Research Data in the Cloud Era, and How to Stay Compliant

Art Miller

As a large research institution, the University of Arkansas works with data that is subject to laws and regulations such as the International Traffic in Arms Regulations (ITAR), and Export Administration Regulations (EAR). These laws restrict the transfer and storage of research data.

What some researchers may not be aware of is that faculty/staff UARK email is now hosted in the Office 365 cloud. Because of this subtle-but-important change, research data could potentially be stored outside the United States on an Office 365 server. While services like Google Drive and Office 365 are wonderful collaboration tools, they are not considered secure for transferring data regulated by ITAR and EAR.

What should researchers do if they have questions about the security of regulated data? Contact the Export Control Compliance Office at canditam@uark.edu, 479-575-5054. If IT finds such sensitive research data, they will migrate that person's mailbox to a secure, on-campus email server.

Meanwhile, IT Services is investigating ITAR-compliant solutions with Microsoft in the Office 365 cloud environment. 

"If you don't know, we will help," said chief information security officer Don Faulkner. "This is an area we are enthusiastic about pursuing to help researchers navigate these waters."

Researchers can contact the IT Services security team at security@uark.edu, or 479-575-2905.