Blog

Unlocking Grant Funding for R1 and R2 Research Universities

Meeting NIST data security requirements

By Tim Wallace

University-led research has been instrumental for many modern innovations we enjoy today. It’s quite easy for us in IT to recall that the Internet, web browsers, magnetic core memory, Google, numerous programming languages, operating systems, and other computing technologies were conceived or advanced by academic research. Beyond IT, such research has contributed to inventions like the telegraph, television, LCD and plasma screen, LEDs, RSA cryptography, the Geiger counter, rocket fuel, fluoride toothpaste, solar power, Plexiglas, the vaccines for polio and flu shots, laser surgery, mass scale Penicillin production, Gatorade, radar detection and aversion, and STEM cell and AIDs research. Today, university researchers are studying the COVID-19 coronavirus to help in combatting the pandemic. Research extends beyond science and technology to other disciplines such as economics.

For industry and government agency sponsors of research, universities provide expertise, independence, economy, speed and scale in directed research. For universities, active research programs attract respected faculty and staff, contribute to curricula and academic programs, provide student researchers with valuable industry experience, enhance the institution’s reputation, and contribute funding for university programs and facilities.

Regarding funding, this can be significant – amounting to hundreds of thousands to millions of dollars in grants1. In addition to specific requirements related to the field of research, these grants often have other prerequisites to ensure that research data is properly secured and handled. Aside from threats of hackers trying to subvert critical research, these programs often contain sensitive but unclassified data such as personally identifiable details like social security numbers, health data, legal proceedings, or proprietary information. NIST standards 800-532 and 800-1713 govern the protection of Controlled Unclassified Information (CUI)4. Whereas NIST 800-53 is directed to government agencies, NIST 800-171 covers CUI data handling by non-government entities like research universities. Meeting such requirements can complicate grant programs, requiring additional expertise and expense as institutions must ensure that the infrastructure, procedures, auditing and reporting to meet these standards are in place. Some organizations attempt a bespoke, build-from-scratch approach that is difficult to scale and automate, adding time and costs to projects, and requiring expertise beyond the areas of study.

The University of Maryland (UMD) faced such a challenge to prove their research programs would comply with NIST standards and allow their researchers to apply for grants with CUI data. UMD is a R1 research university5, the largest university in the state of Maryland, and the only public major research institution in the Washington, DC metropolitan area. Their reputation and proximity make them an attractive research partner to numerous Federal agencies such as the National Institutes of Health (NIH), Centers for Disease Control (CDC), NASA, and Departments of Homeland Security, Energy, and Defense.

In their due diligence to meet this challenge, they discovered Tera Insights, which itself was spun out of research programs at University of Florida. However, implementing the Tera Insights tiCrypt solution for NIST security compliance atop traditional server, storage, and networking infrastructure still carried with it undue complexity and overhead for the University. Complexity is not only the enemy of security, but also often means additional costs. To create a repeatable, scalable, secure easy-to-manage platform for their research program, they found the combination of Nutanix HCI and tiCrypt to be ideal. Both tiCrypt and the native Nutanix hypervisor, AHV, are based on the Linux KVM, creating an inherent affinity. Built-in security features of Nutanix AOS complemented tiCrypt’s encrypted data and traffic management and auditing. Nutanix brought a high performance, scalable, easy to manage, integrated infrastructure to Tera Insight’s purpose-built data security solution.

By utilizing this approach, UMD was able to create a repeatable architecture that will accelerate standing up other research configurations while eliminating the additional procurement of large SANs for high performance storage, which is often the approach for built-from-scratch research platforms.

In research programs, the intent is to discover something new or to improve and optimize over past methods – through study, trial, and analysis. By applying this technique to their research program itself, UMD has invented a new way of meeting data security requirements, benefiting not only their ability to pursue high-value research grants, but provides a template for peer institutions to do so as well.

For more information on the University of Maryland’s solution, please refer to their case study and the press release on Nutanix.com.  In addition, please look for Jeff McKinney, Director of Engineering IT Operations, A. James Clark School of Engineering, University of Maryland, in his customer spotlight at the upcoming 2020 .Next Digital Experience.

1 https://www.usnews.com/best-graduate-schools/top-medical-schools/most-research-money-rankings

2 https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final

3 https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final

4 https://www.nist.gov/system/files/documents/2018/10/18/cui18oct2018-0930-1030-cui_overview-casey.pdf

5 https://en.wikipedia.org/wiki/Research_I_university

© 2020 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date hereof, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.