security

ITS projects improve University's technology infrastructure … – binghamton.edu


In a world where technology updates and innovations seemingly occur on a daily basis, keeping Binghamton University’s systems up and running is a daunting job.

Information Technology Services (ITS) is responsible for keeping the University’s technological infrastructure current and capable of supporting all the University’s academic, administrative, financial and research needs.

To determine what projects move forward to address the University’s technological needs, a project governance committee was formed about three years ago, said Niyazi Bodur, associate vice president and chief information officer for the campus. Four vice presidents — JoAnn Navarro, operations, Bahgat Sammakia, research, Brian Rose, student affairs, and Donald Hall, academic affairs — meet every quarter. The committee reviews a list of requests and ongoing projects including estimates of time and energy to implement them as well as a justification for them, along with available resources.

“The project requests sometimes come from ITS, but also from faculty or administrators,” Navarro said. “The committee makes decisions based on review and prioritization, knowing that our ITS Innovation Team always has more demand than availability. Most of these projects are one-time investments, and once decisions are made, the committee works with ITS to determine what is manageable.’

Several major projects are underway to upgrade and improve systems that impact University life, said Bodur.

Renovation of the University’s data center tops the list of priority projects, he said. “It’s been a three-part process,” he said. “Part A is the primary data center in the Technology Hub — the production data center — and Part B is a second data center we created at a site off the main campus.”

All University enterprise systems, which are systems hosted by the University and not housed elsewhere, are hosted in the data center in the hub. Some systems used by the University, such as StarRez and Medicat, are hosted with the vendors offsite and that reduces the University’s overall storage needs. “We still store about 400 terabytes on campus. Google wouldn’t consider that amazingly large, but for an individual institution, it is.”

The secondary data center serves two purposes, Bodur said: “First, as a redundancy point for systems such as Banner and all department-shared data, and second, for some specific server equipment for health sciences research.”

Readers Also Like:  The European Commission and WHO launch landmark digital ... - who.int

Unlike when the cyber security incident affected the campus in November 2020, this system has a snapshot functionality so ITS can take a data snapshot at any time and lock it at any time, he added. “So, if a bad actor comes in and encrypts the data, the locked data won’t be affected, and if we have an incident on the main campus that affects our hardware, the data at the secondary site is unaffected.”

In addition, all data is being backed up on a daily basis. “Our old (backup system was about 20 years old,’ Bodur said. “Now our speed of restoring a backup is significantly faster if we need to restore data. When we had our incident in 2020, it took us about two months to restore everything, but with this new system, a similar restoration will take significantly less time.”

Part C of the data center project — a secure research data center adjacent to the main hub — is not in production yet, but a pilot phase is nearing completion. “There is more and more research going on using data sets from the federal government and other agencies that need to be secure,” Bodur said. “This is a secure area — both physically and electronically from a technology standpoint. We’re using customized systems to allow appropriate access for individual researchers.

“We realized we needed the pilot for this to understand what faculty need, so we recruited four or five faculty, and as we began running the pilot, another 10 or so showed up,” Bodur added. “We’re growing this organically and like the process because we’re seeing everything the faculty need.”

Another priority for ITS has been updating its identity management system to one that is fully automated. “This enables us to provision and deprovision user IDs for our enterprise and other systems in an appropriate, automated manner,” Bodur said. “In the past, for example, I’ve hired a new employee who wanted an email address, but the employee had to come to us with a letter and we would create it manually.

“We’re trying to get ahead of that, so all our main systems are provisioned automatically — as long as they do the human resources paperwork in a timely manner! We can now create accounts for faculty 90 days in advance of when their teaching assignment starts.”

Readers Also Like:  Apple exec allegedly offered Bay Area cop iPads for gun permits - SFGATE

Confusion about multiple addresses for individuals is also avoided under the updated identity management system, Bodur explained.

“This was a decision we made because a lot of individuals who were students and became staff had multiple IDs and the space gets crunched eventually,” he said. “We were keeping 120,000 user IDs that weren’t necessary. We know there are likely Implications for people to get adjusted to because of this decision, but now, a person gets an ID and if their role changes, they don’t get a different ID.

“Cleaning up all these obsolete accounts was a major, time-consuming process, and our Innovation Team, Systems, Project Management Office, Information Security and Desktop Support Teams did an extremely good job with it,” Bodur added. ”We’re already integrating this with some of the other larger systems, like the room-scheduling system, and we’re using it with my.binghamton and other systems. Retirees will also get to keep their IDs for email. What the University has promised to alumni and retirees will not change.

“We have also implemented multi-factor authentication for all University enterprise systems and data, which significantly improved our security posture,” he said.

Bodur explained that the University is also now using a commercial software to manage access to campus systems for a very small group of individuals who are system or domain administrators. Those with higher-level access to campus systems will now log onto this product to authenticate themselves instead of directly into the University’s servers. “They’ll get a secondary password and then log on,” he said. “This is a security improvement, and also a checkmark to lower our cyber insurance premium.”

Upcoming projects will see the wireless infrastructure for the entire campus updated. “We’re in the early stages of planning,” Bodur said. “Wireless access points are physical things and we have about 3,000 of them. They will all be replaced. It will be a multiyear project and we’re in the process of selecting a vendor. Hopefully, we’ll select the vendor this summer and it will take about three years to replace everything after that. This kind of software and hardware can’t be used for 20 years. We need this replacement as part of the life cycle upgrade. Doing it all will give us better software control and penetration.”

Readers Also Like:  Cybersecurity Synergy - Wake Tech Newsroom

ITS is also implementing a Microsoft solution that will enable it to do Windows and other software updates automatically, Bodur said. “So, for example, if someone is using Minitab software, when you need to manually update it that means the end user or someone from ITS has to come out to do it. The system we’re implementing will do that automatically. It’s not yet implemented, but once it is, it will be done in about two months and we will have a testing period.

“Now, the Help Desk can remote into your computer, but this new system will do a better job of remote practice and remote control and will help us inventory hardware automatically,” Bodur said. “It will automate and make our Desktop Support Team’s job a lot easier, while end users will get the most recent versions of most software automatically.”

Banner is also being upgraded from Banner 8 to Banner 9, which involves a large number of ITS staff and functional departmental staff (e.g., Student Records, Financial Aid, Student Accounts, etc.). There’s no end date as of yet, Bodur said, but he is hopeful to complete the upgrade within a year. “The user interface will have some changes, so there will be a learning curve,” he said. “That’s one reason why we’re going a bit slow, to make sure we can prepare training materials for faculty and others.”

Finally, Bodur said that another major system upgrade ITS operations and infrastructure staff made in the last two years is the card access system. “We implemented the state-of-the-art Genetec system to replace our previous older-generation system,” he said.” Currently, we have in excess of 4,500 external and internal doors controlled by Genetec. In addition to its basic features, it has a number of advanced features that we will implement in collaboration with University Police. This solution will improve our physical security posture.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.