Nordic IT Services forSensitive Research Data

The Nordic Tryggve projectwiki.neic.no/Tryggve

2

Trusted Nordic Infrastructure

Tryggve – collaboration for sensitive biomedical data

3

• Project aims to strengthen Nordic biomedical research by facilitating use of sensitive data in cross-border projects

• Partners and funders are NeIC and ELIXIR Nodes in Denmark, Finland, Norway and Sweden

• Project will build on strong existing capacities and resources in Nordic countries

4

Mission and goals

Tryggve develops services for biomedical researchers on Nordic scale to allow secure, efficient and easy utilization of sensitive data for research

What this means in practice:• Provide secure and efficient analysis environments for

sensitive research data• Support the process for accessing and moving the data• Provide access to Nordic secure systems• Empower Nordic research through use cases• Transfer knowledge within Nordic developers and service

providers

5

Nordic perspective

• Tryggve is a project in NeIC project portfolio– NeIC = Nordic e-Infrastructure Collaboration– Organization that facilitates the development and operation of

high-quality e-infrastructure solutions in areas of joint Nordic interest

– Organizational unit under NordForsk

• Collaboration between NeIC Tryggve and NordForsk funded projects brings added opportunities to support joint Nordic interests. For example– NordForsk funded projects defining use cases for the Tryggve

project.– Tryggve providing access, advice and support on using secure

systems for processing data across borders

6

Tryggve works on 6 themes

1. Technical development2. Interoperability of systems3. Process development4. Legal framework 5. Use cases 6. Communication and outreach

7

1. Technical development

8

1. Technical development

Provide secure computing environment for analysis of sensitive data.

• “Building blocks”– TSD 2.0 service at USIT, Norway– Mosler service at BILS, Sweden– ePouta IaaS at CSC, Finland– Computerome at DTU, Denmark

• All of the above have been launched for users• Variety in the systems involved offers flexibility to handle

different user demands• Legal issues for accessing and/or moving data across

countries under investigation

9

1. Secure systems – Control and ownership of data• Where the data is analyzed or stored; and who has the

control over the data are different things.

• The user stays in control. Service providers offer secure environment for storing and analyzing the data.

• Data handler contract defines the roles.

Taking into use some of the secure systems does not imply transferring the control over, or ownership of the data

10

1. Secure systems – How to access

• The secure systems are available now.• Access through Tryggve use cases, or directly from the

providers• Tryggve use case:

– gives access free-of-charge for limited time (to pilot use the system) AND include support / development activities

– users are from several Nordic countries (“Nordic solution”)– need access to a system in another country

• More information at Tryggve home page wiki.neic.no/tryggve

11

2. Interoperability of systems

12

2. Interoperability of systems

Improve joint use of Nordic secure systems.

• Development supporting interoperability:– Data transfer service – Portable software installations (Dockers and Virtual Machines)– Accessing computing backend across countries– Investigate common authentication and authorization

mechanisms

• Existing tools will be utilized to support interoperability, including:– Tool and Resource Registry at ELIXIR Denmark– REMS authorization management system at ELIXIR Finland

13

2. Interoperability: Portable software installations• Users must be able to bring own software in the secure

systems• Important to be sure that exactly same workflow is

executed at different environments• Service providers have limited resources for installing

software • Solution: Portable easy to deploy software installations• Docker Containers within secure environments are being

tested

14

• Secure file transfer based on secure FTP

• No need to store temporary copies on user’s local computer

• Can be used for moving data between Tryggve systems, or to interface with external repositories

2. Interoperability: Data transfer

15

2. Interoperability: Shared computing resources• Aim: Enable use of secure IaaS resources across Nordics.• Case: Provide computing resources from ePouta (Finland)

for Mosler service (Sweden)

• Mosler offers remote desktop for processing sensitive data, and ePouta offers cloud infrastructure– Connect systems with dedicated network– ePouta provides secure private virtual cluster for Mosler

to utilize

• Proof-of-concept for future cases

16

3. Process development

17

3. Process development

Improve accessibility of services and share best-practices in service operations

• Tasks supporting development of processes:– improving (or harmonizing) customer contract processes– joint code of conduct for managing sensitive data– sharing knowledge on technologies and software components– sharing experiences in IT security and security reviews– interacting with register data holders, biobanks, etc.

18

4. Legal environment

19

4. Legal environment

Assess legal framework relevant for use of sensitive data in research, and provide guidelines to fulfill legal requirements for trans-Nordic studies.

• Activities include:– assessing relevant legislation in Nordic and EU level– analyzing legal requirements and conditions in some of the use

cases – preparing guidelines for researchers on the regulations– looking into specific questions, such as moving data across

countries

20

5. Use cases

21

5. Use cases

Implement and support concrete use cases to facilitate great research and to connect project to actual user demands.

• Tryggve use case is part of a real research project aimed to support the researchers in handling and analysis of sensitive data.– at the same time, development of services in Tryggve is influenced

by the experiences gained from the pilot users / use cases.

• Use cases can be proposed at any time.

• (simple) process for proposing use cases documented at wiki.neic.no/Tryggve#Use_cases

22

What does Tryggve offer for pilot users?

• The proposers of accepted use cases will receive:– Access to secure data processing systems (for a limited time, and

up to a reasonable amount of disk space and computing resources)

– Expert assistance from Tryggve– Possibility for targeted service development to enable the use

case

• All this will be provided free of charge for the use cases– No funding for proposers of accepted use cases is included

• What we expect from researchers involved in a use case– Participation in discussions to specify the users’ needs– Feedback for services

23

5. Use Case proposal form available on web site

More information at https://wiki.neic.no/Tryggve#Use_cases

24

Tryggve and Nordic Biobanks

• Tryggve as a Nordic project can have a role in bridging the gap between researchers and IT services.

• Including further development of the underlying systems.

• Services for Nordic Biobank community could include – efficient and secure processing environment for sensitive data– extending Biobanks own resources – project-based storing and sharing of data– packaging software stack for easier installation– etc.

Use cases defined by Biobanks would be a way forward.

25

Thank you Antti PursulaTryggve Project ManagerNeIC / CSC – IT Center for Science

antti.pursula@csc.fiTwitter: @AnttiPursulaWeb site: wiki.neic.no/TryggveSubscribe to Tryggve monthly newsletter on the web site