Initiative IX: Centralize University-Wide IT Services and Resources
In early 2016, the university’s leaders directed that all technology be centralized under the CIO. This decision came after university-based assessments regarding cyber security, business continuity and disaster recovery - as well as knowledge of national and global threats to information security - along with steps governments and organizations have begun to take in response. In sum, the university’s previously distributed IT model posed great danger to the university’s ability to protect data and maintain operations.
Beyond critical improvements to the university’s information security and business continuity efforts, centralization also will remove barriers to the delivery of a consistent IT experience across the university. It also will optimize the university’s IT investments by reducing redundancies and enhancing economies of scale in services and purchases. Additionally, it will also provide additional professional development opportunities for the CWRU IT professionals.
Beyond specific goals and initiatives, this plan will help inform and shape IT centralization. Key objectives of this effort include:
- Reducing the university’s information security risk;
- Enhancing ongoing management of existing and emerging information security threats;
- Improving business continuity and disaster recovery readiness;
- Improving the IT experience across the university; and,
- Optimizing university investments in IT.
Throughout the process of centralization and after its full implementation, IT will develop and update performance indicators to help highlight areas of access and opportunities for improvement. These indicators likely will involve a combination of quantitative and qualitative information.
Global developments and results from a university data security audit, underscore the necessity of enhancing information security. The university’s ability to achieve that imperative required a far more centralized model for capturing, transmitting and storing data, among other technological functions.
Action Item 25.1: Complete an assessment of all devices connected to the university network that represent a potential security risk. Provide mechanisms for identified systems that currently reside outside the Data Center a way to operate in a secure fashion.
Action Item 25.2: Create sustainable, repeatable and scalable business processes that will enable the deployment of new server and storage environments in a manner that meets the needs of the University and ensure that these devices are adequately secured.
Action Item 25.3: Develop a strategy for ensuring the consistency of the technology experience and protection of data is flexible and adaptable to emerging trends, as well as the needs of the university community.
Action Item 25.4: Develop and provide information security awareness training for all CWRU personnel.
Action Item 25.5: Develop policies for appropriately storing and sharing university data.
Running a successful organization requires an understanding of how to serve customers, regardless of market conditions. Business continuity plans help organizations stay running during natural disasters, economic downturns and bad publicity. A comprehensive business continuity plan forces leadership at CWRU to review the weaknesses and threats to the university from a detached perspective.
Action Item 26.1: Collaborate with the university’s Business Continuity office on a business continuity and disaster recovery readiness assessment for all applications critical to mission and business.
Action Item 26.2: Work collaboratively with the Business Continuity office to create a comprehensive and consistent business continuity and disaster recovery plan for all of IT infrastructure.
Action Item 26.3: Conduct regular disaster recovery and business continuity exercises and train IT and university personnel on processes required to restore university operations in the event of a disaster.
Action Item 26.4: Ensure that all university personnel working with university data are trained adequately in deploying solutions that ensure business continuity and disaster recovery.
As the centralization process unfolds, service excellence must improve at all levels of the university. During this initiative, it is very important that communications are clear and accurate; CWRU’s service management model meets and exceeds the university’s needs, a strong stable IT foundation, reliable hardware and applications that are utilized in the most effective manner. Most importantly, a network that is secure and sustainable.
Action Item 27.1: Adopt service management best practices across all areas of the University IT infrastructure and applications, including service strategy, service design, service transition, service operation and continual service improvement.
Action Item 27.2: Develop an architecture, funding model and support strategy that creates a consistent technology environment for all campus learning spaces and conference rooms.
Action item 27.3: Develop an IT support structure that delivers a consistent, “just-in-time” level of support accessible by all areas of the university.
Action Item 27.4: Garner and leverage IT’s human and financial resources to provide enhanced user experiences and better stewardship of university resources.
Action Item 27.5: Improve the skills of IT professionals and use consistent tools and processes to resolve technology problems more quickly and provide better service to CWRU faculty, staff and students.
Action Item 27.6: Develop and implement assessment processes and strategies that engage university constituencies in providing regular feedback regarding the effectiveness of IT services and solutions. Utilize this feedback to make data-driven decisions for continual service improvement.
Action Item 27.7: Strategically design, implement and measure a comprehensive communications plan to guide and promote all activities related to ongoing “Centralize IT” efforts.