University of Wisconsin-Madison Develops Google Cloud Platform Service for Public Health Research
The University of Wisconsin-Madison has a vision for helping its researchers find and use a wide array of tools for their discovery process. A cloud team within the central IT unit helps the university stay on the cutting edge, by enabling researchers to use new modes of computation and visualization. As a member of the RHEDcloud consortium, the UW-Madison team identifies practical ways to address regulated data and government compliance within higher education. UW-Madison partnered with Burwood Group to implement the university’s first public cloud environment with security controls for working with sensitive public health data.
Establishing A Partnership
As experienced Google Cloud users, UW-Madison was ready to take the lead in the Google and RHEDcloud Consortium initiative. Their goal was to develop and document a secure framework capable of hosting sensitive workloads. Because the UW-Madison team was already managing a heavy project workload, Google recommended a partnership with Burwood Group. After a small number of meetings to establish the scope of work, the project began in earnest during the Fall of 2020 and was completed in the Spring of 2021.
Establishing Security Controls to Meet Compliance Standards
The UW-Madison team wanted to implement automated security controls required by the federal government for Protected Health Information (PHI). These controls are needed to address physical, network, and process security to ensure compliance to standards when storing, sharing, and processing information in the public cloud.
Burwood contributed project management and technical expertise to the effort. Their project guidance helped keep everyone focused on the design and implementation goals outlined in the RHEDcloud initiative and the project on track. Their technical savvy ensured the small team was equipped with processes and skills to sustain and build upon the new platform after the engagement concluded.
“Burwood Group kept everyone on track and managed timelines and deliverables. Their skillset in DevOps practices and automation processes enhanced our GCP architecture and enabled our internal teams to move quickly.”
Steps to Success: Permissions, Visibility, and Automation
To learn more, watch the video: Improve your security posture with Security Command Center
Mapping Google Cloud data control and user permission settings to established campus data classifications and risk levels.
As a team, UW-Madison and Burwood made design decisions quickly and built upon the existing security framework used to administer the campus-wide identity management system. The University’s experience using Google’s security controls to secure access to files created with Google Workspace tools, such as Google Docs and Google Sheets, was augmented by Burwood’s DevOps knowledge to make provisioning research environments streamlined and efficient.
Deploying Google Cloud’s Security Command Center technology to monitor network activity and set up intrusion detection systems.
Burwood’s understanding of best practices for network monitoring helped the University team integrate Security Command Center with the existing campus security incident and event monitoring system. This allowed the campus Security Operations Center to be a single point of control for all UW Google Cloud assets and the ability to ensure ongoing compliance.
Streamlining the University’s Google Cloud operations by baking security controls into automated processes.
Burwood shared effective ways to design Terraform scripts, including template creation for four existing use cases. Together, they built a control framework based on a highly compliant Google Cloud infrastructure stack, and established a mature CI/CD pipeline for development and deployment. As a result, each new workload the Wisconsin team spins up, whether on-premises or in the cloud, is inherently secure and auditable, and requires much less overhead to maintain or decommission.
Documenting the project results for the University’s use and for sharing their method of implementing Google Cloud with the RHEDcloud Consortium.
In addition to creating guidelines and documentation at each project milestone for the development team, Burwood helped author security platform reference documents which will become part of the RHEDcloud body of knowledge.
The Result: Enabling Advanced Research Needs
Across the country, many higher education institutions are seeing the potential of research in the cloud. From training researchers in the technology, to identifying and defeating misconceptions about cloud use cases: the potential is vast and still largely untapped.
“Data storage needs predicted to “experience a compound annual growth rate (CAGR) of 23% over the 2020-2025 forecast period.””
When a UW-Madison researcher approaches the IT team with a use case idea, the university cloud team can now confidently enable them with the tools and processes they need to get started in Google Cloud.
At UW-Madison, the university team’s awareness of important trends in computing, data analysis, and research technologies led them to establish UW-Madison’s public health research platform. Creating the infrastructure was the first of many steps in a long journey.
Today, the UW-Madison team can confidently fulfill research requests. When a researcher approaches their team with a use case in mind, the cloud team helps them get started: from spinning up projects, educating them on the platform capabilities, and more. And thanks to all of the work they’ve put into setting up security controls and guardrails in the cloud environment, compliance standards are being met. All research data is being stored, shared, and processed securely.
Impacting Researcher Outcomes
For UW-Madison and research institutions across the U.S., the case for leveraging the cloud in research is growing. Google Cloud’s capabilities for research data sets include:
Near-limitless computing resources for processing and storing data
Speeding up analysis time from days to minutes, leveraging in- platform automation and working seamlessly across data sets
Customizing access control requirements, enabling individuals with varying permission needs to collaborate productively
When coupled with the ability to create strong security guardrails, the cloud can transform research productivity and processes: leading to improved outcomes for public health research and beyond.
Burwood Group Expertise
Defining Key Terms
What is RHEDcloud?
RHEDcloud is a consortium of universities, cloud providers, and security vendors. Members collaborate on their shared goal: designing and implementing better security, automation, and integration for cloud computing. The RHEDcloud Project helps solve common problems by collaborating to:
• Identify security risks, controls, and countermeasures to meet compliance requirements
• Provide common implementation frameworks for security controls and countermeasures for multiple cloud platforms
• Implement common interfaces and automation required to integrate cloud platforms with on-premises security, network, and identity management infrastructure
Learn more at rhedcloud.org.
What is the Google Cloud Security Command Center?
Security Command Center is Google Cloud’s centralized risk management platform. When enabled, it will:
• Give you centralized visibility and control for your projects and resources
• Help you discover misconfigurations and vulnerabilities
• Report on and maintain compliance
• Detect threats targeting your Google Cloud assets