COVASHARE is appropriate for de-identified PII, FERPA, business confidential, and other types of de-identified sensitive data. COVASHARE cannot be used to process highly-restricted data such as CUI, FISMA, and PCI data.
COVASHARE does not have its own user identity store but instead relies upon authentication via Old Dominion University’s MONARCH identity management system.
All members of a project have equal access to the data storage for that project.
COVASHARE environments have no outbound connectivity to the Internet other than approved library and tool repositories (PyPi, CPAN, CRAN, etc.). Connections to tools such as GitHub and external APIs are not allowed.
All connectivity to COVASHARE environments is encrypted using SSL over HTTPS.
Data transfers in/out via the Globus DTN meet FIPS 140-2 compliance.
COVASHARE environments cannot have any access to other environments. Environments run within isolated Kubernetes pods and their network connectivity is isolated and encrypted.
Private Environment URLs
When you request an COVASHARE environment, a unique HTTPS endpoint is created for you and can only be used by you. For example:
These environments cannot be shared.
All user interactions with COVASHARE are logged including account creation, approval, project creation, changes in group membership, the creation of/changes to environments, and file uploads/downloads using a browser or the Globus DTN.
Access to COVASHARE is restricted to computers that are sufficiently updated and meet minimum security requirements.