Security zones¶
Depending upon your project and the data being accessed, SPACe can offer projects with different levels of security. For projects which exist in the standard and protected zones, you will most likely work within a shared VM. These VMs have fixed system-wide software, but users can install their own packages and tools within their user space. For more information, see:
For the Linux-based private zone, each project will exist on it's own, unique VM. This allows project owners the option to request the ability to install software on the VM system-wide. The VM will be placed in the standard zone whilst the project owner installs the required software before the VM is moved to the private zone.
Warning
The level of security becomes fixed after any data has been moved on the VM.
| Standard | Protected | Private | |
|---|---|---|---|
| Access to the internet |  |
Limited by Allowlist 1 |  |
| Install packages | |
Limited by Allowlist 1 | |
| Install system software | |
|
|
1 For more information, see "Allow list for virtual machines in the protected zone."
Which Zone to Use¶
The Workbench sits in the Edinburgh International Data Facility (EIDF). This meets a range of security requirements, these requirements can be provided on request. The Workbench is accessed through organisational VPNs and multi-factor authorisation, with each project having unique usernames and passwords.
All projects are isolated from each other, and all data added to a project is encrypted in transit. And when projects have been completed data sanitisation and disposal processes are used to remove them from the Workbench ensuring that the data has been deleted.
Each project can sit in one of three zones: Standard, Protected, and Private. The following provides a description of each zone. It is up to each project to determine which zone to use for their project based on the information governance of the projects lead organisation. The following provides information to help with this decision.
Standard zone¶
The standard zone is open to the internet and all project users can transfer data in or out of projects in this zone. It therefore provides open access to use open data or similar data and it provides the ability to trial using the Workbench, or use it for training purposes.
Protected zone¶
The protected zone can only connect to a limited number of websites mainly to allow software package downloads. You can restrict who can or cannot add data to this zone. It should allow a wide range of data to be used though do check with the lead organisations data protection team to confirm. It is expected that this zone will be the zone most used by projects.
Private zone¶
The private zone is disconnected from the internet and data can only be transferred in or out of the Workbench via a controlled pathway. This zone is therefore similar to the National Safe Haven and theoretically any kind of data could be used in this zone. But do confirm this with the lead organisations data protection team. This zone enables projects to be sure their data is safe.
Note
For more information on data upload procedures, see "Uploading data".