Central Connecticut State University



Background & Summary FY19The IT division has struggled during the past fiscal year. Prior to the start of this year, various parts of the IT division including the Card Office, Media Services, ITDRC were removed from the core IT division and placed under other executives. Remaining Information Technology members have worked to adjust to this new normal. The “breakup” has created challenges where some tasks which were inter-division became awkwardly orphaned. In addition to the removal of staff and their office tasks, this impacted position redundancy and employee cross training. As an illustrative example, the Director of the Card Office had informally served as one of knowledge workers on cyber security and risk mitigation. This individual holds multiple industry certifications on topics ranging from cyber security, compliance, audit, and disaster recovery. While these duties were outside the core-scope of his position in auxiliary IT services, his skills were an asset to the organization and could be relied on his capacity as a senior IT manager to provide traditional and non-traditional cyber security services. In addition, the separation of media services and ITDRC from the IT division has resulted in an awkward bifurcation of end-user support where calls come into the IT helpdesk but are then re-directed to other units. Survey data shows that this has confused staff and faculty as they were previously used to a single point of technical support.Beyond the personnel shifts, the fiscal position of the Information Technology Division is reactive to consumer IT trends, security incidents, legal requirements, and directives/changes in funding or policy from the CSCU System Office / 3rd parties. From Amazon Echo devices, to Google Chrome boxes, CCSU saw a dramatic increase in the number and type of end user devices connecting to the campus network. The IT department and the university budget are forced to look at two options, slowing down internet service and the number of wireless access points on campus while frustrating students and parents or increasing internet services and the density of access points to keep up with the increasing demand. Finally, this year the university had a large spike in security, litigation holds, and FOI requests. These activities overwhelmed the limited IT staff and became so significant that major university projects went undone or were significantly delayed. This year we also saw attacks where hardware providers (equipment providers) were targeted for exploits in hardware. The university held an increased risk, but suffered no breaches. It is important to note the trend that most devices are now connected to the campus network. This includes door locks, copiers, fax machines, security cameras, televisions. The university cannot put anti-virus on a door lock, we can only be responsive to patching these devices when the attack becomes known.Increasing Deferred Maintenance impacting staffing and productivity.In 2018, the UBPC funded a request desktop / laptop replacement request of 1.7M with approximately $700,000. Based on feedback from UBPC, the hope was that less expensive Chrome boxes could replace some of the desktop and laptop computers. The IBM budget process supports trying new measures in the name of cost-savings. Ultimately, faculty and staff have overwhelming resisted the adoption of Win Terminals given that they are slower and less functional than a full functioning PC or Apple device. A 2018 survey of Students in the dorms, where many computers were replaced with Chrome boxes or Win Terminals, showed overwhelmingly that students are struggling to use these devices to conduct their university required research or homework. Additionally, the survey revealed significant frustration with the state of printers/printing in the residence hall labs.CSCU “Roll-Off or Off Bond” Inherited ExpensesIn many cases, CCSU becomes the fiscal beneficiary of software which is acquired at the System Office. Often this software is purchased with a five-year pre-payment with the understanding that after the initial funding is expended, the end-university will pick up the annual costs. This strategy allows the university to configure, install, and operate the software often achieving the value proposition of the tool, prior to the end campus expenses occurring.This year two major expenses will “roll-off” the CSCU pre-payment. This budget, and future year budgets will continue to grow over the next four years as tools like Blackboard, Kaltura, the Phone System, Ellucian, TouchNet, OnBase, etc. roll off the CSCU initial payment. This year only the phone system and phone maintenance costs will roll-off (approximately $132,000). This system supports the phone sets, local/long distance, call directory, and E-911 and 2,100 physical phone devices.Fiscal 2020 BudgetStrategic Planning & Comparison AnalysisIn 2018/9 the university engaged Gartner, Inc. to assist the university with strategic IT planning. Gartner began this work in October and has been working with the IT department in analyzing its organizational structure, university requests, key services, as well as budget. Working sessions are continuing through January and into February with an expected final output in early March. While the information will be late with regard to this submission deadline of January, 2019, we can use some of the data today to outline broad gaps. The IT department and consultants recognize that prior to FY20 and even FY19, there were different funding sources which provided IT funding. These included student driven “technology fee” dollars, telecom dollars, bond dollars, FF&E dollars relative to building projects, and CHEFA dollars. Many of these dollars have been absorbed into the broad university budget which make year to year comparisons and trends between fiscal years difficult. Rather than try to deconstruct the abandoned funding models, the strategic planning activity has looked at peer services and industry benchmarks to see where funding and staffing models should be.In 2016, the University IT department consisted of 46 staff with three vacancies, the 2018 year saw 28 total IT positions with 10 vacancies. This year, the IT department accounted for 2.6% of the university budget. EDUCAUSE Core Data Services, a higher education focused IT non-profit consortium, identifies that based on our Carnegie class, student and faculty count, the expected IT department size is approximately 51. For comparison, a Gartner, Inc. will also conduct a core budget metric benchmark in their 2019 strategic planning process.The process for strategic planning, which helped inform the development of the budget included campus stakeholders at all levels. Executive management, division heads, department chairs, faculty Senate subcommittees such as ITC and at-large members were invited to participate or help inform the topics. Additionally, the ITC has subcommittees for hardware and software which reviewed, recommended, and approved hardware and software additions to the budget. In total, the IT division “carries” almost $450,000 in “carry costs” or costs from other departments which are held in IT. In addition, the interim CIO has provided monthly and quarterly updates with various key stakeholders across campus to discuss campus challenges, upcoming projects, and long term goals and visions of the campus community. Combined all of these data points as well as regular student, faculty, and staff “feedback surveys” have served to inform the strategic planning process and budget creation.Fiscal Year 2020 Plan & AnalysisWhile the IT department has worked within the parameters of the FY19 budget with the exception of the legal and security requests of the CSCU system office, it recognizes that this year marked a dramatic drop in the efficacy of the division of IT. The IT department was less efficient in its resolution of complex technical issues, major upgrades and patches to environments took a greater amount of time, the amount of in-person follow-up provided by the service desk was significantly less. In addition, it took longer to patch and secure our campus infrastructure and we saw an increase in break/fix of computers associated with not replacing the FY18 requested amount as in-use computers crossed from four or five years old to five or six years old.The IBM process, which this budget reviews, attempts to match costs to defined service levels. Often service levels don’t exist for key IT functions. It is a goal of the strategic planning process in FY20 to further work with stakeholders, providers, and consumers to develop and measure service level metrics to better evaluate the performance of the IT department.With regard to the IBM budget process, the IT Division has attempted to cut all surplus funding out of its budget. In cases we significantly reduced our potential expenses for equipment purchases, data processing supplies, contract office supplies, etc.The Division of Information Technology is requesting evaluation of six programmatic increases in the IT budget which are directly and indirectly aligned to the strategic plan.Priority 1: Creation of Information Security Department within the division of IT[Strategic Goal: academic excellence, increased enrollment, increased revenue]Secondary Goals: Risk mitigation, cyber security, legal compliance, audit compliance, Federal grant compliance, Title IV compliance.Higher education institutions are historically seen as a “soft target” by hackers. This year, the university has seen an unprecedented increase (130%) in the number of phishing, malware, spam, impersonation attacks. In addition, we have received advisories and experienced attacks where hackers have impersonated logins to steal/modify banking information of employees or students to redirect auto-payments to a 3rd party “hacker controlled” bank account.In response to the growing threats across the entire system, the CSCU system office has outlined a plan to bring to the board a new security plan for the constituent universities aligned to NIST-800-53. In total, this will bring approximately 200 new security controls to campus. IT requests the creation / reclassification of the open A2 to a Manager 2 “Chief Information Security Officer” within the information security department which realigns the current firewall administrator (Green) under a new position Chief Information Security Officer. In addition, the plan requests the realignment of the property control assistant (funded/vacant) A3 position into an A3 IT Audit and Compliance position. In addition, the newly created Information Security Office would absorb litigation and FOI technology request currently done in a distributed fashion with end departments, principally SEST. In total, we believe that these three positions, will address open audit concerns from the APA and Grant Thornton relative to the university security posture as well as work to implement the 200 new controls over a multi-year period. Our peers, WCSU and ECSU have had dedicated information security positions for multiple years while operating significantly smaller networks.In addition, the IT security office recommends the immediate purchase of four security products to help protect the university, employee, or student data. “Data Guardian.” Currently there is an identified gap in our file transmission between the secure enclave and the traditional network. The CSCU system office has recommended Identity Finder and McAfee ePolicy Orchestrator as the way to solve this. CCSU’s history with Identify Finder is that it is scanning less than 13.5% of all network files. Combined, system office and end school users have reported that these tools are cumbersome and also time consuming frustrating and slowing the productivity of the end departments. Rather than implement the preferred solution, the CCSU would like to pilot a next-generation tool which is run centrally (placing the burden on IT staff instead of faculty/staff) to protect and transfer files. CCSU IT recommends the implementation of multi-factor authentication designed to reduce spam/phishing attacks and or efficacy. This advice was provided by both Microsoft and the Federal Government as a technology which could help reduce Title IV funding being hijacked by hackers or payroll information being redirected.As a final measure, the IT division is recommending the purchase of cyber insurance through the State Insurance division. Cyber insurance provides a broad, blanket coverage which protects the university in the event of a data breach. Ultimately, many employees hold university data and the university is one laptop left away from a breach at all times. While employees and staff have been diligent in their protection of devices, our sister institutions have opted for cyber insurance to mitigate against potential break-ins, electronic or physical theft, as well as the inadvertent loss of data by a third party provider such as Amazon (Banner & Blackboard).We recommend the creation of a new banner index and aggregation of information security expenses across from other InfoXXX, CIO001 banner indexes so that Information security expenses can be tracked university wide.Priority 2: Creation of dedicated Enrollment Services applications team.[Strategic Goal: academic excellence, increased enrollment, increased revenue]Secondary Goals: Student service, competitiveness, information security, records management compliance (state library), Title IV compliance.Enrollment services includes services which support the website, the Ellucian CRM, and document imaging systems. In 2018, the CSCU system purchased both Ellucian Recruit, Salesforce, and Hyland OnBase and Ellucian Mobile. These four systems are designed to provide robust CRM toolset and services integration which have direct impact on enrollment management activities ranging from omni-channel communication to a mobile app experience. The division of IT recognizes that the installation and implementation of Hyland OnBase and the conversion of legacy systems such as dynamic forms used in financial aid, Common App integration, and more broadly the connection of these systems to the campus website and content messaging system will be SU has had 19 years of experience with ImageNow document imaging. In addition to maintaining that system in FY19, the university will need to begin the installation and conversion to the new Hyland OnBase System. Given the number of systems across the university that are connected, the university will need to increase staffing to support the current system while also designing and installing the new system. The division of IT recommends the creation of two new positions and the re-writing of the existing A4 in IT to serve as a dedicated university imaging and workflow application administrator. New positions are: A Web/CRM specialist (A4) who can back up the document imaging system and the moving of document imaging work stream from part-time to full time.A dedicated web services architect (A5), a position designed to deal with the 20 new web-based and/or cloud based systems which will need to connect, store, transmit, confidential student, inquiry and application information.Priority 3: Creation of Academic Technology liaison position.[Strategic Goal: academic excellence, increased enrollment, increased revenue]The Division of IT has had a void since the departure of the Media Services and ITDRC departments. In combination, there is a greater number of lab spaces on campus. These labs are often administered by faculty through release time or student workers / university assistants. As technology has increased, so have the demands for these lab spaces and the needs of the software that run on them. In addition, new labs are being created each year with equipment which requires greater support. 2018 saw an increase in lab requests from the School of Education, Department of Chemistry, and Music department as well as a request to move lab software from SEST computers into the main campus computer lab. In addition, Computer Science and MIS have begun using cloud-based virtual labs in the Amazon or Azure clouds which also require support. In total, these requests overwhelmed the IT department because they were not “quick fix” style solutions but rather requests to re-architect client/server environments, setup complex audio/video recording rooms, telepresence rooms, or create separate networks, firewall groups, etc. to support lab equipment. The academic technology team will be dedicated liaison to support the growing request of distributed lab managers and complex systems in use in the university.Priority 4: Adoption of strategic network and infrastructure computing plan. [Strategic Goal: academic excellence, increased enrollment, increased revenue]Secondary Goals: Student service, competitiveness, information security, health and safety, campus safety.Similar to end-user equipment replacement, the CCSU system has never had a strategic plan for the replacement of key infrastructure. While many of these replacements were funded through System Office, CSU 2020, or FFE projects, or technology fee dollars, those funds have diminished or their future is unknown until the new Governor makes his preferences known. Regardless, a greater number of university services are relying on the network infrastructure. From academic buildings to student dorms to athletic venues, IT infrastructure is not providing “convenience” service, it’s providing mission critical services. Today many security cameras, door locks, the 911 system, phone system, police department, emergency alert, food services, all use the core network as their backbone in a 24x7 manner. In addition, camps, campus events, and rentals all use aspects of internet, convenience wireless, projection/computers as part of their event rental. These services are critical and need to be maintained. In 2016, the university reduced its personnel from a pair of network technicians to a single technician and hired a company to provide 24x7 monitoring and remote replacement. In 2018, after 18 months of having a single network technician, we can say that this is not working. Our current one network technician is overwhelmed in their support of 350 switches and 1400 wireless access points. As a safety valve, we’ve slid workers from telecommunications and security to assist. Despite the good and valiant efforts of all involved, the university continues to defer maintenance on its core infrastructure.Priority 5: Adoption of a strategic end-user computing plan [Strategic Goal: Academic Excellence]Secondary Goals: Predictive personnel management, end-user productivity, increased customer service, cyber security risk mitigation.This plan, provides the strategic replacement of all campus computers, laptops, desktops on a regular cycle based on industry data which identifies machine use, productivity need, and industry lifecycle. Based on industry data from Gartner Inc., most university laptop/desktop computers should be replaced at the 4.5-year mark. The university history has that as buildings are retrofitted or undergo major construction, new labs or electronic spaces are created. By example the SSH building and Willard & DeLoreto buildings added approximately 200 new computers in labs or outside classroom areas. While these labs are initially funded with Fit, Finish & Equipment (FF&E) construction dollars, they are not included in the design stage in the university budget. With each building that gets renovated or constructed, the “out year” costs of Information Technology to replace labs, teacher workstations, smartboards, and peripherals, increases forever. Priority 6: Creation of Extended Lab Hours[Strategic Goal: academic excellence]Secondary Goal: Student Service, Customer ServiceIn 2018, the President and Provost received a request for students to increase lab hours in SEST. After discussions with campus facilities, police, environmental safety, the Provost, and IT, it was determined that it would be best and most secure to relocate multiple SEST computers into the existing Marcus White computer lab and extend the hours of the entire lab to the benefit of all students. IT recommends approximately $80,000 to support extending the UA/Student Worker workforce, signage, and computers for a one-year pilot to track the use of extending the computer lab to midnight 7 days per week. This is a one-year funding request designed to pilot this activity and results will be shared with UBPC next year.Recommended prioritization outside of IT Division: Extension of Cellular Coverage on Campus[Strategic Goal: Safety & Security]It has been identified that some buildings on campus have poor cellular coverage. Individual cell phones often serve as the first line of communication (call/text) when an emergency incident occurs. While wireless coverage continues to become more powerful, it is recognized that the lack of cellular service may limit non-Wi-Fi connected parents, students, faculty, staff as well as campus or event guests with appropriate coverage. This problem is expected to get more pervasive as carriers begin to switch to 5G service which are even more sensitive to signal loss. After review with the vendor who supported correcting the issue at Mid Campus, we believe we have identified the correct technology to solve the problem. Buildings with the worst signal are listed below. We are submitting this as an “above current service” request to be funded at the discretion of the University. The solution is designed per-building and our recommendation would be to do one or more buildings per year for successive years. The cost per building is approximately $200,000 with the bulk of the cost related to the situation.Student CenterLibraryJames HallCopernicus HallVance Academic ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download