Irene Kopaliani, PhD, C|CISO, CISSP, CISM, CISA, CDPSE, CCSP, Research Computing Cloud Architect, Princeton University
CybersecurityInformation Technology

Inside the Citadel: Lessons from Princeton’s Secure Research Infrastructure

cxomagazine
By Irene Kopaliani, PhD, C|CISO, CISSP, CISM, CISA, CDPSE, CCSP, Research Computing Cloud Architect, Princeton University
How Princeton Turned Compliance into Innovation: Building a State-of-the-Art Secure Research Environment

Across academia, data is the new crown jewel and the latest target.

According to Check Point Research, the education and research sector now endures an average of 3,574 cyberattacks per organization every week, the highest volume of any industry worldwide. Attack frequency has surged more than 75 percent year over year, surpassing even healthcare and military sectors in both volume and persistence (Check Point, 2024).

For Universities managing federally regulated research, data governed by frameworks such as FISMA, HIPAA, and CUI, the stakes could not be higher. Yet, researchers expect openness, collaboration, and High-Performance Computing (HPC). Traditional perimeter defenses and compliance checklists are no longer sufficient; security must now be engineered into the very architecture of research computing itself.

At Princeton University, these forces converged into a single challenge: how to build a system that could meet federal cybersecurity standards without slowing innovation. The answer became Citadel, a secure research environment that redefined what compliance can mean when approached as a catalyst rather than a constraint.

Building the Foundation

Created in 2019, Princeton’s Citadel was built to address the growing institutional need to protect sensitive and federally regulated research data. The original environment operated as a contained system of virtualized servers designed to enforce isolation, encryption, and access control. Tera Insights’ tiCrypt served as the cornerstone of this architecture, enabling Princeton to apply zero-trust principles well before they became common in research computing.

As the volume of federally regulated research increased, more projects required Citadel’s protections to meet sponsor and compliance obligations. At the same time, computational demands grew, projects expanded to multi-terabyte scale and increasingly relied on GPU resources to support artificial intelligence, machine learning, and data modeling.

Through every iteration, the guiding principle has remained clear: security and science should not exist in tension, they should evolve together.

As research becomes more data-intensive and federally regulated, Citadel offers a model for how Universities can integrate security into data processing operations without limiting collaboration or scientific freedom.

Turning Compliance into Capability

Citadel’s design philosophy centers on the idea that regulatory compliance should strengthen research not restrict it. Instead of adding security measures around existing systems, the team built them directly into Citadel’s architecture. Technical, administrative, and physical controls operate together within a unified governance framework. Encryption, isolation, access management, and continuous monitoring are supported by documented procedures, training, and facility safeguards, ensuring protection remains consistent across every layer of operation.

This integrated approach allows researchers to focus on discovery rather than cybersecurity management. They can analyze data, build models, and collaborate across institutions, knowing that compliance happens automatically in the background.

A key element of this model is the separation of duties, which protects privacy and research independence. System administrators maintain infrastructure but cannot access project data, while research groups retain full control of their data. This keeps sensitive information private by design, eliminating the need for technical staff to appear on Institutional Review Board (IRB) protocols or Data Use Agreements. Researchers manage their own data within approved governance boundaries, while technical teams ensure the environment remains secure and stable.

In short, Citadel reverses a familiar paradigm: instead of granting more access to solve technical problems, it limits access to preserve privacy and trust.

Compliance as Capability, Not a Constraint

Citadel treats compliance as a design feature, not an external mandate. Every control, policy, and safeguard is built to enhance usability, accountability, and trust. Security measures are integrated alongside research workflows, allowing compliance to support scientific progress rather than interrupt it.

Audit and verification are part of Citadel’s normal operations. Activity logs, documentation, and training records provide continuous evidence that controls function as intended. This reduces administrative overhead and ensures the environment is always ready for review. By embedding compliance into daily workflows, Citadel maintains transparency and privacy simultaneously, supporting accountability without hindering research.

Challenges and Lessons Learned

Building and operating Citadel surfaced a number of challenges that shaped its evolution.

1. Software Compatibility in an Airgapped System
Because Citadel is fully isolated from the internet, applications that require online license validation or “call home” functionality cannot operate within the environment. This occasionally limits tool availability and requires alternative licensing arrangements or internal hosting solutions.

2. Cultural Adoption and Training Requirements
Citadel’s onboarding method was first met with resistance from researchers accustomed to working in open HPC environments. The mandatory one- to three-hour training, annual refreshers, and signed Rules of Behavior felt cumbersome. Over time, these requirements proved valuable, reinforcing a culture of accountability and demonstrating a serious institutional commitment to protecting data, an expectation of modern research sponsors.

3. Limited Staffing
Unlike peer institutions that dedicate large teams to secure research environments, Citadel operates with roughly half a full-time position. A small group of security-minded members within Research Computing maintains the system, relying on automation and disciplined prioritization to keep operations and compliance on track.

4. Implementing Separation of Duties
Introducing strict separation of duties challenged long-standing habits. Administrators have previously assisted in moving research data, necessitating inclusion on Data Use Agreements or IRB processes. Citadel shifted that responsibility to research teams, keeping administrators out of data workflows and preserving privacy by design.

5. Resource Limitations and Growth
Citadel reached capacity three times before the current expansion. To accommodate the increasing demand and recognize that secure research infrastructure needs to expand with the aspirations of the researchers it supports, a smart investment in a ten-node HPC cluster was made.

Each of these challenges contributed to Citadel’s maturity, reinforcing that a secure research infrastructure is not just a technical endeavor but an ongoing institutional commitment.

The Road Ahead

Citadel demonstrates that security and innovation are not competing priorities; they are interdependent. The environment’s evolution into a high-performance computing cluster reflects a growing recognition that compliance, governance, and computational capability can advance in tandem.

 This trajectory mirrors a broader shift across higher education and industry alike. IBM’s 2024 Threat Intelligence Index notes that education remains one of the most targeted sectors worldwide, while EDUCAUSE identifies cybersecurity and privacy as top institutional priorities for universities. Together, these findings underscore the urgency of building research environments where protection is not an afterthought but a foundational design principle.

As research becomes more data-intensive and federally regulated, Citadel offers a model for how Universities can integrate security into data processing operations without limiting collaboration or scientific freedom. The lesson is clear: when compliance is built into the foundation, it becomes a catalyst for discovery, not a constraint on it.

Reference
Check Point Research. The 8 Things You Should Know About Cyber Attacks on the Education Sector and How to Prevent Them. Check Point Software Technologies, 2024.
https://blog.checkpoint.com/company-and-culture/the-8-things-you-should-know-about-cyber-attacks-on-the-education-sector-and-how-to-prevent-them
IBM Security. X-Force Threat Intelligence Index 2024. IBM Corporation, 2024.
https://www.ibm.com/reports/threat-intelligence
EDUCAUSE. Cybersecurity and Privacy in Higher Education: 2024 Top IT Issues. EDUCAUSE Review, 2024.
https://er.educause.edu/articles/2023/10/2024-top-it-issues