This is an old revision of the document!
Some cluster users may have data that is classified as sensitive (e.g. data from dbGaP). Extra care should be taken with this data to prevent unauthorized access.
Specific security requirements for your data may vary depending on the source of the data. The cluster does satisfy some of the standard requirements…
The cluster may not conform to some best practices…
One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home6 is fully encrypted by default (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption “at rest”.) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volume to which the data on /home6 is copied is also encrypted.
If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home6, or have your entire home directory moved to /home6.
If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data are not world readable.