Certain data providers require that researchers accessing their data remotely via a VPN can demonstrate compliance with their security requirements. This is in order to ensure that those accessing the data are doing so in a way that does not introduce the risk of compromise and data loss and is entirely at the data providers' discretion. These requirements can vary between data providers but they do have some common points that this article will aim to address.
Common questions asked regarding the VPN are:
- Type of VPN - We use two types of VPN: if you are using a 'Pulse Secure' client you are using the Juniper VPN. If you are using the 'AnyConnect' client, you are using the Cisco VPN.
- Authentication technology used - Both VPNs use Active Directory for authentication.
- Measures are in place to prevent and detect unauthorised access attempts - All authetication and access to the VPN is logged in the University's SIEM system. We are also deploying multifactor authentication technology.
- Measures in place to check compliance of endpoint connecting the VPN - we do not currently check endpoint compliance.
- Confirmation that any security incidents involving user actions, the VPN solution or the home or office PC will be reported to the Data Provider - the User Agreement covers this issue. The University also signs the User Agreement which states that we will inform the Data Provider of any security incidents.
Certain data providers may ask for further technical information regarding th configuration of the device you are using you access the data. Client IT will be able to assist in these cases.