460 likes | 878 Views
Ghosts and Goblins in 2003. Budget cuts resulting in increasing work (and money), but inability to hire BadgerNet Procurement and what it means to UW and to WiscNet Collaboration with researchers for national network Technology architecture that works Getting a CMS up and running for all UW.
E N D
Ghosts and Goblins in 2003 • Budget cuts resulting in increasing work (and money), but inability to hire • BadgerNet Procurement and what it means to UW and to WiscNet • Collaboration with researchers for national network • Technology architecture that works • Getting a CMS up and running for all UW
2003 - continued • Relationship between central and distributed IT support providers • Security - especially viruses and spam • Policy compliance - HIPPA, FERPA • That RIAA stuff
Administrative Information Systems • Why does this feel like the hardest work we do? • Used to say you should look for a new position a couple of months before “go live” even if you are having the most successful go live.
Administrative Information Systems • Are the administrators and the IT folks partners? • Is IT involved from the beginning? • If a consulting organization is used are they selected jointly by IT and admin leaders? • Is planning and budgeting a joint effort?
Administrative Information Systems • Can we allocate enough money to do the job well? • Do the folks in charge understand that we can only estimate the costs? • Are administrators going to be challenging all hours and costs? • Is there an adequate contingency fund? • How much time will we spend trying to account for and contain costs rather than working on the project?
Administrative Information Systems • Requirements change as implementation gets closer • Are these additional requirements really needed? • Why can’t we modify business practices? • Are we always unique? • Do we understand that changing requirements result in increasing implementation costs and time?
Administrative Information Systems • Who is managing the IT staff? • Does administration appreciate the value of good IT project management? • Does the IT organization have good project managers? • What is the role of IT leadership in this implementation? • Will the administrative unit insist on assigning and managing the IT staff?
Administrative Information Systems • Are the executive officers champions of this project? • Are there champions beyond the CIO and the administrative unit director? • Who is letting the greater organization understand that this is strategic and critical? • Is leadership actively supporting the changes this will bring?
The Network • The National Research Network Scene • Internet2 and the Abilene Network • National Lambda Rail • Global Connections Points • New York’s ManLan • Chicago’s Starlite • The West Coast
The Network • Regional Optical Networks (some) • The West Coast (California and Washington) • Texas • Louisiana • New York (and New England) • Florida • Virginia, DC, Maryland • Indiana • Michigan • Ohio • North Carolina • BOREAS
Northern Tier Network: Vision Northern Tier
The Network • Regional Optical Network Challenges • How does this fit with BadgerNet2 • How does this fit with WiscNet? • What are federal telecom initiatives doing to the national infrastructure? • Will we be ready for the next federal network research initiative?
The Network • Our campus 21st Century Network • Wireless challenges • New city wireless initiative • What will happen with CALEA
Security • Security is about technology • Security is about policy • Security is about culture • Security is about people
Security • External attacks • DNS attacks • Spam attacks • Hackers • Weird Stuff • And from the inside • 40,000+ students • And hundreds of other smart geeks
Security • Three tiered security model • The campus network • The servers • The desktop • Policy is essential • So is education, training, and ongoing communication
Security • Challenges - Catch 22s • Distributed environment and culture makes guarantees difficult • Federal laws require us to be rigorous • Errors are costly • Do we really know when our security has been breached?
Security • Things are happening too fast • Time between discovery of exploit and actual attack is very short • Our spam manager - constant updates • Folks out there have gotten too smart and too quick • Attacking has become a money-making business - eg, phishing scams, everything is prepared - grab all your data, exploit all your holes they are , like boy scouts, prepared • Same people over and over again have become really good subject matter experts in exploiting particular operating systems
Security • Data • Folks don’t understand the value of data and don’t back up their data • Folks often want more than they need • Folks often get more data than they need
Security • We give out even more than was asked for • Eg., a list of email addresses might come with social security number • Folks give out root password when calling the help desk • Don’t understand how data leaks • Innocently put something on a fileserver; ends up on the web
Security • Understanding physical infrastructure • Physical security matters • A backhoe can cut fiber you think is secure because it sits alone • Web server also and file server: layer of separation doesn’t exist • Machines are left in accessible spaces
Security • We are too trusting • Firewalls not configured right • We think that once you are inside, you are safe - that ain’t so • Need to explicitly say who is trusted: big work that you have to do over and over again
Security • Not all vendors are equally concerned Lots of vendors don’t understand about encrypted data • And then there is Microsoft
Password stuff http://www.doit.wisc.edu/security/passwords/passwordrunner.asp
Budget • Budget for the UW System has been decreasing • IT takes budget cuts • Can we do more with less? • Can we do the same with less? • Are there other sources of funds? • What can we give up?
Budget • Do we know the cost of each service? • Do we know the value of each service? • Do we know its source of funds? • Is the user community prepared to pay full cost for a previously subsidized service?
Budget • Are our cost accounting practices and systems good enough? • How do we do better cost accounting when we need money for other things? • What can we give up? • Who decides? • Who takes the heat?
People • University has multiple human resource models • University has a shared governance model • Faculty • Students • Academic staff • Classified staff are part of WPEC • Differing rules and policies apply
People • The technology is the easy part • The technologists are tough • Smart • Thoughtful • Stubborn • Creative • Challenging • Productive • Inquiring
Then there are the clients • And the users • And the folks who call the help desk • And the folks who second guess you • The folks who think things are not happening fast enough • The folks who think things are happening too fast • The chronic complainers • The demanders • And your friends
Thank You! Annie Stunden Division of Information Technology UW-Madison stunden@wisc.edu March 2006