Blogs & News

Home Blogs & News

SATRE: Standardised Architecture for Trusted Research Environments – Computing Technology

This is the third in a series of five blogs, assessing the Aridhia DRE, our enterprise TRE, against the SATRE specification. The first blog provided an overview of the SATRE specification, and discussed the importance of open specifications for Trusted Research Environments. The second blog scored the DRE against the SATRE Information Governance specification. This blog evaluates the DRE against the SATRE Computing Technology and Information Security specification.

Computing Technology and Information Security in the Aridhia DRE

An introductory video showcasing Aridhia TRE Workspaces

Overall Score 119/122

The Computing Technology and Information Security section of SATRE covers both the software and infrastructure requirements for a trusted research environment.

We scored the Aridhia DRE at 119 from a possible 122, because:

  • • Aridhia DRE Workspaces provides a secure compute environment with inbound and outbound airlock review and approval processes.
  • Data cannot be copied out of a workspace to a local desktop: data can only leave the workspace via an approved and audited airlock request.
  • • The workspaces come with a Postgres database, over twenty bioinformatics analysis modules, RStudio and Jupyter Notebook built-in – without the need to use a virtual machine.
  • • Virtual machines receive security updates routinely, as does the supporting TRE infrastructure.

See below for more detail on how the DRE scores against each item in the SATRE Information Governance Specification.

(Note on scoring – where a field has been marked as NA, it is not counted as part of the total possible score for that section.)

SATRE 2.1 – End user computing

Score 33/36

Aridhia DRE Workspaces provides users with secure research spaces that are segregated by project. Where possible, security updates are applied automatically, and where this is not possible they are applied as part of our regular release process. Workspace users have access to Windows and Linux VMs, and a variety of industry-standard tooling including RStudio and Jupyter Notebook.

Item Statement Importance Score
2.1.1 You must not allow users to copy data out of your TRE via the system clipboard. Mandatory 1
2.1.2 Your TRE workspace should provide an environment familiar to your users. Recommended 2
2.1.3 A TRE could restrict data access from data consumers entirely and provide an interface for submitting code. Optional 2
2.1.4 Your TRE should be accessed via a user interface accessible using commonly available applications. Recommended 2
2.1.5 Your TRE must provide clear guidance on how to use software tools and work with data in the TRE. Mandatory 2
2.1.6 Your TRE should, where possible, automatically apply security related updates for user software. Recommended 2
2.1.7 Your TRE could provide shared services that are accessible to users in the same project. Optional 2
2.1.8 Your TRE must ensure that any shared services are only available to users working on the same project. Mandatory 2
2.1.9 You must mitigate and record any risks introduced by the use in your TRE of software that requires telemetry to function. Mandatory 2
2.1.10 Your TRE must provide software applications that are relevant to working with the data in the TRE. Mandatory 2
2.1.11 Your TRE should provide tools to encourage best-practice in reproducibly analysing data. Recommended 1
2.1.12 Your TRE could provide access to some public software repositories or container registries. Optional 2
2.1.13 Your TRE could tightly control which packages are available. Optional 2
2.1.14 Your TRE must maintain segregation of users and data from different projects when using non-standard compute. Mandatory 2
2.1.15 Your TRE should be able to provide access to high performance computing or other scalable compute resource if required by users. Recommended 2
2.1.16 Your TRE should be able to provide access to accelerators such as GPUs if required by users. Recommended 2
2.1.17 Your TRE could make data available to data consumers using common database systems such as PostgreSQL, MSSQL or MongoDB. Optional 2
2.1.18 Your TRE could integrate with large-scale data analytics tools for working with large datasets. Optional 1

SATRE 2.2 – Infrastructure management

Score 32/32

The Aridhia DRE is deployed as a managed service on Azure Cloud. All software changes are thoroughly tested by our QC team in our dedicated test environment before deployment to production. Our service description provides users with an availability target for the DRE. The DRE infrastructure is regularly monitored to identify, document and resolve misconfigurations and vulnerabilities.

Item Statement Importance Score
2.2.1 You must have a documented procedure for deploying infrastructure. Mandatory 2
2.2.2 You should, where possible, automate any repeatable aspects of your deployment. Recommended 2
2.2.3 You must have a documented procedure for making changes to deployed infrastructure. Mandatory 2
2.2.4 You must test changes before they are used in production. Mandatory 2
2.2.5 You should have a development environment that mirrors your production environment which you use to test infrastructure changes before committing them to production. Recommended 2
2.2.6 You must have a documented procedure for removing infrastructure when it is no longer needed. Mandatory 2
2.2.7 You should understand the availability and uptime guarantees of any providers that you rely on. Recommended 2
2.2.8 You should develop an availability target or statement and share this with your users. Recommended 2
2.2.9 Your TRE must control and manage all of its network infrastructure in order to protect information in systems and applications. Mandatory 2
2.2.10 Your TRE must not allow connectivity between users in different projects, or with access to different datasets. Mandatory 2
2.2.11 Your TRE must block outbound connections to the internet by default. Mandatory 2
2.2.12 You should be able to monitor the network configuration of your TRE to check for misconfigurations and vulnerabilities. Recommended 2
2.2.13 You should regularly monitor the network configuration of your TRE to check for misconfigurations and vulnerabilities. Recommended 2
2.2.14 Your TRE must record usage data. Mandatory 2
2.2.15 Your TRE should record which datasets are accessed, when and by who. Recommended 2
2.2.16 Your TRE should record computational resource usage at the user or aggregate level. Recommended 2

SATRE 2.3 – Capacity management

Score 8/8

Our pricing is fully transparent, with customers aware of the cost of individual workspaces and their associated VMs. Usage cost is monitored on a monthly basis and Azure alerts are in place for forecasted budget breaches.

Item Statement Importance Score
2.3.1 You must ensure that all projects understand what resources are available and what the associated costs will be before the project starts. Mandatory 2
2.3.2 You should ensure that the anticipated needs of projects can be satisfied using available resources. Recommended 2
2.3.3 You must have a procedure for allocating available resources among projects. Mandatory 2
2.3.4 You must ensure that the anticipated resource requirements will not result in overspending by the TRE. Mandatory 2

SATRE 2.4 – Configuration management

Score 10/10

The Aridhia DRE is deployed using DevOps pipelines with associated procedures which are managed and maintained by Aridhia. Our pipelines then update the configuration each week with a new release which contains new features and bug fixes, running a combination of automated and manual smoke tests to verify the release. We use a cloud configuration tool to detect anomalies in configuration and set-up.

Item Statement Importance Score
2.4.1 You must have a documented procedure for configuring infrastructure. Mandatory 2
2.4.2 You should use configuration management tools to automate application of your configuration wherever possible. Recommended 2
2.4.3 You should be able to verify whether the configuration is valid. Recommended 2
2.4.4 You should regularly verify your TRE configuration. Recommended 2
2.4.5 You must be able to replace a non-compliant TRE with a compliant system. Mandatory 2

SATRE 2.5 – Information security

Score 36/36

The Aridhia DRE is secure and resilient. The DRE is subject to two penetration tests carried out by external contractors annually, with further tests arranged for major feature releases, the results of which are shared with our customers. Aridhia runs quarterly incident response exercises to ensure our incident response procedures are fit for purpose. All DRE hubs have rolling 14-day backups in place to ensure recovery in the event of a major incident. These and other operational processes are detailed in our Knowledge Base. Data is encrypted at rest and in transit.

Item Statement Importance Score
2.5.1 You should keep backups of data and research environments, provided that this is permitted by law. Recommended 2
2.5.2 ou should build redundancy into infrastructure and storage. Recommended 2
2.5.3 You should keep backups of infrastructure, applications and configurations. Recommended 2
2.5.4 You must have procedures in place for rapid incident response. Mandatory 2
2.5.5 You should test your incident response through simulation. Recommended 2
2.5.6 You should have an application in place to scan for vulnerabilities across infrastructure. Recommended 2
2.5.7 You must have a process in place for applying security updates to all software that forms part of the TRE infrastructure. Mandatory 2
2.5.8 Infrastructure should be automatically patched for vulnerabilities. Recommended 2
2.5.9 You should carry out penetration tests on your TRE. Recommended 2
2.5.10 You should update the security controls of your TRE based on the results of security tests. Recommended 2
2.5.11 You should publish details of your security testing strategy and, where possible, the results of each test. Recommended 2
2.5.12 Your TRE must encrypt project and user data at rest. Mandatory 2
2.5.13 Your TRE must encrypt data when in transit between the TRE and external networks or computers. Mandatory 2
2.5.14 Your TRE should encrypt data when in transit inside the TRE. Recommended 2
2.5.15 You should use encryption algorithms and software that are widely accepted as secure. Recommended 2
2.5.16 Your TRE should use secure key management. Recommended 2
2.5.17 Your TRE could offer physical protection measures against data leakage or theft via physical means. Optional 2
2.5.18 Your TRE may need to comply with specific regulatory requirements due to the types of data it is hosting. Mandatory 2

Look out for the next blog in this series, where we will be looking at how the DRE measures up against the Data Management specifications.