[Discussion]: DESIGN PRINCIPLE: Apply only necessary controls

sa-tre / satre-specification

Standard Architecture for Trusted Research Environments specification

https://satre-specification.readthedocs.io

Creative Commons Attribution 4.0 International

18 stars 8 forks source link

[Discussion]: DESIGN PRINCIPLE: Apply only necessary controls #176

Open jemrobinson opened 1 year ago

jemrobinson commented 1 year ago

Summary

Propose a principle around applying only the security controls that are necessary for each project.

Source

Rewording of existing SATRE principle

Detail

In order to make the work done in a TRE as productive as possible and to promote open science and collaboration, the technical and policy controls need to be appropriate to the work being carried out. Part of doing this involves reducing the sensitivity of the data to minimum level needed for each project. Another way that a TRE can support this principle is through defining different security configurations, each of which is appropriate for a different tier of sensitive project. New projects can then be assigned to one of these pre-defined tiers.

Intended Output

No response

Who can help

No response

machintim commented 1 year ago

I think this is a good principle. As part of the rationale some reference to de-risking data thereby allowing fewer controls and promoting open science and collaboration. At UCL we have a pretty binary system where sensitive data is inside, under all controls non-sensitive is outside and considered out of scope of the TRE. Not ideal for collaboration.

harisood commented 1 year ago

Adding possible implications

Rationale

In order to make the work done in a TRE as productive as possible and to promote open science and collaboration, the technical and policy controls need to be appropriate to the work being carried out. Part of doing this involves reducing the sensitivity of the data to the minimum level needed for each project. Another way that a TRE can support this principle is through defining different security configurations, each of which is appropriate for a different tier of sensitive project. New projects can then be assigned to one of these pre-defined tiers.

Implications

TREs will need to have a robust decision making process to determine different levels of sensitivity for research projects
Data curation and preparation will need to be an explicit step within the project pipeline, before any work is carried out

harisood commented 1 year ago

As this principle wasn't discussed in the Collab Cafe, and haven't seen any further convos since, should it be dropped as a principle?

manics commented 1 year ago

I support dropping it, it's not clear to me how this differs from usability

JimMadge commented 1 year ago

I support dropping it, it's not clear to me how this differs from usability

Agreed. I think there is a lot of overlap with usability.

The idea "as safe as necessary, as convenient/flexible as possible" can be a key part of the usability principle.