Skip to content

HiPerGator-RV Security Overview

Security for Research By Design

HiPerGator-RV was developed out of a partnership between the University of Florida and Tera Insights. The result is a data storage and analysis environment that meets the security and compliance needs of an educational research institution.

HiPerGator-RV currently meets NIST 800-53 compliance standards and will be assessed for CMMC level 2 compliance in 2026. It operates independently of all other UF computing and network infrastructure and has multiple built-in security layers.

Public-Private Key Encryption

All data in HiPerGator-RV, as well as access to VMs, groups, drives and more, is managed using encryption keys.

When a user creates their HiPerGator-RV account, a public/private key pair is created. The private key is downloaded to the user's computer and remains in their possession at all times.

Danger

This private key file is your sole mechanism for accessing HiPerGator-RV. If you lose the key or forget the password, it is very difficult to log back into the system!

In many cases, deleting the user's account and creating a new one is the easiest option. Any data owned only by that user is irrevocably lost. Sharing data with appropriate team members can mitigate this possibility.

Within HiPerGator-RV, all data is encrypted. The encryption keys for the files, drives, etc. are then encrypted with the owner's public key. When the owner tries to access a file, their private key is used to decrypt the file's encryption key and the file can be decrypted. A drawing showing Data and Encrypted data with arrows indicating that a public key can be used to encrypt the data, while the private key can be used to decrypt the data

If a user shares a file, drive, etc. with another user, the owner's private key is used to decrypt the file's encryption key. Then, the encryption key is re-encrypted using the owner's public key and the public keys of the people with whom the file is being shared. Now, all individuals with access can decrypt the file's encryption key and access the file.

It is important to note a few things:

  • System administrators cannot decrypt files that are not shared with them. Since their private keys were not used in encrypting the encryption keys for files, they have no ability to decrypt the files.
  • System administrators cannot give access to a file. Only someone able to decrypt the encryption key can do that.
  • Everything, including files, VMs, drives, and groups, uses this encryption standard. Without explicit access being granted, encryption prevents anyone, including administrators, from accessing sensitive information.

Warning

It is important to ensure that critical data be shared with other users with an appropriate need to access the files.

If a team member leaves and is the sole owner of a file or drive, it is not possible to share the file or drive with a PI or anyone else. The data are essentially lost.

Note

All activity in HiPerGator-RV is logged for auditing and compliance. Users should expect that their activity is monitored.

Violating terms of Technology Control Plans or other user agreements can have severe consequences.

Report any data mismanagement immediately to your supervisor and the UF Privacy office. Privacy incidents or complaints can be reported to the UF Privacy Compliance Office by sending a completed Privacy Report Form to privacy@ufl.edu or calling 352-294-8720.

Account Creation and Key Best Practices

  1. When creating your HiPerGator-RV account, use a strong password.
  2. Store your password in a secure location, such as a password manager. If you lose your password, we cannot reset it. Getting access can take two weeks, and it is often easier to delete your account and all data owned only by your user.
  3. Save your key file in multiple places, including UF-provided cloud storage environments.
  4. Report any data mismanagement immediately to your supervisor and the UF Privacy office. Privacy incidents or complaints can be reported to the UF Privacy Compliance Office by sending a completed Privacy Report Form to privacy@ufl.edu or calling 352-294-8720.

Key Escrow Policy

In most cases, user keys are escrowed--a copy is securely stored on our servers.

The escrow process is primarily intended for complying with court-ordered access to data, and recovering a key is a complex and time-consuming process. Users must not rely on the escrowed copy of a key as a backup.