As research becomes increasingly data-driven, organisations are facing new challenges around managing sensitive datasets, collaboration and secure computing environments.
Trusted Research Environments (TREs) have emerged as a practical way to address these challenges. They allow researchers to analyse sensitive data while maintaining strong governance, security and compliance controls.
In this presentation from XENON at eResearch NZ 2026, Solutions Architect Ron Bosworth explores what TREs are, why organisations build them and how smaller research environments can be implemented in practice.
This article summarises the key ideas from the talk and links to the full video and presentation slides.
Watch the presentation
What is a Trusted Research Environment?
A Trusted Research Environment is a managed computing platform designed to allow researchers to access and analyse sensitive data securely.
Rather than distributing protected datasets across personal systems or unsecured infrastructure, the data remains within a controlled environment where governance and security policies can be enforced.
Core elements of a TRE typically include:
- A controlled user computing environment with appropriate research tools
- User authentication and access control
- Data access controls that restrict how datasets can be accessed or modified
Additional capabilities often improve reliability and governance, including:
- Data lifecycle management
- Reproducible computing environments that allow researchers to recreate analysis workflows if required.
These features make TREs especially valuable in fields working with confidential or regulated datasets, such as health research, public policy analysis and national statistics.
Alternative names and frameworks
Although the term Trusted Research Environment is becoming more common, similar systems are also described as:
- Secure Data Environments
- Secure Research Environments
- Secure Access Environments
One widely referenced approach is the Five Safes Framework, which provides a structured way to manage the risks associated with sensitive data.
The framework evaluates data use across five dimensions:
- Safe projects – ensuring the research purpose is appropriate
- Safe people – ensuring authorised and trained users access the data
- Safe data – protecting sensitive information through anonymisation
- Safe settings – maintaining secure computing environments
- Safe outputs – reviewing results to ensure no sensitive information is disclosed
This framework helps organisations balance research productivity with privacy and compliance requirements.
TRE architectures: learning from cloud platforms
Major cloud providers have published reference architectures for Trusted Research Environments.
These architectures typically include several common components:
- controlled data ingestion pipelines
- mapping of datasets to research projects
- governed computing environments for researchers
- audit and compliance monitoring
Although these examples are designed for large-scale cloud environments, they illustrate the key building blocks required to operate secure research platforms.
Designing a small on-premise TRE
Not every organisation requires a large, cloud-scale research platform.
For smaller environments, a TRE can be implemented with a much simpler architecture.
A typical small-scale TRE might include:
- a secure data source or instrument generating research data
- controlled project storage areas
- a researcher computing environment with approved software
- identity and role-based access control
Virtualisation can also be useful in these environments, allowing computing environments to be snapshotted or rolled back to maintain reproducibility and simplify management.
Even simple designs can significantly improve data security compared with unmanaged workstation-based workflows.
How Trusted Research Environments emerge
Many TRE initiatives begin when researchers encounter new requirements that existing infrastructure cannot support.
Examples include:
- new instruments producing significantly larger datasets
- the need to process sensitive or restricted data
- collaboration with external researchers
- specialised research software that cannot run in standard corporate environments
- compute workloads that exceed the capacity of local workstations.
In some organisations, leadership recognises these requirements early and drives the creation of a formal research platform.
In others, the need emerges organically as research teams try to overcome technical and governance constraints.
Navigating organisational challenges
Implementing a TRE often involves coordinating multiple stakeholders.
Researchers, IT teams, governance groups, project management and finance teams all have different priorities and constraints.
Common questions arise during the process:
- How much data will the research generate?
- What compute infrastructure is required?
- How will external collaboration be managed?
- Do existing IT policies allow specialised research software?
Building a successful TRE often requires aligning these stakeholders around a shared vision and roadmap.
Avoiding the “too hard basket”
Even when a TRE is successfully implemented, long-term sustainability requires planning and ongoing support.
Without dedicated funding, operational ownership and lifecycle management, these environments can quickly become outdated.
Successful TRE initiatives typically plan for:
- ongoing system maintenance
- future compute and storage expansion
- governance and policy updates
- evolving research workflows.
Planning for long-term support ensures the environment can adapt as research requirements evolve.
Building a small TRE in a large organisation
One practical approach is to start with a minimum viable platform.
Rather than attempting to design a fully mature research platform from the outset, organisations can begin with a small system and evolve it through phased improvements.
Key steps often include:
- identifying stakeholders across research, governance and IT
- leveraging existing organisational frameworks where possible
- building a business case for the initiative
- developing a phased implementation roadmap
- defining compute and data governance policies.
This incremental approach allows organisations to demonstrate value early while building support for future investment.
Why data policy matters
Data policy is one of the most important components of a Trusted Research Environment.
Policies help define how data is managed across its lifecycle, including:
- data categories such as raw, intermediate, processed and published data
- compliance obligations for each category
- retention periods and deletion policies
- expected data volumes and growth projections.
These policies support long-term planning for storage capacity and infrastructure expansion.
In practice, the research team often owns the data policy, while IT teams translate it into storage architecture and capacity planning.
Planning for storage and compute growth
TRE platforms must account not only for current workloads but also future research growth.
Capacity planning models can incorporate:
- historical data usage
- projected project growth
- new instruments or data sources
- safety reserves to mitigate estimation errors.
This information feeds into long-term infrastructure planning, ensuring the environment can scale without unexpected disruptions.
Final thoughts
Trusted Research Environments provide a powerful framework for enabling secure research while maintaining governance and compliance.
Although large cloud-scale platforms often dominate discussions about TRE architecture, smaller implementations can deliver many of the same benefits.
By focusing on core elements such as secure computing environments, controlled data access and clear governance policies, organisations can build platforms that support research productivity while protecting sensitive data.
Talk to XENON about research computing infrastructure
If your organisation is planning a secure research platform or expanding an existing HPC environment, XENON can help design infrastructure that balances security, performance and research productivity.
Video courtesy of eResearch NZ.
Explore the full playlist: https://www.youtube.com/playlist?list=PLtNllTa5vfBMH829B0L6j9HvHslLqXLTl
