Utrecht University speeds up the opening up of research services via SURFconext

Thorough control

Like any university, the University of Utrecht (UU) processes large amounts of data. The IT staff and chief information security officer (CISO) therefore bear a great responsibility. They have to ensure that their staff and students only use the right systems. Where their data is properly secured, proper agreements on data ownership have been made, and so on.

The university uses SURFconext to allow UU staff to log in to many services. If researchers want to use a new service, the university first subjects it to a proper and thorough check. Only then does the SURFconext manager open up the service to UUs.

Workarounds

However, the procedure for assessing research services was unnecessarily burdensome and time-consuming, says Ton Smeele. He works at UU in the IT department supporting researchers. "That's what bothered my researchers. As a result, they were often unable to log into new systems with their UU account, or only after a long time." Ultimately, that didn't improve security either. "By then, they often adopted another solution, with additional 'local' accounts. Or with 0 appointments or logging in with personal social accounts. Understandable, because as a researcher you want to get going and you don't want to waste time. In the end, those workarounds are more expensive and less secure."

Appointments

"If those 3 questions are answered yes, I know enough and I open the system to log in with UU accounts. And if necessary, together with Ton, I restrict access to the system so that only the people who should be able to access it can, for example with SURFconext Authorisation Rules (pdf). I assume Ton knows who the contact person for the research project is and that there are agreements about security, ownership of data and classification. The latter means that the CISO is consulted if more than the agreed basic attributes are exchanged or sensitive data is processed." Saporito also forwards each request to the CISO, so that he knows which services are being linked and can decide whether to do additional checks.

Division of responsibilities

The CISO is very satisfied with the arrangements made and researchers can now often log in to research services quickly with their UU account. Saporito: "In my opinion, with all this we have a nice division of responsibilities, we avoid duplicating each other's checks and sitting in each other's chair, and risks are sufficiently covered."

Even easier access via Research Access Management

We aim to help researchers in particular get an even better solution to the problem outlined in this article: SURF Research Access Management (formerly Science Collaboration Zone (SCZ). This is a protected environment to which many specific research services do link. SURFconext manager Saporito is very enthusiastic: "We only need to link with Research Access Management, so researchers have access to all linked services? Super! As long as SURF monitors a number of basic issues, and Ton with us ensures the right agreements around data security and ownership, our researchers can get to work safely even faster!"

Working on your own

Do you recognise these challenges?

• You can already limit access to services via SURFconext to small groups of users, making the step to open up a service smaller.
• SURF Research Access Management will be available as a service in the second quarter of 2020. Read more about SURF Research Access Management.
• Of course, you can also implement the 'accelerated UU procedure' at your institution. Want to know more? Email Roberto Saprito's at j.j.saporito@uu.nl.
• Need help with other (SURFconext) questions? Email our product manager Arnout Terpstra at arnout.terpstra@surf.nl.

Meanwhile, Roberto Saporito has transferred his SURFconext role to Daan de Vries.