Example 1: Single researcher with data use agreement

Many research projects involve work on data that has been given under a data use agreement (DUA) from an external organization by an Institutional Review Board (IRB) agreement. The data is then deposited into the ResVault environment by a data custodian in the form of one or more files in the vault. The files can be organized in a hierarchy of directories.

The data custodian can then share the data with the researcher who will do the work with the data. The user now has authorized access to the data.

The user creates an encrypted drive to hold the data for analysis within a virtual machine.

The user defines a VM of the appropriate type with the required software for the work and selects to attach the encrypted drive to the VM. This VM setup is then remembered by the system, so that a simply click will start the VM. The user will connect to the VM by the mechanism specified by ResVault. Different VMs have different mechanisms, including RDP, web page, or console. This can be done in one session or multiple session spanning several weeks of work.

Once the VM is running, the user can use the transfer window to move data between MyVault and the encrypted drives on the running VM. Note that data can only be moved in and out of an encrypted drive when it is mounted on a running VM.

As needed the user can make backup copies of result files by copying them from the encrypted drive to the vault. Files in the vault are replicated to another disk storage device and backed up to tape, fully encrypted, once per day.

When the work is complete the researcher can share the results in the vault, with the data custodian or whomever needs the results and delete the encrypted drives. Results can also be downloaded to the local computer, though the research is required to acknowledge that they assume liability for properly managing restricted data and all downloads are logged.

The data custodian can then revoke the sharing access to the data. All the sharing and copying activities are logged with the unique public key as identifier for audit purposes. There is no way for the data custodian to verify that the encrypted drives have been deleted or that an extra copy of the data was not taken out of the encrypted drive into the Vault in a different folder.

The workflow is very similar to sharing data in special folders created on a file server and working on the data with a virtual desktop session as far as the actions needed from the researcher and the data custodian. Because of the high degree of confidentiality and strong separation of data and work paths the process inside the ResVault environment significantly reduces the risk of unauthorized data access and disclosure.