Ghosts and Goblins in 2003 • Budget cuts resulting in increasing work (and money), but inability to hire • BadgerNet Procurement and what it means to UW and to WiscNet • Collaboration with researchers for national network • Technology architecture that works • Getting a CMS up and running for all UW
2003 - continued • Relationship between central and distributed IT support providers • Security - especially viruses and spam • Policy compliance - HIPPA, FERPA • That RIAA stuff
Administrative Information Systems • Why does this feel like the hardest work we do? • Used to say you should look for a new position a couple of months before “go live” even if you are having the most successful go live.
Administrative Information Systems • Are the administrators and the IT folks partners? • Is IT involved from the beginning? • If a consulting organization is used are they selected jointly by IT and admin leaders? • Is planning and budgeting a joint effort?
Administrative Information Systems • Can we allocate enough money to do the job well? • Do the folks in charge understand that we can only estimate the costs? • Are administrators going to be challenging all hours and costs? • Is there an adequate contingency fund? • How much time will we spend trying to account for and contain costs rather than working on the project?
Administrative Information Systems • Requirements change as implementation gets closer • Are these additional requirements really needed? • Why can’t we modify business practices? • Are we always unique? • Do we understand that changing requirements result in increasing implementation costs and time?
Administrative Information Systems • Who is managing the IT staff? • Does administration appreciate the value of good IT project management? • Does the IT organization have good project managers? • What is the role of IT leadership in this implementation? • Will the administrative unit insist on assigning and managing the IT staff?
Administrative Information Systems • Are the executive officers champions of this project? • Are there champions beyond the CIO and the administrative unit director? • Who is letting the greater organization understand that this is strategic and critical? • Is leadership actively supporting the changes this will bring?
The Network • The National Research Network Scene • Internet2 and the Abilene Network • National Lambda Rail • Global Connections Points • New York’s ManLan • Chicago’s Starlite • The West Coast
The Network • Regional Optical Networks (some) • The West Coast (California and Washington) • Texas • Louisiana • New York (and New England) • Florida • Virginia, DC, Maryland • Indiana • Michigan • Ohio • North Carolina • BOREAS
Northern Tier Network: Vision Northern Tier
The Network • Regional Optical Network Challenges • How does this fit with BadgerNet2 • How does this fit with WiscNet? • What are federal telecom initiatives doing to the national infrastructure? • Will we be ready for the next federal network research initiative?
The Network • Our campus 21st Century Network • Wireless challenges • New city wireless initiative • What will happen with CALEA
Security • Security is about technology • Security is about policy • Security is about culture • Security is about people
Security • External attacks • DNS attacks • Spam attacks • Hackers • Weird Stuff • And from the inside • 40,000+ students • And hundreds of other smart geeks
Security • Three tiered security model • The campus network • The servers • The desktop • Policy is essential • So is education, training, and ongoing communication
Security • Challenges - Catch 22s • Distributed environment and culture makes guarantees difficult • Federal laws require us to be rigorous • Errors are costly • Do we really know when our security has been breached?
Security • Things are happening too fast • Time between discovery of exploit and actual attack is very short • Our spam manager - constant updates • Folks out there have gotten too smart and too quick • Attacking has become a money-making business - eg, phishing scams, everything is prepared - grab all your data, exploit all your holes they are , like boy scouts, prepared • Same people over and over again have become really good subject matter experts in exploiting particular operating systems
Security • Data • Folks don’t understand the value of data and don’t back up their data • Folks often want more than they need • Folks often get more data than they need
Security • We give out even more than was asked for • Eg., a list of email addresses might come with social security number • Folks give out root password when calling the help desk • Don’t understand how data leaks • Innocently put something on a fileserver; ends up on the web
Security • Understanding physical infrastructure • Physical security matters • A backhoe can cut fiber you think is secure because it sits alone • Web server also and file server: layer of separation doesn’t exist • Machines are left in accessible spaces
Security • We are too trusting • Firewalls not configured right • We think that once you are inside, you are safe - that ain’t so • Need to explicitly say who is trusted: big work that you have to do over and over again
Security • Not all vendors are equally concerned Lots of vendors don’t understand about encrypted data • And then there is Microsoft
Password stuff http://www.doit.wisc.edu/security/passwords/passwordrunner.asp
Budget • Budget for the UW System has been decreasing • IT takes budget cuts • Can we do more with less? • Can we do the same with less? • Are there other sources of funds? • What can we give up?
Budget • Do we know the cost of each service? • Do we know the value of each service? • Do we know its source of funds? • Is the user community prepared to pay full cost for a previously subsidized service?
Budget • Are our cost accounting practices and systems good enough? • How do we do better cost accounting when we need money for other things? • What can we give up? • Who decides? • Who takes the heat?
People • University has multiple human resource models • University has a shared governance model • Faculty • Students • Academic staff • Classified staff are part of WPEC • Differing rules and policies apply
People • The technology is the easy part • The technologists are tough • Smart • Thoughtful • Stubborn • Creative • Challenging • Productive • Inquiring
Then there are the clients • And the users • And the folks who call the help desk • And the folks who second guess you • The folks who think things are not happening fast enough • The folks who think things are happening too fast • The chronic complainers • The demanders • And your friends
Thank You! Annie Stunden Division of Information Technology UW-Madison firstname.lastname@example.org March 2006