The 2019-2020 academic year has been like no other. DoIT started the year with solid plans and investment funding to support research, learning and operational improvements. That work was well underway when COVID-19 hit. DoIT and the IT university-wide community pivoted to emergency management, enabling the successful shift to remote work and teaching for the entire community. We also redirected resources toward supporting medical care and COVID-19 research.
Our priorities were clear and we accomplished them:
- Don’t falter. IT infrastructure must remain fully operational, robust and secure.
- Ensure instructional continuity for spring, summer and fall terms, including SOAR online.
- Enable operations of the remote university through tools and services to allow employees to be fully productive.
- Enable research continuity through secure computational and storage services.
As we come into the 2020-2021 academic year, these priorities remain clear. Additionally, it is time to take action on improving efficiency and lowering the cost of IT across the university. It is important to do this in the context of enabling the best future state of operations possible, reducing the IT spend without introducing future technical debt caused by neglecting maintenance. We must make smart choices and act in the university’s interest.
This report summarizes the accomplishments of the past year, and outlines key initiatives and issues that lie ahead.
Service to the mission
We are a collaborative information and technology community working to enable innovation, support scholarship, and equip the university with high-quality, sustainable technologies and services.
In service to the university’s mission, during the past year we have accomplished key advancements:
- In collaboration with the Vice Chancellor for Research and Graduate Education and with support from Chancellor Blank and the university executive team, UW–Madison ResearchDrive provides secure data storage to all researchers. Since its launch in December 2019, ResearchDrive has had strong adoption, already providing 1.17 petabytes of storage space to 234 research groups in 76 different campus departments. We were also able to quickly onboard the American Family Insurance Data Science Institute’s COVID Research Group this spring, providing storage to more than 40 data scientists from 20-plus departments at UW–Madison, as well as external collaborators doing COVID-19 work.
- The migration to Canvas as the university’s sole learning platform was finalized in 2019. This provides a consistent experience for students, as well as an integration hub for instructors to integrate pedagogically-enriching tools and content. Faculty have integrated 185 tools, allowing for a personalized class experience at scale.
- Wisconsin Public Radio’s integration into the university Data Center afforded WPR better networking and a more secure, stable environment to convert from analog to digital broadcasting. WPR’s technical upgrades and DoIT networking enabled audio engineering and live, on-air broadcasts to take place remotely, bringing critical pandemic-related information to the state.
- Provided design and technical strategy to find connections between and support innovation across the student experience—including UW Online, degree planning tools, the first-year student experience, and projects in the OneBadger constituent relationship management portfolio.
- Led or assisted the completion of major projects that improve university efficiency, including major upgrades to the Student Information System.
Diversity, equity & inclusion
Committed to creating and nurturing a diverse, welcoming, and inclusive workplace, DoIT Human Resources and the DoIT Equity and Diversity Committee (EDC) collaborated to provide many opportunities for DoIT team members to learn and engage around the areas of bias and improving workplace culture. Recent activities include:
- Hosting a screening and discussion of the award-winning documentary, “bias”—a film that examines the notion of implicit bias, how it informs our daily interactions, and the challenges to combat unintended consequences.
- A facilitated book reading that generated a rich discussion of the major themes in Karen Catlin’s book, “Better Allies: Everyday Actions to Create Engaging, Inclusive Workplaces.”
- Coordination and sponsorship of DoIT’s Peer Partner Program—an ongoing effort to welcome new hires, make introductions to colleagues, and help new employees understand and navigate the culture of our organization.
We are launching additional diversity and inclusion activities, including conducting a DoIT Climate Survey, working with a vendor partner to help ensure survey validity. Our vendor partner will also provide consulting and assistance with evaluation of survey results, and will help establish actionable goals to help monitor and improve the workplace climate at DoIT.
Through its activities, educational offerings and monthly meetings, DoIT’s EDC works to ensure that our division is a place where differences are welcomed, different perspectives are respectfully heard, and every individual feels a sense of belonging.
To that end: words matter. As we all work to build a more inclusive campus and community, DoIT is also working to change the way we talk about our work, eliminating the entrenched, offensive jargon that’s commonly used in the IT industry—terms such as “master” and “slave” referring to data backups and recordings, or “whitelists” for good websites and “blacklists” for bad sites, users, and IP addresses. It’s far past time to create positive change and invite new, accurate and non-offensive ways to express who we are and what we do.
When COVID-19 emerged in January, DoIT began preparing for a remote workforce. We identified actions that would smooth the transition for the rest of the university. These actions included doubling the capacity of the virtual private networks (VPNs) to enable secure remote work, and ensuring adequate equipment to enable the Help Desk staff to work remotely. DoIT shifted to full telecommuting the week prior to the rest of the university, enabling us to be ready to assist others.
Among the thousands of actions, large and small, taken to create a fully virtual university, these are a few highlights:
- Collaborated on the successful shift of 8,500 courses to remote instruction
- Coordinated the university-wide IT response, including distribution of 247 laptops
- Managed user support volume spikes of up to 3 times normal volume, with sustained higher than average volumes throughout the semester
- Provided user support for a total of 13,017 phone, chat, and email cases
- Completed a host of urgent changes to MyUW and HRS to accommodate changes in state and federal regulations as well as new university leave programs
- Deployed provisional policies to guide secure videoconferencing
DoIT remains deeply immersed in activities related to Smart Restart, acting as the technology partner to others’ efforts. In addition to continuing the work from spring term into summer and fall, we are helping to bring SOAR online, launch symptom reporting and integrate systems and data across the testing and health care activities. Several other projects have been deferred to create capacity for this work.
As of this writing, the majority of DoIT employees are telecommuting and we expect this to continue for the foreseeable future. Many are juggling family care responsibilities. We have made, and will continue to make, schedule adjustments and accommodations to allow employees to be productive.
Chancellor Blank directed Vice Provost for Information Technology Lois Brooks to reduce the cost of IT while continuing to improve the quality of service. Successful progress was confirmed by the Budget Office in March 2020, with an average savings of 4% expenditures and 2% headcount.
Over the past year, DoIT has focused on improving operational efficiency, leading to more robust systems, a better user experience and more effective use of university resources. Key outcomes:
- “Stop the Madness” — eliminating the DoIT internal chargeback system. We are completing the first year of a rebased budget, bringing substantial benefits to the organization. These include transparency of costs, eliminating needless employee reporting and the 9-month-long budget planning process, as well as enabling the finance team to function with fewer FTEs. The new financial structure allows informed management decisions and brings DoIT one step closer to being able to migrate to the Administrative Transformation Program.
- Launched a metrics initiative to measure improvement and provide insight into areas that need focus.
- Improved Help Desk call resolution time by reducing wait time in the queue and answering more questions on the first call. This lowers both cost to DoIT for providing user support and unproductive time for those with computer problems while they wait for resolution.
- Launched professional development for DoIT managers to learn needed skills.
- Hosted professional development activities for the university IT community, including the IT Professionals Conference in June, the IT Leadership Program and a host of offerings from UW IT Connects and IT Communities of Practice.
All of these efforts continue into the coming year, with a focus on driving greater efficiencies and achieving industry-standard (or better) levels of service.
DoIT either leads or supports a wide range of compliance activities for cybersecurity, HIPAA, accessibility, audits, and more.
Developed Access Control and Credentials Policies, along with updates to the Principles and Procedures, which were all approved prior to the end of 2019. A total of six policies were completed between March 2019 and January 2020.
With cyber threats and security breaches growing in frequency and scope worldwide, we are vigilant in protecting the university from ever-increasing threats to our information, systems and data. To do so, we must approach cybersecurity with a multifaceted set of tools, practices and services to educate the university community, and to prevent, monitor, investigate and remediate threats.
With new systems online and playbooks adjusted, our Cybersecurity Operations Center (CSOC) saw suspicious activity reports requiring manual intervention drop from a peak of 120 per week to an average of 40 per week.
Threat actors are relentless in seeking opportunities to exploit people and systems, and the pandemic has kept scammers very busy, along with our cybersecurity team. During the first 14 weeks of the pandemic, nearly 10,000 system vulnerabilities were discovered. While outstanding vulnerabilities initially rose to over 200 per week, the average has steadily declined to 150 per week since late April 2020.
Risk Management, Compliance & Security Engineering:
At the same time we’re managing cyber threats, an increasing number of federal and state laws and regulatory requirements must be met. At UW–Madison, we must also comply with Board of Regents and University of Wisconsin System Administration policies designed to maintain a secure environment, minimize risk and safeguard operations.
Meeting regulatory requirements for information security and compliance is an ongoing activity, which requires continual review, refinement, updating, monitoring, and response as regulations change. These activities include:
- Audits to ensure compliance with regulations
- Cybersecurity training for faculty, staff and students to raise awareness about personal identity protection, as well as the security of UW–Madison data
- Health Insurance Portability and Accountability Act (HIPAA) training to protect the privacy and security of our patients’ and research subjects’ protected health information
- Management and security of university-owned computing devices, or “endpoints,” that access university data
This year, the Risk Management and HIPAA Risk Assessment teams completed well over 200 individual assessments for UW–Madison information systems or activities. Sixty-four percent of the assessments involved high-risk data with 58 percent of all remediated systems evaluated as low or low-moderate risk.
We completed audits conducted by UW–Madison, UW System Administration and the Legislative Audit Bureau, which included capital asset inventory, travel and purchasing cards (twice from different entities), IT procurement and access controls. In addition, a service level audit was conducted on the budget and billing processes related to the System Services Group.
Auditing is an important part of managing compliance and minimizing risk. Any gaps identified by an audit allow us to better evaluate and control risk. However, it should be noted that the cost is high. We spent approximately 10,000 staff hours responding to audits, with the UW System Administration access and security audit and the Legislative Audit Bureau series of audits being particularly time consuming. Time spent actually fixing problems identified in the audits is in addition to these hours.
In fall 2019 and spring 2020, the access requirements and security of data stored within the DoIT Data Center and the commercial OneNeck Data Center were thoroughly assessed and certified, which now enables a set of common security controls to be applied to all systems within these data centers. Pre-certifying data centers for security allows much faster planning and approval for systems being located in these facilities, reducing time and expense for administrators and researchers.
Center for Digital Accessibility & User Experience:
In collaboration with a wide variety of university partners, we continuously improve the usability of the technologies we buy, build, and use in our digital campus. This includes accessibility improvements to more than 70 websites and applications, and usability enhancements that directly benefit every student and employee at UW–Madison. Notable examples over the past year include MyUW, the Course Search & Enroll app, SOAR online, the Interoperability initiative, and the Administrative Transformation Program.
The coming year promises to be challenging as the university navigates Smart Restart and grapples with budget and social challenges.
We highly value our employees and are committed to their inclusion, well-being and productivity. We anticipate working remotely for months to come, so will extend efforts to keep people engaged through flexible work schedules, professional development, and purposeful connections to others.
DoIT is on track to deliver high quality services and infrastructure, support the mission of the university and partner with others to support their success. New efforts will focus on Smart Restart, as well as replacing aging, fragile infrastructure to avoid emergency outages and expenses, and modernizing older systems to improve capacity and cost efficiency. These efforts include:
- Upgrading the firewalls and the virtualized server environment
- Re-architecting the network to allow for improved throughput and security, as well as add more flexibility for research
- Relocating much of the Dayton Street Data Center to colocation facilities
- Providing modern, secure underpinnings to support the Administrative Transformation Program through key initiatives such as Interoperability—to keep systems in sync with timely and accurate data, and ensure that people have appropriate access to systems and data
We anticipate a budget reduction and are preparing to adjust within DoIT, as well as considering how the university might benefit from a more contemporary approach to IT services. This is an opportunity to look for IT efficiencies university-wide by migrating to common platforms and eliminating redundancies. The improved infrastructure and services in DoIT will allow university efficiencies to begin to accrete.
However, the current IT funding structure at the university is a barrier to improving IT efficiency. Financial leaders Laurent Heller and David Murphy support the idea of restructuring funding—a complex, multi-year effort—though given other demands, it is not clear when this work will begin.
This past year has provided challenges and opportunities for growth that no one expected. We’re proud of the work that has been done so far to meet these ongoing challenges, and we are in a strong position to continue enhancing our role in support of IT collaboration and innovation. The coming year will demand that we continue to adapt and evolve, and we stand ready.