Effective Cybersecurity for Research
The tension between cybersecurity and researchers has long hampered attempts to secure research. It is also why institutional cybersecurity efforts in academia have been confined to the most sensitive research. The status quo has persisted for other reasons as well, for instance the complexity of the research environment, but latest developments in the regulatory and cyber threat landscape are quickly changing the status quo. Funding requirements scoped beyond individual awards and newly evolving threats are pointing to a future where securing research holistically is no longer optional. This paper describes an approach to cybersecurity for research that is showing great promise in breaking the security versus research impasse. A product of years of effort at Indiana University, it focuses exclusively on the researcher and the research mission, reduces the cybersecurity and compliance burden on the researcher, and aims to secure all research. It has been stress tested on campus, with success evidenced by researchers embracing it voluntarily and research being accelerated measurably.