Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Spinup provides a secure platform for hosting resources with sensitive data, compliant with standards like HIPAA, PHI, and FERPA. This guide highlights the current resources available for sensitive data hosting and key security measures, adaptable to future updates in operating systems and technologies.

Spinup Resources for Sensitive Data Hosting

...

Servers

Spinup offers a range of CIS-hardened server options, regularly updated to include the latest and most secure versions.

...

Databases: Spinup provides dedicated database services, including MySQL, PostgreSQL, and SQL Server, all configured on the secure Amazon RDS platform.

...

Storage: Storage@Yale is available for secure data storage needs.

Creating a Secure Space

When setting up a new space, you'll complete a risk assessment to determine the data hosting capabilities. Accepting the Spinup Security Agreement is essential for spaces classified as moderate or high risk.

Server Security Configurations

All server options are pre-configured with essential security features, including firewalls and multi-factor authentication. The specific configuration details align with the latest security best practices for each server type. Typically, web services are restricted to secure HTTPS connections, usually on port 443, necessitating corresponding firewall settings.

Databases

...

Spinup provides dedicated database services, including MySQL, PostgreSQL, and SQL Server, all configured on the secure Amazon RDS platform. These databases feature at-rest encryption, centralized logging, and support for SSL connections. Access is restricted to servers within the same Spinup space, enhancing data security.

Storage

Storage@Yale is available for secure data storage needs.

Creating a Secure Space

When setting up a new space, you'll complete a risk assessment to determine the data hosting capabilities. You must agree to the Shared Responsibility Agreement for Moderate to High-Risk.

Using a Storage@Yale share on your secure server

You can request and mount a S@Y share on your Spinup secure server .

...

through the Spinup UI

...

. This will open a

...

Service-Now ticket for the Storage team

...

  • In the Configuration section make sure you check "This share will contain High Risk Data"

  • This will force the Permissions Model to "Base"

  • You need to use CIFS protocol to mount the share on Linux (NFS is not supported for secure shares)

. Once you submit the request it will open a ServiceNow ticket that you can track via

...

Service-Now. You should get notified via e-mail once the share is ready (takes about a day).

When the share is ready you can mount it on your

...

server:

Linux:

  • Install cifs-utils

    Code Block
    languagebash
    sudo yum install -y cifs-utils
  • Mount the share using your AD credentials, e.g.

    Code Block
    languagebash
    sudo mount.cifs //storage.yale.edu/home/YXNAT-CC1000-SSPS-AHEF /mnt -v -o vers=3.0,domain=yale,username=netid
Info

To

...

automatically mount the share

...

at boot, add an entry to your /etc/fstab file.

Windows

...

:

  • Attach the share as you would with any regular Windows network share.

...

Note

If using Docker on your Spinup server

...

, you might face network issues connecting to Storage@Yale due to IP conflicts in the 172.18.0.0/16

...

subnet. Check active subnets with ifconfig. To resolve, configure Docker to use a different subnet.