Ghosts and Goblins in 2003

1
(No Transcript)
2
Ghosts and Goblins in 2003

• Budget cuts resulting in increasing work (and
  money), but inability to hire
• BadgerNet Procurement and what it means to UW and
  to WiscNet
• Collaboration with researchers for national
  network
• Technology architecture that works
• Getting a CMS up and running for all UW

3
2003 - continued

• Relationship between central and distributed IT
  support providers
• Security - especially viruses and spam
• Policy compliance - HIPPA, FERPA
• That RIAA stuff

4
Administrative Information Systems Hell
5
Administrative Information Systems

• Why does this feel like the hardest work we do?
• Used to say you should look for a new position a
  couple of months before go live even if you are
  having the most successful go live.

6
Administrative Information Systems

• Are the administrators and the IT folks partners?
• Is IT involved from the beginning?
• If a consulting organization is used are they
  selected jointly by IT and admin leaders?
• Is planning and budgeting a joint effort?

7
Administrative Information Systems

• Can we allocate enough money to do the job well?
• Do the folks in charge understand that we can
  only estimate the costs?
• Are administrators going to be challenging all
  hours and costs?
• Is there an adequate contingency fund?
• How much time will we spend trying to account for
  and contain costs rather than working on the
  project?

8
Administrative Information Systems

• Requirements change as implementation gets closer
• Are these additional requirements really needed?
• Why cant we modify business practices?
• Are we always unique?
• Do we understand that changing requirements
  result in increasing implementation costs and
  time?

9
Administrative Information Systems

• Who is managing the IT staff?
• Does administration appreciate the value of good
  IT project management?
• Does the IT organization have good project
  managers?
• What is the role of IT leadership in this
  implementation?
• Will the administrative unit insist on assigning
  and managing the IT staff?

10
Administrative Information Systems

• Are the executive officers champions of this
  project?
• Are there champions beyond the CIO and the
  administrative unit director?
• Who is letting the greater organization
  understand that this is strategic and critical?
• Is leadership actively supporting the changes
  this will bring?

11
The Network
12
The Network

• The National Research Network Scene
• Internet2 and the Abilene Network
• National Lambda Rail
• Global Connections Points
• New Yorks ManLan
• Chicagos Starlite
• The West Coast

13
The Network

• Regional Optical Networks (some)
• The West Coast (California and Washington)
• Texas
• Louisiana
• New York (and New England)
• Florida
• Virginia, DC, Maryland
• Indiana
• Michigan
• Ohio
• North Carolina
• BOREAS

14
Abilene Network
15
Lambda Rail
16
Northern Tier Network Vision
Northern Tier
17
BOREAS-Net
18
The Network

• Regional Optical Network Challenges
• How does this fit with BadgerNet2
• How does this fit with WiscNet?
• What are federal telecom initiatives doing to the
  national infrastructure?
• Will we be ready for the next federal network
  research initiative?

19
The Network

• Our campus 21st Century Network
• Wireless challenges
• New city wireless initiative
• What will happen with CALEA

20
Keeping Our Environment Secure
21
Security

• Security is about technology
• Security is about policy
• Security is about culture
• Security is about people

22
Security

• External attacks
• DNS attacks
• Spam attacks
• Hackers
• Weird Stuff
• And from the inside
• 40,000 students
• And hundreds of other smart geeks

23
Security

• Three tiered security model
• The campus network
• The servers
• The desktop
• Policy is essential
• So is education, training, and ongoing
  communication

24
Security

• Challenges - Catch 22s
• Distributed environment and culture makes
  guarantees difficult
• Federal laws require us to be rigorous
• Errors are costly
• Do we really know when our security has been
  breached?

25
Security

• Things are happening too fast
• Time between discovery of exploit and actual
  attack is very short
• Our spam manager - constant updates
• Folks out there have gotten too smart and too
  quick
• Attacking has become a money-making business -
  eg, phishing scams, everything is prepared - grab
  all your data, exploit all your holes they are ,
  like boy scouts, prepared
• Same people over and over again have become
  really good subject matter experts in exploiting
  particular operating systems

26
Security

• Data
• Folks dont understand the value of data and
  dont back up their data
• Folks often want more than they need
• Folks often get more data than they need

27
Security

• We give out even more than was asked for
• Eg., a list of email addresses might come with
  social security number
• Folks give out root password when calling the
  help desk
• Dont understand how data leaks
• Innocently put something on a fileserver ends
  up on the web

28
Security

• Understanding physical infrastructure
• Physical security matters
• A backhoe can cut fiber you think is secure
  because it sits alone
• Web server also and file server layer of
  separation doesnt exist
• Machines are left in accessible spaces

29
Security

• We are too trusting
• Firewalls not configured right
• We think that once you are inside, you are safe -
  that aint so
• Need to explicitly say who is trusted big work
  that you have to do over and over again

30
Security

• Not all vendors are equally concerned
• Lots of vendors dont understand about encrypted
  data
• And then there is Microsoft

31
Password stuff
http//www.doit.wisc.edu/security/passwords/passwo
rdrunner.asp
32
That Shrinking Budget
33
Budget

• Budget for the UW System has been decreasing
• IT takes budget cuts
• Can we do more with less?
• Can we do the same with less?
• Are there other sources of funds?
• What can we give up?

34
Budget

• Do we know the cost of each service?
• Do we know the value of each service?
• Do we know its source of funds?
• Is the user community prepared to pay full cost
  for a previously subsidized service?

35
Budget

• Are our cost accounting practices and systems
  good enough?
• How do we do better cost accounting when we need
  money for other things?
• What can we give up?
• Who decides?
• Who takes the heat?

36
You Have To Manage People
37
People

• University has multiple human resource models
• University has a shared governance model
• Faculty
• Students
• Academic staff
• Classified staff are part of WPEC
• Differing rules and policies apply

38
People

• The technology is the easy part
• The technologists are tough
• Smart
• Thoughtful
• Stubborn
• Creative
• Challenging
• Productive
• Inquiring

39

• Then there are the clients
• And the users
• And the folks who call the help desk
• And the folks who second guess you
• The folks who think things are not happening fast
  enough
• The folks who think things are happening too fast
• The chronic complainers
• The demanders
• And your friends

40
To summarize
41
(No Transcript)
42

• Alternatively, sometimes I want to say

43
(No Transcript)
44
Thank You!

• Annie Stunden
• Division of Information Technology
• UW-Madison
• stunden_at_wisc.edu
• March 2006