servers for data management and analysis)
Project Management
  • Trac Wiki System
  • Git Version Control