Yottabyte Research Cloud

Key: Permission Levels

  • Permitted
  • Permitted with Information Assurance (IA) Consultation
  • Not Permitted

For IA consultation, please contact the ITS Service Center

You are responsible for ensuring that your use of this service complies with laws, regulations, and policies where applicable. See Compliance below for details.

Permitted

Permitted with IA Consultation

Not Permitted

Service Description 

The Yottabyte Research Cloud provides U-M researchers with high performance, secure, flexible computing environments where they can analyze sensitive data sets. This service is provided through a partnership between U-M Advanced Research Computing and Yottabyte.

Yottabyte Research Cloud hosts these services:

  • Secure Enclave Service (SES)—Linux and Windows Desktops and Servers
  • Data Pipeline Tools (DPT)—Streaming Data
  • Research Database Hosting (RDH)—SQL, NoSQL, and so on
  • Container (Docker) Stack Service (CSS)—Rancher, Kubernetes

Compliance 

Yottabyte Research Cloud provides a secure environment in which to maintain or share many types of the university’s sensitive institutional data. In addition, Yottabyte Research Cloud provides an environment that is compliant with regulations for some types of sensitive regulated data. Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of Yottabyte Research Cloud complies with applicable laws, regulations, and policies.

Before using Yottabyte Research Cloud with any sensitive institutional data, a Declaration of Intent to store and process sensitive data is required during setup.

The U-M Office of Research has approved Yottabyte Research Cloud for the sharing or maintaining of Export Controlled research. You must also maintain your own Export Control-compliant practices and protocols when using Yottabyte Research Cloud.

Yottabyte Research Cloud includes the safeguards required by HIPAA; accordingly, you may use it to maintain Protected Health Information (PHI). To satisfy internal HIPAA requirements, you must declare the intent to store and process PHI at setup. This allows the use of a system template for tracking PHI as required by HIPAA. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in YBRC are responsible for complying with HIPAA safeguards, including:

  • Using and disclosing only the minimum necessary PHI for the intended purpose.
  • Obtaining all required authorizations for using and disclosing PHI.
  • Ensuring that PHI is seen only by those who are authorized to see it.
  • Following any additional steps required by your unit to comply with HIPAA.

Yottabyte Research Cloud includes safeguards required by NIST 800-171 Rev. 1 for Controlled Unclassified Information (CUI). The intent to store and process CUI must be declared at setup so a compliant system template can be applied. Yottabyte Research Cloud can be used to store and process CUI because of external audit and joint processes developed to process CUI information.

While the U-M offering of Yottabyte Research Cloud is secure, it does not comply with some regulatory requirements for specific types of sensitive regulated data. See the list above of which data types are—and are not—permitted for use in Yottabyte Research Cloud at U-M.

Additional Resources