Can I use Snellius to work with sensitive data?
Snellius is a secure system that is ISO 27001 certified. But the system allows users a high degree of technical freedom that introduces risks for potential errors. Users can change the access permissions of every file or directory that they own.
Users logged into Snellius can also initiate connections from Snellius nodes to external systems of their choice (e.g. to transfer data in and/or out of the system, to checkout application licenses, sources for applications to build on the system, etc.).
By default, we therefore do not recommend using Snellius for working with sensitive data.
When you do want to work with sensitive data on Snellius, we recommend the following steps to reduce these risks:
- Carefully manage permissions on your home directory and project space, especially on the top level.
- At all times keep your authentication credentials to yourself and use only two-factor authentication, when logging in.
- Ensure that the third-party tools and programs you plan to use are certified.
- Only establish connections with external systems for which you have well-grounded reasons to trust them.
- Keep your data encrypted at rest.
- Only use nodes in exclusive mode.
- When you are done using the system, remove your data.
In case you intend to process sensitive data (such as Special categories of Personal Data) on Snellius, you and/ or your institution are required and responsible for taking additional measures to adequately secure the data.
For structurally working with sensitive data, we also provide the option to build a permanent secure enclave on Snellius, against an additional fee.
For more information on this option, contact clusteronderzoek@surf.nl