COVASHARE is appropriate for de-identified PII, FERPA, business confidential, and other types of de-identified sensitive data. COVASHARE cannot be used to process highly-restricted data such as CUI, FISMA, and PCI data.

Authentication

COVASHARE does not have its own user identity store but instead relies upon authentication via Old Dominion University’s MONARCH identity management system.

Authorization

All members of a project have equal access to the data storage for that project.

Closed Environments

COVASHARE environments have no outbound connectivity to the Internet other than approved library and tool repositories (PyPi, CPAN, CRAN, etc.). Connections to tools such as GitHub and external APIs are not allowed.

Encryption

All connectivity to COVASHARE environments is encrypted using SSL over HTTPS.

Data transfers in/out via the Globus DTN meet FIPS 140-2 compliance.

Isolation

COVASHARE environments cannot have any access to other environments. Environments run within isolated Kubernetes pods and their network connectivity is isolated and encrypted.

Private Environment URLs

When you request an COVASHARE environment, a unique HTTPS endpoint is created for you and can only be used by you. For example:

https://jupyter-notebook-1a2b3c4d5e-mst3k.uvarc.io/

These environments cannot be shared.

Logging

All user interactions with COVASHARE are logged including account creation, approval, project creation, changes in group membership, the creation of/changes to environments, and file uploads/downloads using a browser or the Globus DTN.

Client Posture-Checks

Access to COVASHARE is restricted to computers that are sufficiently updated and meet minimum security requirements.