top of page

Research Security Reimagined - A Better Way to Address Cybersecurity, Privacy, and Ethics Across Disciplines

  • Writer: Ash Bassili
    Ash Bassili
  • May 7
  • 5 min read

Updated: Jun 4

As we deliver our Research Data Management (RDM) services to higher education institutions and researchers, we have a front-row seat to the many challenges of securing research data. These challenges also include facilitating global and inter-disciplinary collaboration and ensuring compliance with regulatory standards.


Our experiences have given us unique insights into the cybersecurity, privacy, and compliance issues surrounding research data. These experiences highlight a critical gap: the need for a unified, flexible, and discipline-sensitive Research Security Office framework.


Challenges in Today's Higher Education Research

Today’s higher education research institutions face an increasingly complex landscape. Rising cybersecurity threats, stricter data privacy laws, and institutional research ethics board expectations shape this landscape. There are also growing concerns about intellectual property protection, foreign interference, along with governance from funding bodies. Yet, many institutions still approach these challenges in a fragmented way. They treat cybersecurity, research ethics, export controls, and privacy compliance separately.


The Importance of Holistic Solutions

There is a better way. Institutions must find holistic solutions that address these issues comprehensively. Fragmented approaches often lead to gaps in compliance and security. By integrating these different aspects into a single framework, institutions can enhance their overall research integrity.


The Evolving Research Risk Landscape

The risks facing research projects today are not hypothetical — they are real, urgent, and global:

  • Regulatory Standards and Privacy Frameworks: Laws like GDPR, HIPAA, and new national legislation such as NIST 800-171 impose specific controls and obligations on how research data is collected, stored, and shared.

  • Ethical Requirements: The responsible conduct of research now extends beyond human subject research to include animal research and explains the importance of AI development, genomics, and Indigenous research.

  • Export Controls and Foreign Interference Risks: Researchers must navigate complex regulatory environments when collaborating internationally, especially regarding restrictions on collaboration partners and data sharing.

  • Cyber Threats: Foreign actors target research data, intellectual property, and national security-related projects. These threats are accelerating, making effective cybersecurity measures more critical than ever.


Despite this complexity, these concerns are often addressed in a siloed manner. Cybersecurity is handled by IT, ethics issues are managed by institutional ethics review boards, and export control considerations are addressed by research legal services.


A Flexible Research Security Framework Is Required

We have come to understand that higher education research institutions need a new kind of Research Security Office (RSO). One that can address core, non-negotiable protections and also adapt flexibly to the specialized needs of different research disciplines.


Our proposed RSO Framework consists of two main components:


  1. Every research project, regardless of domain, must comply with fundamental security, privacy, ethical, and export control principles.

  2. Research discipline-specific requirements should be modular, triggered only when necessary, thus avoiding unnecessary burden.


5 Core Components for All Research Projects

Every research project should address these five core components:


  1. Cybersecurity: Protecting the confidentiality, integrity, and availability of research data and systems (aligned with SOC2 Type II, NIST SP 800-171, ISO 27001).

  2. Privacy and Data Protection: Ensuring compliance with GDPR, HIPAA, PIPEDA, OCAP®, and other privacy regulations depending on jurisdiction.

  3. Research Ethics Compliance: Upholding ethical standards set out in frameworks like TCPS2 (Canada) and the Belmont Report (US).

  4. Export Controls and Sanctions Compliance: Preventing unauthorized transfers of sensitive research or technology under national export laws.

  5. Research Integrity and Responsible Conduct: Promoting transparency, accountability, and trust in research.


These foundational components create the backbone of an adaptable and trusted research enterprise.

ree

As this blog is being written, there are efforts underway in many jurisdictions that continue to evolve many of these components of the framework. 

A recent example is the EOSC, European Open Science Cloud FIDELIS initiative to identify Trusted Digital Repositories (TDRs) which has scheduled their first webinar for May 13th of this year. 

This is not unique and will certainly require researchers in the EU to fully consider the implications of their recommendations.

RSO Must Be Tailored to Accommodate Different Disciplines

Specialized research areas demand additional attention. For example:

  • Healthcare Research must align with HIPAA, PHIPA, 21 CFR Part 11, and Good Clinical Practice guidelines.

  • Engineering and Technology Research often triggers export control regimes such as ITAR and EAR.

  • Artificial Intelligence Research raises questions of algorithmic fairness, bias, and transparency under frameworks like the OECD AI Principles.

  • Indigenous Research necessitates adherence to data sovereignty frameworks like OCAP® and the CARE Principles.

Rather than forcing all researchers into a one-size-fits-all model, our proposed framework applies these discipline-specific modules or capabilities only when needed. This ensures both compliance and efficiency.



Building the Modern Research Security Office

One significant challenge we have encountered as a commercial RDM platform is the fragmentation of accountability for research data security and compliance. Our experience has led us to propose that a contemporary and efficient Research Security Office, built on a flexible framework, would combine:

  • A Research Security Officer leading the overall program.

  • A Privacy Officer managing data protection and privacy impact assessments.

  • A Research Ethics Advisor supporting compliance with ethics boards.

  • An Export Controls Specialist conducting due diligence on partnerships and technology.

  • A Cybersecurity Liaison working closely with institutional IT security teams.

  • Discipline-Specific Pools of subject matter experts available for specialized projects.


This proposed structure allows institutions to remain agile. It can scale expertise up or down based on the research portfolio, project complexity, risk profiles, and specific research teams, methodologies, and data management plans.


ree

Why This Approach Matters

In our analysis, success hinges on building systems that are proactive, integrated, user-centered, repeatable, and administratively lightweight.


A flexible Research Security Office framework will:

  • Reduce risk: Preventing data breaches, compliance violations, and reputational damage.

  • Simplify compliance: Offering clear, navigable paths for researchers consistent with institutional protocols, without unnecessary bureaucracy.

  • Strengthen trust: Reassuring private sector and government funders, partners, and the public that research is conducted ethically and securely.

  • Future-proof research: Enabling institutions to adapt as threats evolve and new regulatory frameworks emerge.

Ultimately, protecting the integrity and security of research is not just a compliance exercise — it is an investment in the credibility, innovation, and global leadership of the research institution itself.


The recent introduction of the NIST 800-171 standard in the US that went into effect on January 25th of this year is a good example of the need for the RSO to dynamically adapt to various jurisdictional regulatory requirements in the context of the anticipated collaboration for each research project.

A Call to Action

We see the Flexible Research Security Office framework as a critical next step for modern research management.

The future of research security requires flexibility and adaptability to new technologies and standards. We need to move away from fragmentation.

We invite our colleagues in higher education, research funding agencies, and innovation ecosystems to collaborate. Together, we can build Research Security Offices that are resilient, agile, and adaptable for every discipline, project, and researcher.


Interested in learning more or collaborating?

Contact us to explore how we can help you design or strengthen your Research Security Office and Research Data Management (RDM) protocols.

ree

Downloadable Template - 

myLaminin RSO Checklist: Building Your Flexible Research Security Office

Download our checklist, created by myLaminin, which summarizes the core components and discipline-specific considerations needed to establish a resilient, flexible Research Security Office that supports security, compliance, and ethical research across disciplines. 


__________________________________


ree

Ash Bassili (article author) is the CEO of myLaminin, a secure research data management platform for academia using blockchain and web3 technologies, who brings a rich 30-year global experience base in emerging technology delivery. Ash has a BSc Hons Life Sciences from Queen’s University, a MSc in Information Technology from Johns Hopkins University, and a Certificate in Blockchain Technologies from MIT Sloan School of Management.

Image by Andrew Neel
bottom of page