January 2009 Archives

You probably saw this in Ann's all-OIT email last week, but it's important and I wanted to repeat it here:

OIT’s senior management team has charged a committee from various areas across the department to address necessary OIT workstation security improvements. It is the senior management team’s position that OIT should be a leader in upholding University computer security standards.

OIT Security has identified several practices currently being used on OIT computers that could lead to security breaches:

• Use of secondary applications such as Flash, QuickTime, Acrobat, and Java that are not up-to-date with security patches are a leading contributor to computer infections.
• Excess old data files
• Unlocked and unattended workstations
• Machines routinely run with administrative privileges when not needed
• Non-encrypted laptops
• Excess personal use of University computers can lead to susceptibility from unsecured Web sites and malware

By becoming early adopters and leaders of responsible and secure computing practices at the University, OIT is positioned to set the example for the rest of the University. What can you as an individual do to help raise computer security awareness and keep University computers and data more secure? Here are just a few ways:

• Lock your computer when you leave your work area
• Delete your temporary and cached files
• Reduce the amount of private data stored on desktop and laptop computers
• Managers should make sure that all laptops in their areas are encrypted
• Reduce the time running your computer as administrator and other high-risk practices

In addition, the committee is working on plans to address these issues. Much of the work to be done as identified by the committee will be performed by FAST staff. FAST staff also will continue to encrypt Mac laptops, and plans to push more secondary application updates to Windows clients are being developed, as well. The plan is to have the identified issues significantly mitigated by March 15.

We need to realize that, as part of Operations and Infrastructure, we support the most critical components of the University enterprise: databases, production services, data center, systems administration, storage, backups, disaster recovery planning. As such, it is even more important for us to protect access to our systems. Please take a moment this week to review your security settings. In particular, set your screensaver to lock your screen if you are away. That way, your computer should be safe even if you forget to lock your screen or logout when you go to meetings.

Ann mentioned the OIT Climate Survey team as part of her weekly email this week, and since I'm on that team, I figured I'd give an update for you.

Recognizing those who are working on the OIT Climate Survey

As their work continues, I want to take a moment to recognize all of those across OIT who have been a part of this important effort. AC: Peter Bartz, Brad Cohen, Linda Jorn; NTS: Louis Hammond, Alyssa Peterson, Vickie Sheehan; OIA: Jim Hall; OIT Central: Maria Binder. Central OHR staff have also provided outstanding consultation and guidance for our efforts. Our thanks go to Patty Bales, Mary McDiarmid, and Susan Rafferty.

Thank you all for your exemplary work on this critical initiative!

At the beginning of the Climate Survey team, we held a number of focus groups with staff across all of OIT. We got a lot of great insights from staff, and the team continues to use this information in everything that we do. The Climate Survey team meets about once a week; at next week's meeting, we're preparing materials for an all-OIT supervisor meeting.

We're planning to meet with the all-OIT supervisors in two weeks, to work with them to generate a "top ten" list of management best practices. Following that meeting, the Climate Survey team will be ready to publish a best practices report to the OIT management. Armed with this information, we believe that managers and supervisors will be able to manage more effectively. And that's more important now that budgets are limited, and we will not be able to grow teams like we used to.

Also happening in the Climate Survey team: we've added new members to the team, which will provide more complete representation across all of OIT.

Curious to learn more about the Climate Survey team? Stop by my office to ask questions, or drop me an email.

In the current economic climate and tight budgets at the U, you may wonder how you can help. Every great innovation starts with an idea. Maybe you have an idea for how OIA might do things better - how to run more efficiently, how to save money. If you do, here's how to make an impact with your idea:

Write down your idea. Show it to your manager.

The documentation methodology that we have in OIA is as follows:

1. Vision document
2. Design document
3. Diagrams (usually part of Design)
4. Roles and responsibilities definitions
5. Post-project review

So the first step in getting any idea implemented is to write a "Vision" document. What goes into a "Vision" document depends on the idea. As an example, Mike and I recently wrote a kind of "Vision" document for Doug that outlined a possible way we might leverage our use of VMWare to support independent customer hosting, beyond what we do today. It included a history of virtualization in CCO/OIA, the current state of our VMWare architecture, discussion of future growth, and a brief outline of how we could build upon that base to provide a different level of customer hosting.

That was the "Vision" document, which I reviewed with Doug. Now that Doug has reviewed and approved this first step, the next step is to create a detailed "Design" - and if that looks promising, we can take the idea further towards an implementation.

Do you have an idea that could help us Simplify, Standardize, Automate how we do things in OIA? Your first step is to capture your idea in that "Vision document, and review it with your manager.

Need help? If you don't know where to start in writing a "Vision" document, please stop by. We can talk about your idea, and figure out the best way to present it in a "Vision" document.

As we enter the new year, it's important to look at the things that we do, and consider how we might do them better. I've written about Simplify, Standardize, Automate, and I decided I should take my own advice. So I'm moving my blog to the University blog system.

You may not be aware, but the blog that I've hosted at http://www.tc.umn.edu/~jhall/ is manually-edited, and I wrote a series of small scripts to create the blog and link everything together. It was great to get started, but using the University's blog ("UThink") makes more sense - I'll let them worry about upgrades, about space, about online editing support. So in a sense, by moving my blog to UThink, I've helped to simplify part of my work life. Now I won't need to update any scripts to support new features - features that UThink already supports.

How are you applying Simplify, Standardize, Automate to your work in 2009?