Our Commitment to Research
As a research institution, Kean University is committed to providing faculty with the computing resources and flexibility needed to conduct cutting-edge research. We understand that research often requires:
- Installing specialized software and analysis tools
- Configuring systems for specific experiments
- Administrative access to customize computing environments
- Flexibility to adapt quickly to changing research needs
At the same time, we must protect sensitive institutional data and maintain compliance with federal regulations governing research data, including FERPA, HIPAA, IRB requirements, and export controls.
This document explains your options for research computing and how our network security architecture enables both research flexibility and institutional protection.
Table of Contents
- Understanding Our Network Architecture
- Your Research Computing Options
- Comparison: Which Option Is Right For You?
- Personal Devices and Research Work
- How to Get Started
- Frequently Asked Questions
- Real Researcher Scenarios
- Contact Information
Understanding Our Network Architecture
Why Separate Networks for Research and Administration?
Kean operates two distinct network environments to balance security with research flexibility:
Administrative Network
Purpose: Access to systems containing sensitive institutional data
Systems included:
- Colleague (student records and academic data)
- Colleague Finance (financial systems and transactions)
- HR systems (employee personal and payroll information)
- Protected File Repositories (departmental and institutional documents)
- Administrative applications (procurement, facilities, etc.)
Security requirements: Strict controls required to protect FERPA, financial, and personnel data
User access: Standard (non-administrative) to prevent accidental or malicious system changes
Who needs this: All faculty and staff for email, student records, and administrative tasks
Research VLAN (Virtual Local Area Network)
Purpose: Flexible computing environment for research activities
Network access: Internet only—completely isolated from administrative systems
Security approach: Minimum required controls to maximize research flexibility
User access: Principal Investigators can have administrative control of their devices
Who needs this: Faculty conducting research, data analysis, or using specialized software
Why This Separation Matters
Research computing requires flexibility that would create unacceptable security risks on the administrative network:
Research computing needs:
- Installing unvetted third-party software packages and libraries
- Running experimental code and analysis scripts
- Administrative access to configure specialized research environments
- Testing new applications, frameworks, and tools
- Connecting research equipment and instruments
- Running overnight computational jobs
If research computers could access administrative systems, a single compromised research application or misconfigured script could expose:
- 20,000+ student records → FERPA violation, federal penalties, lawsuits
- Employee personal and financial information → Identity theft, privacy violations, institutional liability
- Institutional financial systems → Fraud risk, audit failures, compliance violations
- Proprietary research data from other faculty → IP theft, competitive disadvantage
The Key Insight
Network segmentation is about giving you the freedom to work how you need to while protecting everyone's data, including yours.
When your research computer is on an isolated network:
- You can install whatever software your research requires
- You have administrative access to configure systems your way
- A vulnerability in research software cannot reach institutional systems
- Your research data is protected from administrative network threats
- Compliance auditors can verify appropriate data handling
This approach is a security best practice used by major research universities (MIT, Stanford, Carnegie Mellon), national laboratories (Argonne, Oak Ridge, Lawrence Berkeley), and research institutions nationwide.
Your Research Computing Options
We offer two models to meet different research needs. All provide internet access through the research VLAN while maintaining appropriate security boundaries.
Option 1: Standard Research Computer (IT-Managed)
✓ Best for: Researchers who want a ready-to-use system with full IT support
What You Get:
- University-provided device configured for research work
- Connects to research VLAN for internet access
- Pre-installed with common research software:
- Statistical analysis: SPSS, SAS, R, RStudio
- Programming: Python, Jupyter
- Data management: Excel, Access, specialized databases
- Standard user access (can request software installations through IT)
- Full IT support for hardware, software, and connectivity issues
- Automatic OS updates and security patches
- 4-year replacement cycle
Security & Compliance:
- Endpoint protection (antivirus/anti-malware)
- Application control (approved research software)
- Automatic patching and updates
- Full disk encryption
- Network monitoring
- Asset recovery services (LoJack for laptops)
Support Level: Complete support - IT handles everything from setup to troubleshooting
Option 2: PI-Managed Research Computer
✓ Best for: Researchers needing specialized configurations, custom software environments, or grant-specific requirements
What You Get:
- University-purchased or grant-funded device
- Principal Investigator has full administrative control
- Install any software required for your research without approval
- Configure system settings, drivers, and environments as needed
- Connects to research VLAN for internet access
- IT provides OS support and hardware warranty service
- Hardware replacement/repair through IT
- PI responsible for application support and troubleshooting
Why Choose This Option:
- Need to install specialized or proprietary research software
- Require specific system configurations for experiments
- Grant compliance requires particular software versions
- Working with vendor-supplied research equipment requiring custom drivers
- Conducting AI/ML work requiring specific framework versions
- Need to test or develop software applications
- Collaborating with external researchers requiring specific tools
Security & Compliance:
Required (minimal):
- Endpoint protection (for compliance and asset protection)
- Asset recovery tracking (university property management)
- Application auditing (compliance reporting only)
Optional (PI's choice):
- Additional security software
- Backup solutions
- VPN configurations
- Encryption tools
Support Level:
- Hardware: Full IT support and warranty service
- Operating System: IT provides OS installation, updates, and troubleshooting
- Applications: PI responsible for research software support
- Configuration: PI manages system settings and customization
Comparison: Which Option Is Right For You?
| Category | Administrative Computer | Standard Research Computer (IT-Managed) | PI-Managed Research Computer |
|---|---|---|---|
| Primary Purpose | Access institutional systems, email, student records, administrative work | General research computing with common software | Specialized research requiring custom configurations |
| Network Access | Campus administrative network (Colleague, file shares, HR, finance) | Research VLAN (internet only) | Research VLAN (internet only) |
| Device Ownership | University-owned, IT-managed | University-owned, IT-managed | University or grant-funded, PI-managed |
| Administrator Rights | No (standard user) | No (standard user) | Yes |
| Software Installation | IT approval required | IT approval required (common research tools pre-approved) | PI can install anything |
| Pre-Installed Software | Office 365, Zoom, standard apps | Common research software (SPSS, R, Python, etc.) | Compliance software only |
| Hardware Support | Full IT support | Full IT support | Full IT support |
| Application Support | Full IT support | Full IT support for pre-installed software | PI responsible for research applications |
| Best For | • Email and communication • Student advising and grading • Administrative tasks • Accessing student records • Department business |
• General research and data analysis • Using standard statistical software • Research not requiring custom configs • Faculty wanting full IT support |
• Specialized research software • Custom analysis environments • Grant-funded research • AI/ML experimentation • Software development |
Personal Devices and Research Work
Our Policy on Personal Devices
We understand that researchers sometimes prefer to use personal laptops or home computers for work. However, institutional and regulatory requirements prevent us from supporting personal devices for grant-funded research work.
Why Personal Devices Cannot Be Used for Kean Work
1. Data Security and Compliance
Research work at Kean often involves sensitive data subject to federal regulations:
HIPAA (Health Insurance Portability and Accountability Act):
- Health-related research data
- Penalties range from $100 to $50,000 per violation
- Criminal charges possible for willful violations
IRB (Institutional Review Board) Requirements:
- Research involving human subjects
- Specific data protection and storage requirements
- Institutional liability for violations
Export Control Regulations:
- Research involving controlled technologies
- ITAR (International Traffic in Arms Regulations)
- EAR (Export Administration Regulations)
Grant Requirements:
- NIH, NSF, and other agencies require institutional control over research data
- Specific cybersecurity requirements in grant agreements
- Audit requirements for data handling
Personal devices cannot meet these regulatory requirements because:
- IT cannot verify security baselines or compliance configurations
- No institutional control over device security settings
- Cannot ensure data encryption, backup, or secure deletion
- No asset recovery capability if device is lost or stolen with sensitive data
- Cannot guarantee network security with unmanaged endpoints
2. Legal and Liability Concerns
Ownership and Control Issues:
- University cannot legally support devices it doesn't own or control
- Personal devices remain personal property subject to personal legal processes
- Divorce proceedings, lawsuits, or criminal investigations can expose university data stored on personal devices
- University cannot enforce data retention or destruction policies
Insurance and Warranty:
- University liability insurance doesn't cover personal equipment
- No institutional recourse for data loss or theft
Intellectual Property:
- Research data and materials on personal devices create IP ownership ambiguities
- Grant agencies may question institutional control over research outputs
- Patent and publication issues if work product is on personal devices
3. Technical Support Limitations
IT Cannot Provide Support Because:
- Unknown device configurations and software installations
- No control over security patches or updates
- Cannot guarantee compatibility with university systems
- Cannot ensure data backup and recovery
- Troubleshooting personal devices exposes IT to liability
- Support time for personal devices takes resources from institutional needs
Network Security:
- Unmanaged endpoints create vulnerabilities for all network users
- Cannot verify device is free from malware or compromise
- Cannot enforce network security policies
What We Can Provide Instead
If you need computing resources for research or administrative work, we have options that provide the flexibility you need while meeting institutional requirements:
For General Research:
Request a Standard Research Computer
- Pre-configured with common research software
- Full IT support
- Meets all compliance requirements
For Specialized Research:
Request a PI-Managed Research Computer
- Administrative control
- Install any software you need
- Grant funding can be used
For Grant-Funded Projects:
Include Equipment in Grant Budget
- University equipment purchased with grant funds
- PI maintains control while meeting institutional requirements
- IT provides documentation for grant applications
Support: Contact the Office of Research & Sponsored Programs
For Short-Term Needs:
Loaner Equipment Available
- Short-term laptop checkout for conferences or travel
- Pre-configured for secure remote access
Contact: IT
Special Circumstances
We recognize that research sometimes involves collaboration with external partners or unusual requirements. If you have a specific situation not addressed by our standard
options:
Contact Research Computing for Consultation:
Email: [email protected]
We'll work with you to find a solution that meets your research needs while maintaining institutional compliance.
How to Get Started
Step 1: Determine Your Needs
Use the comparison table and decision guide above to identify which computing option(s) you need.
Remember: Most researchers need BOTH:
- Administrative computer for email, student records, and institutional systems
- Research computer for data analysis, specialized software, and research work
Frequently Asked Questions
General Questions
Q: Why can't I just have admin rights on my administrative computer?
A: Administrative computers access sensitive institutional systems containing student records (FERPA), financial data, and personnel information. Providing administrative rights would allow:
- Installation of unapproved software that could contain malware
- Accidental system changes that break security controls
- Disabling of security software or network monitoring
- Elevation of privilege attacks if the account is compromised
This isn't about trust—it's about defense-in-depth. Even experienced IT professionals use non-admin accounts for daily work on systems with sensitive data. The research computer option gives you the administrative access you need for research work while protecting institutional systems.
Q: Can I use my personal laptop for research work?
A: No. Personal devices cannot connect to Kean networks and cannot be used for university or research work due to:
- Federal compliance requirements (FERPA, HIPAA, IRB)
- Grant agency requirements for institutional control
- Legal and liability concerns
- Inability to verify security compliance
- Lack of asset recovery for sensitive data
We provide research computing options that give you flexibility while meeting these requirements. See the Personal Devices section for details and alternatives.
Q: What if I need specialized software that IT doesn't support?
A: This is exactly what the PI-Managed Research Computer option is designed for. You have full administrative control to install any software your research requires. IT provides hardware and OS support, but you manage your research applications. See Option 2: PI-Managed Research Computer for details.
Q: Can I connect my research computer to the administrative network temporarily?
A: No. The network segmentation is enforced at the network infrastructure level and cannot be bypassed. A computer is either on the administrative network OR the research VLAN, never both. This is by design to maintain security boundaries.
If you need to access both administrative systems and research tools:
- Use your administrative computer for Colleague, email, and student records
- Use your research computer for data analysis and specialized software
- Transfer files between them using approved methods (OneDrive, secure file transfer)
Q: How do I transfer files between my administrative and research computers?
A: Approved methods:
- OneDrive/SharePoint: Best for documents and general files
- Secure File Transfer: For larger datasets (contact IT for access)
- USB drive: For non-sensitive data (encrypted USB required for sensitive data)
Never transfer files containing:
- Student records (FERPA violation)
- Patient data (HIPAA violation)
- Personally identifiable information
- Sensitive research data subject to export control
Contact Research Computing if you need guidance on appropriate data transfer methods for your specific research.
Equipment and Support Questions
Q: Can I use grant funding to purchase a research computer?
A: Yes! Grant funding is commonly used for research computing equipment. The device remains university property but you have full PI management rights. Contact Research Computing before submitting your grant application—we'll provide cost estimates and technical documentation required by funding agencies.
Q: What happens to my research computer when my grant ends?
A:
- Device remains university property
- If no longer needed for research, it can be:
- Transferred to another grant/project
- Returned to IT equipment pool
- Reassigned within your department
- Research data should be migrated to the appropriate storage before returning the device
Q: Can I take my research computer home?
A: Yes, laptops can be used off-campus. Desktop research computers should remain on campus for security and support reasons. Off-campus use considerations:
- Research computers can access the internet from anywhere
- Cannot access Kean administrative systems remotely (by design)
- VPN access available if needed for specific research collaborations
- Ensure physical security of device and data when traveling
Contact Information
Research Computing Team
Email: [email protected]
IT Service Desk
Phone: (908) 737-6000
Portal: helpdesk.kean.edu