Abstract

Jupyter has become the go-to platform for developing data applications but data and security concerns, especially when dealing with healthcare, have become paramount for many institutions and applications dealing with sensitive information. How then can we continue to enjoy the data analysis and machine learning opportunities provided by Jupyter and the Python ecosystem while guaranteeing auditable compliance with security and privacy concerns? We will describe the architecture and implementation of a cloud based platform based on Jupyter that integrates with Amazon Web Services (AWS) and uses containerized services without exposing the platform to the vulnerabilities present in Kubernetes and JupyterHub. This architecture addresses the HIPAA requirements to ensure both security and privacy of data. The architecture uses an AWS service to provide JSON Web Tokens (JWT) for authentication as well as network control. Furthermore, our architecture enables secure collaboration and sharing of Jupyter notebooks. Even though our platform is focused on Jupyter notebooks and JupyterLab, it also supports R-Studio and bespoke applications that share the same authentication mechanisms. Further, the platform can be extended to other cloud services other than AWS.

Highlights

  • This paper focuses on secure implementation of Jupyter Notebooks and Jupyter Labs in a cloud based platform and on Amazon Web Services (AWS) though many architectures and methods described here are applicable to other cloud platforms

  • We describe how our architecture using AWS Elastic Container Service (ECS) facilitates encryption at-rest and in-transit and integrates an application load balancer (ALB) for authentication

  • In the Applications and Authentication section, we dive into the details of the ALB and how JSON Web Tokens (JWT) facilitate integration with Jupyter and RStudio

Read more

Summary

Introduction

This paper focuses on secure implementation of Jupyter Notebooks and Jupyter Labs in a cloud based platform and on Amazon Web Services (AWS) though many architectures and methods described here are applicable to other cloud platforms. Security regulations can be characterized in terms of authentication (verifying the credentials of users and their access to resources), encryption (data is encrypted at rest and in transit), auditing (providing surveillance of key resources) and vulnerability mitigation (antivirus and security updates). We describe how our architecture using AWS Elastic Container Service (ECS) facilitates encryption at-rest and in-transit and integrates an application load balancer (ALB) for authentication. In the Security and Compliance section, we address the encryption of the underlying cloud architecture, auditing capabilities, and mitigation of vulnerabilities. Our specific implementation satisfies privacy and security concerns and can serve as a starting point to develop customized solutions for related use cases

Background
Cloud Architecture
Container Architecture
Authentication and Applications
Custom Applications
Security and Compliance
Encryption at Rest
Access Control
Other Useful Agents
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call