LUSEC reduces the risk of data breaches and spying

By sara [dot] liedholm [at] med [dot] lu [dot] se (Sara Liedholm) - published 26 September 2023

Eye of a person looking out through a hole in a wall. Photo.

By using the faculty's data storage and handling platform, LUSEC, you reduce the risk of data breaches and espionage that can have catastrophic consequences.

The service is offered at cost.
"The more people who use LUSEC, the cheaper it will be for everyone," says Lars Nilsson, IT engineer at the Division for Support for Research and Learning.

Why are you now charging for LUSEC?
"LUSEC was originally intended to be subject to a fee, but it is only now that we have established a functioning billing process.

How is LUSEC more secure than other storage platforms?
Lars Nilsson says that LUSEC is more secure than all other storage and user platforms because:

all management of the users in LUSEC and their respective access permissions to one or more LUSEC projects are strictly controlled by how the users are registered in LUCAT, via clear and traceable processes, where managers within each respective LUSEC project approve (or reject) the requested access permissions at an individual level.
all data is encrypted according to leading industry standards, both in the active storage and in the separate tape backup included in LUSEC
multi-factor login is required to sign in to and use various features of LUSEC
Data entry into and export from a LUSEC project can only be performed by those who have permissions to do so
all events that occur within a LUSEC project are logged
it is possible to determine at a fine-granular level, with selective permissions, exactly which users should be able to access exactly certain data within a LUSEC project
all technical infrastructure within LUSEC is fully owned by Lund University, and all infrastructure is only located on the university's premises
the working model on which LUSEC is based means that from a client computer you only remotely control your data received to or created in LUSEC and perform analyses and other work on this data, using the software installed in LUSEC, within a strictly encapsulated entity, a LUSEC project, which is only accessible to the designated project members.
"Storing and using sensitive personal data in such a way that you violate the General Data Protection Regulation / GDPR, for example by storing and processing such data in any of the cloud services that exist today can have expensive and negative legal consequences. According to Lund University, none of these are approved for the storage and handling of sensitive personal data."

What risks do you take if you choose an external service after all?
"We risk incorrect research results, delays in research and teaching. We also risk violations of personal integrity and penalties due to violations of, for example, the General Data Protection Regulation. Research can lose funding and collaborations, and the university can have a damaged trust," says Lars Nilson.

"If you handle strategically or patent-sensitive data in a service other than LUSEC, there is a great risk that you will be exposed to espionage and data breaches, which can lead to unimaginable consequences.

Lars Nilsson, IT engineer.

About LUSEC on Intramed

About LUSEC

LUSEC is a platform for storing, processing and analysing research data that requires extra high security. LUSEC is financed based on a cost model where LDC's (part of the university's IT support) services and costs for, for example, system components and software licenses are shared between the users of LUSEC. The cost charged to each research group is proportional to the number of registered users within each LUSEC project.

See Intramed for more information about LUSEC