All G.E.M.S data are encrypted in flight and at rest. Whether data is transferred over SSL, SCP or Globus Transfer all data into and out of the G.E.M.S platform is encrypted. Within the platform data is stored on encrypted storage systems.
G.E.M.S does not store user credentials, preferring to allow a user’s home institution to manage user authentication. This is accomplished with Globus Auth. Where a users’ institution is not currently supported by Globus, users can create their own Globus ID account for use with G.E.M.S.
The G.E.M.S model allows data owners to keep their data where they want. Use G.E.M.S to identify public or private data to which access has been granted then pull it into a secure location with data that has not been shared with the G.E.M.S community for private analysis. Data registered on a local G.E.M.S federated node is also protected in that it is not required to be moved. Only when a user with access to the data requests that it be copied to another node for analysis will the data physically be transferred from one location to another.