Security
Stanford is committed to protecting the privacy of its students, alumni, faculty, and staff, as well as protecting the confidentiality, integrity, and availability of information important to the University's mission.
Data Classification
The University provides a simple categorization of data risk levels to clarify the safeguards needed when working with data of different types. The University has developed minimum security standards for servers that are used for each of these types of data. Presently, the risk categorizations can be summarized as follows:
| Risk Type | Simplified Description | Example |
|---|---|---|
| Low | Public data | SEC Filings |
| Moderate | Private data | Stanford-licensed dataset |
| High | Protected data | Medical insurance claims |
It is your responsibility as a researcher to be a responsible steward of your data. If you're ever unsure the risk categorization of your data, please contact us to discuss how to best achieve your research goals while being mindful of data security.
The Yen Servers Are Not Approved for High Risk Data.
The Yen cluster is approved for use with Low and Moderate risk data. Other Stanford systems, such as Nero and Carina are designed for High Risk Data.
If you choose to use your own independent system (e.g., your own machine in the cloud), you are responsible for correctly managing any secure data and credentials necessary.
Yen Cluster
The Yen servers are approved to handle Moderate and Low Risk data. They are currently stored in a secure, centrally-managed data center on the Stanford Historical Campus. Consistent with minimum security standards, the Yen servers have the following security features:
- Required Single-Sign On with Multi Factor Authentication
- Centralized logging
- Patching and vulnerability scans
While the Yen servers do protect data from unauthorized access, there are no mechanisms in place to control the export of data.
Contractual Requirements
If you are using licensed data, the storage, processing, sharing and publication of this data may be limited by agreement with the data provider. It is your responsibility to understand the limitations of use for your data, particularly in consideration of:
- collaborations outside of the GSB
- copying data to a new environment
- merging restricted data with other datasets
- leaving the GSB
If you have any questions or concerns about use of your restricted data, please contact us to discuss your specific situation.
Managing Collaborators
On the Yens, a shared project space is provisioned for each new project and has a faculty owner, as well as collaborators who can access the shared space. Each project space is assigned a project space workgroup (gsb-rc:[faculty-SUNet]-[projectname]).
Adding (and removing) users to your shared project space is self-service and can be managed as described here. For GSB faculty members, adding collaborators external to the GSB to your workgroup also grants those people access to the Yens.
Note that it is your responsibility to ensure the correct researchers are listed in your project workgroup, that they have the appropriate role (Member or Administrator, discussed here), and that they have taken the necessary steps to use any data in your project.
Information Security
No matter how secure our research computing servers are, if your own computer is compromised, it compromises the security of our environment.
Protect Your Personal Machine
Stanford's Information Security Office has a full site to help protect your data and devices.