Universities and colleges have experienced massive changes in the way they operate during the past few weeks as we move towards remote delivery of learning and services to students and staff. A huge amount has already been done to take us to this ‘new normal’.
As new ways of working and delivering to learners are settling in, it is important for IT managers to plan for continued delivery of essential services to users in the coming weeks and months. The summer months are often a busy period for IT teams as technology changes are implemented while students and teaching staff are, on the whole, off campus.
Continued delivery of IT services and change management will be essential, given the reliance that remote learners and staff have on accessing the systems they need for curriculum delivery and other line of business functions, such as finance, payroll and student records. This will not be without its challenges, as service delivery will need to continue despite the likelihood of staff reductions due to illness or furlough, and the inability to access onsite infrastructure. Priority should be given to ensuring there are adequate resources in place to allow for uninterrupted service provision in mission critical areas.
To help you with this planning, we have produced a checklist of areas to consider when planning and prioritising resources and delivery of services. This is based on the Jisc infrastructure review service, which we have undertaken at over 200 Jisc member sites.
Key areas to consider include;
IT budget: Many capital projects are likely to be delayed or potentially cancelled. Can funding for these projects be redirected to fund staff roles providing continuity of existing services or enhancing remote learning facilities?
IT team staffing and structure: Are there enough staff to cover all responsibilities, and do they have the appropriate skills? In terms of roles and responsibilities, is the existing first- second- and third- line structure for the team fit for purpose in the new environment? Is there enough remote support available to answer helpdesk enquiries? Where expertise is normally provided by external third parties, are they still able to fulfil these contractual commitments? Cloud services such as Office 365 are in particular demand requiring specific administrative skills.
Networking: Is there the capacity and ability to remote administer networking equipment such as the campus firewall? Can staff resources dedicated to systems of reduced importance (for example the wireless network) be redeployed to higher priority services?
Servers and storage: Non essential and mission critical systems should have equal priority for patching and backup. Can on-premise servers be accessed remotely? Where difficulties arise, can services be brought into the cloud? Is the data centre environmental control system being monitored remotely, if the air conditioning system fails it may cause damage before it’s noticed?
Identity and access management: Is there the capacity to maintain the central user directory (for example Microsoft Active Directory). Is it possible to resolve user access management issues remotely, for example forgotten passwords? Where password expiry is enforced, it may be worth considering removing this requirement to reduce the number of issues going forward. The recommendation of the National Cyber Security Centre is to implement strong passwords which do not expire.
Applications: Student facing applications such as the virtual learning environment which provide teaching and learning to students clearly take priority and should continue to be maintained. Other applications including email and collaboration tools such as Microsoft SharePoint are also high priority. Other systems can be prioritised accordingly – clearly access to student records and financial systems will be of greater importance than timetabling and room utilisation systems.
Device management: Class sets of devices such as desktops, laptops and tablets which are no longer being used and powered down are no longer a priority in terms of management. Can resources be directed to ensuring organisation issued devices which are offsite are properly managed, patched and encrypted. Are effective measures taken to ensure staff and students who are using their own devices to access systems and services are able to do so, and are they doing so in a secure manner?
Security: Are backups being maintained? It may no longer be possible to access physical offline backups such as a tape library. Can cloud backup be used instead? Are backups logically offline, as in that they cannot be immediately accessed should administrator credentials be compromised? Are communication links for remote access encrypted? Administrator accounts should only be used when elevated privileges are required – this is even more important when support staff are working remotely.
Policies: have staff been made aware of data security obligations? This is especially important when staff are working offsite – devices used to access systems should be encrypted. Is there the capacity to ensure learners with additional accessibility and inclusion needs are being catered for now they are working offsite? A robust safeguarding policy is vital and updated ensuring all staff are made aware of it especially when working from home, for example it is now recommended that one to one staff – student engagements via video conferencing no longer takes place without a third-party present.
The above demonstrate that while some services can be considered lower priority, there are a large number of systems and services which require continued maintenance and support during this crisis period to ensure operations can continue. Particular focus should be placed on security and backups to reduce the risk of data loss.
Authors: Subject specialists (infrastructure) Marc Dobson & Mark Clark