IT Partnership Means Better Security for Research Assets
Researchers in higher education often generate and process data that is inherently valuable: intellectual property, corporate information and cutting-edge research in medicine and other fields. This data may be housed in computers set up by research assistants. In many cases, these computers sit in the back of the lab and may not be patched, backed up or monitored.
Each of these factors raises red flags for IT professionals, yet often, research computing exists independently, without substantial oversight or guidance from the IT department.
Understandably, researchers are concerned about getting their work done. Many faculty members work independently and want to maintain control over all aspects of their work. As a researcher myself, I understand the reluctance to “turn over” my data and computers to central IT. However, when any problems occur, researchers will likely turn to IT for support.
Distributed research computers have the potential to cause a large number of problems for an institution, beyond the burden of support. In particular, these computers are targets for cyberattacks. So, how do we bring research computing into the IT infrastructure? The following strategies can help you work with researchers to create an environment that supports their needs, while also providing more stringent security.
Get Faculty Involved in IT Policies
At Iowa State University, as at many other institutions, senior administrators set policies over computing standards and processes. Although many faculty members are willing to follow policies, others tend to look for ways around them. However, if you bring research faculty together with IT staff and involve them in a discussion about how to make their work easier, you will often get more buy-in when it comes to policy.
Often, researchers view central IT as a hindrance to productivity. Recognizing that perception and finding ways to overcome it can be immensely beneficial for researchers and IT alike. When assembling a group of researchers, keep the group small enough for discussion and include representatives of various disciplines.
A researcher should lead the conversation, with the goal of discussing what type of support and services faculty need for research computing. Granted, they may come up with requests that are beyond IT’s scope or budget, but their voice is important.
Address Data Control Issues
One theme that is likely to emerge from such a conversation is control of the data and, to some extent, of the computers. In my experience, every researcher thinks his or her situation is unique. This may be true, but it doesn’t mean IT and faculty can’t collaborate to find solutions capable of meeting everyone’s needs. For example, researchers and their teams often work outside of normal business hours, and they need to be able to operate 24/7. As IT professionals, we know we can provide this service, but as you try to move faculty away from computers in their labs — where they have complete control — to centralized data and computing, they need to know processes are in place to handle any off-hours requirements.
A good first step in this process is to provide centralized storage for research data with local computing. This is especially true with research that is more instrument-based, where computing needs to remain local. I have found that faculty are more reluctant to give up local control of their physical computing environment than of data storage.
Provide the Right Value to Each Stakeholder
The best way to get faculty on board with any plan is to demonstrate the value that it provides to them. Often, the hardest part is to identify which benefit matters most, and that may vary from one researcher to another. Individual instructors might value one or more of the following areas, which IT can highlight to incentivize them to use central IT storage.
Cost: This might be the benefit you think of first, but cost can be a double-edged sword. I encourage you to develop a data storage cost structure that is free for a majority of researchers.
Our experience suggests that when a cost is involved, faculty may be inclined to purchase local storage or use free public cloud storage. You might consider putting a cap on the amount of “free” storage, but I think you will find that only a small number of faculty will abuse the free storage. You may also find faculty members for whom storage cost is not an issue, and you will need to find other incentives.
Backup and Data Recovery: This is a harder value proposition for some faculty to understand. Backup and data recovery are like insurance: The best way to approach this is to ask researchers what data they cannot afford to lose. This can lead to a discussion of how IT can help protect against data loss through centralized storage.
Security: Security is another area where it may be difficult to convince faculty of value, because researchers may equate security with restriction. However, if you frame security in terms of researchers’ concerns, that can clarify the relevant issues and suggest ways for central IT to help.
For example, you might connect security to loss of data and loss of access. Loss of competitive advantage or intellectual property is another concern. Faculty members’ careers are often based on leading-edge research, so the loss of these assets could be detrimental from a professional point of view.
Collaboration: Another incentive for adopting centralized data storage is an enhanced ability to collaborate with other researchers. Although this may seem counter to the notion of protecting intellectual property, faculty often do want to share data and processes with fellow researchers, who are often at a geographical distance. Central IT can help researchers create access to data and provide central storage.
When it comes to computing resources, better coordination between researchers and IT departments is a win-win for everyone involved. In this area, there is always room to improve the relationship as technology solutions and cyberthreats evolve.