This is an old revision of the document!
Some cluster users may have data that is classified as sensitive (e.g. data from dbGaP). Extra care should be taken with this data to prevent unauthorized access.
Specific security requirements for your data may vary depending on the source of the data. The cluster does satisfy some of the standard requirements…
The cluster may not conform to some best practices…
One way in which sensitive data can be protected is by only storing it on encrypted disk volumes. Currently, of the cluster disk volumes, only /home1, /home6, and /scratch are encrypted by default (i.e. all the data is encrypted before being written to disk and decrypted when read). (This is also known as encryption “at rest”.) This encryption protects against the server being stolen, or being improperly disposed of (with the disks and data intact) at some point in the future. The backup volumes to which the data on /home1 and /home6 are copied are also encrypted.
If you have a project that includes the use of sensitive data please talk to the system administrators to see whether you should store that data on /home1, /home6, or have your entire home directory moved to /home6.
The /scratch volume is not backed up, but is encrypted.
If you have sensitive data you should ensure that your home directory, or the directories containing the sensitive data are not world readable.