AWS Community Day CPH - Three problems of Terraform
161129 tryggve-at niasc-biobanks
1. NEIC TRYGGVE – NORDIC SERVICES FOR SENSITIVE
DATA
Antti Pursula, antti.pursula@csc.fi
https://wiki.neic.no/tryggve
2. USE OF HUMAN DATA
IN BIOMEDICAL RESEARCH HAS GREAT POTENTIAL
PERSONALIZED MEDICINE
CURE OF DISEASES
IMPROVED LIFE QUALITY
Data is collected by:
Biobanks
Research institutes
Large genome studies
Register organizations,
Hospitals,
Personal health apps, etc.
Society benefits when
these data collections
are made available
for research!
3. PROTECT PRIVACY OF THE INDIVIDUAL
Research use of health data requires:
Data protection
Secure data transfer
Secure analysis environments
Ethical considerations
Effective legislation
CHALLENGE IS TO PREVENT NON-AUTHORIZED USE OF DATA
WHILE UTILIZING THE DATA FOR THE BENEFIT OF SOCIETY AND INDIVIDUALS
Health and well-being data on
humans is sensitive, personal
data that needs to be protected,
even after de-identification
4. NEED FOR SECURE IT SERVICES
THAT CAN IMPLEMENT THE NECESSARY
PRECONDITIONS
ELIXIR Nodes in Finland,
Denmark, Norway and Sweden
have teamed up to develop and
scale up services for sensitive
research data, within the
NORDIC TRYGGVE PROJECT
5. TRYGGVE PROJECT
COLLABORATION FOR SENSITIVE BIOMEDICAL DATA
Project aims to strengthen biomedical
research by facilitating use of sensitive
data in cross-border projects
Partners and funders are NeIC and ELIXIR
Nodes in Denmark, Finland, Norway and
Sweden
3-year project with volume of ca. 100 PMs
/year (ends in Oct 2017)
Project will build on strong existing
capacities and resources in Nordic
countries
6. PRAGMATIC APPROACH
Implement solutions that support
various use cases and varying local
terms and conditions
MOBILITY
Enhancing cross-border mobility of:
data, users and analysis pipelines
ACCESSIBLE
Services for sensitive data should be
accessible to users across Nordics
regardless of their location
TRYGGVE TARGETS
IN A NUTSHELL
7. SECURE COMPUTING
AND DATA ENVIRONMENTS
Tryggve service development relies on
secure computing and data environments
at ELIXIR Nodes at the participating
countries
TSD 2.0 service at USIT
Mosler service at NBIS
ePouta secure cloud at CSC
Computerome at DTU
SECURE CLOUD
Infrastructure for data and computing
(ePouta, Computerome)
SECURE REMOTE DESKTOP
backed up with computing resources
(TSD, Mosler, Computerome)
8. 8
SECURE SYSTEMS IN TRYGGVE
Secure systems available through Nordic Tryggve project:
• TSD 2.0 service at USIT, Norway
– PaaS, accessible through remote desktop
• Mosler service at BILS, Sweden
– PaaS, accessible through remote desktop
• ePouta IaaS at CSC, Finland
– IaaS, secure cloud infrastructure connected securely to customer’s
system
• Computerome at DTU, Denmark
– Iaas / PaaS, both access through remote desktop and connected to
customer’s system
• All provide secured area for research projects, isolated both from
external networks and from other users of the systems
9. SECURE SYSTEMS
THE USER STAYS IN CONTROL
TAKING INTO USE EXTERNAL SECURE SERVICE DOES NOT IMPLY
TRANSFERRING THE CONTROL OVER THE DATA TO THE PROVIDER!
Where the data is analyzed or stored and who
has the control over the data are different things
Service providers offer secure environment
for storing and analyzing their data
Data handler contracts define the roles
10. Ability to combine data from several sources and
countries
MOBILITY OF DATA
MOBILITY OF USERS
Ability to use the service best suited for the research
project, regardless if it is in the same country
Ability to deploy the preferred analysis pipeline
on the system being used
Access the same system and
data that collaborators in
another country use
MOBILITY OF ANALYSIS PIPELINES
Pool data from several
countries to achieve larger
sample sizes
Data in several locations but
can not be pooled; run
standardized analyses on all
partial data sets
POSSIBLE USE CASES:
MOBILITY ACROSS BORDERS
11. 11
• Mosler remote desktop connected to CSC ePouta
secure cloud infrastructure:
– No degradation of performance when moving data
between countries
DEMONSTRATION OF THE USE OF SECURE
CLOUD ACROSS BORDERS
12. GETTING STARTED
USING THE TRYGGVE SERVICES
Aimed for Nordic
research teams
Backed by ELIXIR Nodes
and NeIC
CURRENTLY ACTIVE USE CASES
Use of the systems not limited
To Nordic countries!
CALL FOR NEW USE CASES
CONTACT INFORMATION TO SERVICES ON THE TRYGGVE WEB
SITE
Trans-Nordic Gene-
Environment Analyses in
Schizophrenia
Scandinavian Genetics
Collaboration for Olink
Biomarkers
13. CASE EXAMPLE ON TRYGGVE SUPPORT
FOR A USE CASE
PROCESSING SENSITIVE DATA FOR
SCHIZOPHRENIA RESEARCH
More info and interview of Prof. Sullivan at
http://www.inthefieldstories.net/processing-
sensitive-data-for-schizophrenia-research/
Research on the gene-environmental
interaction and causes for
schizophrenia, led by professor
Patrick Sullivan, KI.
Large amount of samples are
available in the Nordic countries.
Secure place to conduct harmonized
analyses is crucial.
Professor Sullivan, with the assistance
of Tryggve security experts, is now
combining data sets from Denmark,
Norway, Sweden and Estonia to
create a joint data set with a total of
6000 cases and 8750 controls.
14. FUTURE VISIONS
FOR A COLLABORATIVE EFFORT
Create Data Platforms that are
internationally interoperable
Support data submission, archiving
and sharing processes
Integrate with secure cloud services for
data processing
Enable sharing of data to third parties
who have the appropriate access
permissions
Creating such data platforms is a collaborative effort between (at least) the
research community, IT infrastructure providers and data collecting
organizations
15. a
INFORMATION COMMONS
AND THE DEVELOPMENTS IN TRYGGVE / CSC
Information commons slide by Joakim Dillner, NIASC
CSC REMS access management
“Local EGA” Secure repository
Secure Gateway module
CSC ePouta secure cloud
infrastructure
16. AUTHORIZATION MANAGEMENT WITH REMS
• REMS provides complete process for managing entitlements
• Demo available at https://remsdemo.csc.fi/
Principal
investigator
Applicant
Research group
Members of the
application
Metadata on
dataset 1&2
Dataset 1
Dataset 2
DAC 1
Approver
DAC 2
Approver
REMS
Workflow
Reports
Entitlements
IdP
IdP
IdP
SP
1. Apply
for access
4. Approve
5. Access
3. Circulate
to approver
2. Commit to
licence terms
17. SUMMARY
TRYGGVE PROVIDES SECURE SERVICES ACROSS BORDERS
A Secure private cloud is an
infrastructure operated solely to provide an
on demand specific use case service
transparent to the end user
Nordic ELIXIR Nodes collaborate to
create a region where all the secure
services are accessible to users
regardless of their location
Pragmatic: mobility of data, mobility of
users, mobility of pipelines
Based on secure data and computing
environments in each participating
country
Cross-border use cases are in
operation
18. CONTACT INFO
18
Project Manager:
Antti Pursula
antti.pursula@csc.fi
Website:https://wiki.neic.no
/Tryggve
Local contact points:
Denmark: Ali Syed (DTU)
alisyed@cbs.dtu.dk
Finland: Antti Pursula (CSC)
antti.pursula@csc.fi
Norway: Francesca Iozzi (UiO)
m.f.iozzi@usit.uio.no
Sweden: Niclas Jareborg (NBIS)
niclas.jareborg@bils.se