In continuing with our discussion of security components that are critical to Cloud or On-Premise (Enterprise) applications, Data Security has to be among the top issues for ELN and LIMS systems.
In the ELN market, “data” is information stored in many different formats, from files to databases on many different devices from network servers, personal computers, tablets and smart phones. The intellectual property, findings, raw data, market analytics, and details are typically intended to be kept secret until published. Data could be anything that can be read or otherwise interpreted in human form. Therefore it is critical that your ELN has been designed to ensure that your data, your intellectual property is stored safely, securely, and in a format that allows for uncorrupted retrieval at a future date. Since these systems are compliant, your ELN of choice should be able to provide validation that the data has not been tampered with. .
Data security means different things to different people in the organization. However, most everyone will agree that data security is the practice of keeping data protected from corruption and unauthorized access. When asked what unauthorized access is people typically refer to keeping outsiders from gaining access to sensitive data. This may include encryption, authentication, authorization or firewalls. However, authorized users may inadvertently provide access to sensitive data when trying to collaborate with partners or other investigators. Often the collaboration schema used by application vendors have been added as an after thought and does not provide adequate controls or dashboards. Make sure that your application has the appropriate collaboration controls and approval workflows and provides visibility into who, when, how, and what was done to your data when shared with collaborators.
When evaluating software, consider adding data security as one of the primary features, with sub features that include: encryption, authentication, authorization, collaboration, protection from corruption and validation.
Data Encryption
Encryption has become a critical security feature for thriving networks from SSL, discussed earlier, to full-disk encryption.
“Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted).” Wikipedia
Essentially encryption uses mathematical schemes and algorithms to scramble data into unreadable text.
Full Disk Encryption
Full-disk encryption (FDE) offers some of the best protection available. This technology enables you to encrypt the entire hard disk drive, including every piece of data. However, it may not be practical for an ELN vendor to encrypt a customers hard drive. Full disk encryption is even more powerful when hardware solutions are used in conjunction with software components. This combination is often referred to as end-based or end-point full disk encryption. Although ELN vendors may not be able to enforce FDE when evaluating ELN’s make sure that you consider how the application handles caching of your data on client devices. Is your data stored in “clear text” on your iPad or favorite tablet? When you check out a document, is it stored temporarily on your laptop or desktop in plaintext or is it encrypted?
Strong User Authentication
Authentication is another part of data security that we encounter with everyday computer usage. The sign-on process is a form authentication that allows you to log into applications, files, folders and even an entire computer system. Once logged in, you have various privileges until logged out. Some systems will cancel a session if your machine has been idle for a certain amount of time, requiring that you provide authentication once again to re-enter. When score carding ELNs, make sure to include session timeout timers, what type of authentication is supported, password rules and admin control. If you environment requires multiple factors of authentication, include them in the score card. Multi-factor authentication may include a password, one-time session token, application token, smart card, biometrics fingerprint scan among others.
Backup Solutions
Data security wouldn’t be complete without a robust solution to backup your critical information. In addition to performing databased backups ensure that the chosen solutions has export formats including support for XML. Next week we will cover backup and export/import and APIs in more detail.