Information security is a complex and vital element of maintaining any information system. There are issues that threaten information security and they are generally associated with the areas of systems security, data integrity, and regulatory and legal considerations. Vulnerabilities in web applications, internal processes, and authentication account for most threats to an organization’s information assets. These threats need to be constantly addressed and vulnerabilities continuously remediated.
The Texas Digital Library (TDL) actively addresses the need to ensure the accuracy, integrity, authenticity, and permanence of the digital content that it manages, as well as the security of the services and platforms that it provides. The TDL ensures the security of its Dataverse instance as follows:
A. System Security
The TDL systems and services are hosted with Amazon Web Service (AWS), which provides cloud security services and support (https://aws.amazon.com/security/) to include:
- Secure Network Architecture – segmentation and firewalls throughout;
- Secure Access Points – API endpoints allowing HTTPS access;
- Encryption – connections encrypted by SSL;
- Network Monitoring and Protection – against DDoS and MITM attacks, IP spoofing, etc.; and
- Identity Management and Authentication – secure log-in via password and SSH key pair.
Additionally, the TDL updates its Operating Systems (OS) quarterly at a minimum, and immediately when important security patches are made available.
B. Data Integrity
The TDL has an official backup strategy in which TDL retains:
- the copy of the data residing on the production server, which is an Amazon S3 volume;
- nightly snapshots that can be used to restore the entire service to a particular date within the preceding month;
- and one snapshot from each month, retained for one year.
Backups are stored in Amazon Elastic Block Store (EBS) snapshots, which is replicated storage with regular systematic data integrity checks.
Also, the TDL ensures the accurate migration and/or transfer of data between storage spaces, servers, and systems whenever such may become necessary.
C. Regulatory and Legal Considerations
The TDL requires Texas Data Repository contributors to remove, replace, or redact identifying confidential or sensitive information from datasets prior to upload. The Texas Data Repository will not serve this function and takes no responsibility for the inadvertent release of restricted and protected data. Users should contact the TDL and alert them to any data placed into TDL storage and/or infrastructure that requires FERPA, HIPAA, or other federal privacy standards. The TDL can offer dark storage options outside of the Texas Data Repository service for such instances.
The Texas Data Repository complies with Texas Administrative Code (TAC) 206.70 as set forth in the University of Texas Web Accessibility Policy (http://www.utexas.edu/cio/policies/web-accessibility).
Texas Digital Library Data Security Policy, April 2015, https://tdl.org/wp-content/uploads/downloads/2015/04/Texas-Digital-Library-Data-Security-Policy.pdf
Texas Digital Library Data Management Talking Points, November 2013, http://tdl.org/wp-content/uploads/downloads/2013/11/datamgmt-talking-points-11.19.2013.pdf
University of Texas Web Accessibility Policy, 23 March 2015, http://www.utexas.edu/cio/policies/web-accessibility
Amazon AWS Cloud Security, website, https://aws.amazon.com/security/
Amazon AWS Identity and Access Management (IAM), website, https://aws.amazon.com/iam/
Amazon Web Services: Overview of Security Processes, August 2015, https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf
Digital Preservation Coalition: Information Security, website, http://www.dpconline.org/advice/preservationhandbook/technical-solutions-and-tools/information-security