From life sciences to engineering to economics, some of the most powerful applications of machine learning and advanced data analysis lie in research. Yet despite the huge promise of data science and AI for these fields, institutions face increasing risks and operational headwinds that threaten progress. These include new cyber threats and vectors for data loss, increasing regulatory scrutiny and insatiable demand for compute that’s married with rising costs.
Overcoming these challenges while empowering researchers with leading technologies is the most important imperative for research IT today. With funding tight, leaders must make a clear case for action that will support research velocity, data protection, and regulatory compliance. This means articulating to stakeholders the true costs and risks of inertia and offering actionable solutions.
This article will show why Trusted Research Environments are becoming an essential foundation to meet today’s challenges and opportunities.
Almost every organization today is grappling with the pressure to innovate at pace with data and AI, while carefully managing operational, security and compliance risks. This is doubly true for research institutions, where competition is fierce, the use of sensitive data is prevalent, and the value of a breakthrough is potentially huge.
The risk of work being stolen or sabotaged is greater than ever due to intensifying geopolitical rivalries and the proliferation of generative artificial intelligence. AI offers malicious actors unprecedented power to probe defenses, impersonate authorities and code malware at speed and scale. The numbers bear this out, with as many as 97% of higher education establishments in the UK experiencing a cyber-attack in the past three years.
As well as empowering actors to obtain data, technology is also democratizing the means to misuse it. The contents of a database can just as easily be analyzed by AI to create a devastating bioweapon as it can a lifesaving vaccine. And with quantum computers on the horizon, traditional encryption is no deterrent, as actors can harvest today and unencrypt it in the future.
Just as prevalent as external threats are the risk of data loss by well-intentioned, authorized users. The promise of increased productivity may tempt under-pressure researchers to use unsecure AI tools and hardware. If data isn’t locked-down or if sanctioned tools aren’t adequate, there’s a very real risk of users uploading sensitive files to public models or unprotected personal devices running the likes of OpenClaw.
In short, research worldwide is facing a multitude of digital threats, many of which didn’t even exist five years ago. It’s therefore no surprise that regulators and funding bodies are demanding higher security standards across the board. The consequences of inaction are therefore not limited to stalled progress in individual projects but extend to significant financial penalties and reputational damage that will harm institutional competitiveness.
For example, in Europe, non-compliance with GDPR and the EU AI Act can lead to fines of up to €35 million, while the NIS2 Directive classifies research entities as critical infrastructure and can hold leadership personally liable. In the USA, failing to meet the CMMC framework legally bars institutions from Department of Defense funding. Similarly, violating NIH and HIPAA policies can result in rejected grants, paused clinical trials, and withheld future funding.
Evidently, there is no room for insecure architecture or lax data protection standards in research today. Nevertheless, across reviews and incident post‑mortems, the same failure modes recur:
To overcome these pitfalls, research IT leaders need to provide a technical foundation that engenders trust and empowers researchers. The most practical way to do this is to bring the researchers to the data, in a controlled environment that meets both research and compliance requirements.
Trusted Research Environments (TRE) are the gold standard approach, recommended in a 2022 review of UK health infrastructure. They provide researchers with secure access to sensitive data while restricting data movement and proving governance. In practice, a modern TRE brings three core components together:
When built upon a well architected and configured cloud landing zone (e.g. AWS Secure Research Environment) a TRE helps overcome many of the prominent risks organizations face today:
Importantly, these controls are provided in a user-friendly environment that can handle large datasets and that provide key data services including machine learning and advanced analytics. Rather than acting as a handbrake on research, a well implemented TRE can therefore improve researcher experience and research outcomes.
It’s now an imperative for IT leaders to protect the research that powers progress while enabling compliant sharing and reuse. A well implemented TRE turns security from a blocker into an accelerator: researchers move faster; funders gain confidence; and leaders sleep better because controls are enforceable and provable.
SoftwareOne approaches Trusted Research Environments with a three phased approach:To learn more about creating secure and competitive IT foundations for world-class research, download our latest guide “Trusted Cloud, Empowered Research”, or get in touch to speak to our experts.
Give researchers the tools they need without compromising on security, compliance, or control. Get the essential guide to Trusted Research Environments.
Give researchers the tools they need without compromising on security, compliance, or control. Get the essential guide to Trusted Research Environments.
