Table of Contents
- Changes to Information Security Practice – Paula Vickers, Middlesex University
- A Journey to Cloud Document Management – Ben Henderson, LondonMet
- Facilitated discussion on staff shared folders, user drives and remote access – Bernard Aghedo, UCISA
- Moving to a fully hosted cloud telephone system – Roberto Volo, Kingston & Sutton Educational Partnership (KSEP)
This was the sixth and last meeting for the calendar year for the UCISA London Group. The event was hosted by Queen Mary University of London. The meeting opened with registration and networking lunch followed by 4 agenda sessions comprising 3 presentations and one facilitated discussion session with an additional networking break halfway through the presentation sessions. The meeting was well attended by representatives of member institutions, members of the LMN Board, Jisc representatives and representatives from Box who were sponsors for the day.
Changes to Information Security practice
Paula gave a presentation of the key changes in their information security practice based on a timeline from Spring 2016 to Autumn 2017. In the beginning, as she put it, they had everything they thought would make for a secure university network but in Spring 2016, they changed their data centre and server provider and selected SIEM as a service to collect and analyse event logs, began patching Linux systems and scanning them on a weekly basis and opted for firewall as a service. However, there were more changes in Autumn 2016 due to the Cyber Essentials requirement to deliver training for HMG for prison officers desiring to study at the university and there was also the need to meet the requirements of the forthcoming GDPR. This meant weekly vulnerability scanning of servers, ports, websites, network and telephony equipment, etc.; change to their baseline to record cloud services, websites and port configurations; changes to IT Security policies; changes to the way executable files run in computers, ensuring that all staff computers are encrypted regardless of the operating system; etc.
On port scanning for Cyber Essentials, Paula noted that there were variations in the extent of the scans depending on which service provider one was using, there is therefore no standard practice, a situation that UCISA and Jisc representatives at the event thought should be more fully discussed to seek ways to standardise. Paula also told the delegates that the ICO had prosecuted some organisations for not fully encrypting their suite of user computer machines.
By Spring 2017, there were more changes due to increased spamming activities on their network, so they have had to Investment in Advanced Threat Protection for incoming mail, deploy strong Sender Policy Framework record, migrate Mailhub platforms to Microsoft and Amazon distribution services with daily monitoring of mail queues to identify potential compromised accounts and staff are now mandated to undertake the UCISA Information Security training course to raise awareness. More changes followed in Autumn 2017 when the National Cyber Security Centre reported Botnets on their network. To resolve this, they piloted DarkTrace which showed compromised machines in their network with malware undetected by the antivirus scanner, user accounts that were being targeted to brute force attempts to gain passwords, machines communicating with suspicious sites, large volumes of data being shared unencrypted, etc. In addition, students were reporting websites purporting to be Middlesex University capturing userids and passwords and others selling Middlesex degrees. So, they have had to fund DarkTrace for a year, strengthen their brand and domain ownership position and develop several activities to support staff and students to better protect themselves and the university’s services.
Paula gave an indication of the cost implications and support resources necessary to effect these changes as progressively going higher. Paula ended the presentation with a call to arms for members of the London Group to better collaborate, she also pointed delegates to some existing resources including the UCISA information training materials. Paula ended by suggesting the formation of a UCISA London forum for staff involved in security management to share good practice, seek advice and for peer support.
Paula’s presentation can be seen here.
A journey to cloud document management
Ben presented on their move to cloud document management system using the Box platform. Supported by representatives from the Box, Ben told of their journey beginning with the university’s vision for a “One Campus One Community” (OCOC) for which the university is investing around £25M to deliver. To this end, the university is moving forward with “agile working” based on three core strategic goals including “Effective electronic records management, archive and retention.”
Previously, they had several challenges with document management including difficult, outdated user interfaces on some applications, availability and accessibility of materials, concerns about security and appropriate access control, inadequate version controls, etc. They chose Box because, amongst several reasons, they offered unlimited storage, easy user interface and were leaders in cloud document management ahead of the likes of Microsoft. They have implemented the system for staff and have migrated about 558GB of staff data using Box Shuttle. Staff have been well supported throughout this process with Box Tech Discovery sessions, Box surgeries and a Box Champions user group that have been very effective.
Ben also told the delegates that the system has proved successful because following a fire incident that destroyed a server room, staff were able to access and work with their data offsite regardless of their locations. Next steps for them is Box Drive rollout, Google Drive migration, rollout for students, etc. Asked why they did not go for OneDrive or SharePoint, Ben said that at the time, OneDrive had offline access issues and because of some previous experience they did not consider SharePoint.
Ben’s presentation can be seen here.
Facilitated discussion on staff shared folders, user drives and remote access
Following Ben’s presentation on their move to cloud document storage, LondonMet became, for this discussion, as a ‘case study’ of an institution that had embraced cloud storage, I led and facilitated the discussions on whether institutions like LondonMet were still using staff folders and user drives and how remote access to these resources were organised and delivered. Some of the institutions at the event were using SharePoint Online for their intranet and as a document management system and it was perfect for what they wanted to do. Others were using OneDrive, with others were trialling it, and it also seemed to be the ideal solution for their context. Throughout the discussions, it was clear that delegates were familiar with and had experience of using cloud storage technologies and it was in line with their institution’s overall institutional IT strategy especially with the drive to ‘do more with less’ so using technologies like OneDrive, SharePoint Online, etc. could help institutions to fulfil that aspiration. With regards to BYOD, mobile working, remote access and security, it was largely discussed and agreed that they all sit together well as a suite of integrated services that IT teams provide in their institutions and that the provision should be underpinned by appropriate policies which must be effectively enforced.
Bernard’s discussion slides can be seen here.
Moving to a fully hosted cloud telephone system
Roberto gave an excellent presentation of their journey from using two old, dated, out of manufacturer support PABX systems to a fully hosted cloud-based telephone system. Following an audit, their initial requirements for the new telephone system was it should be off-Site, be able to integrate with Active Directory, scalable both up and down, Multi Tenanted, be able to have Location Independent Operators, have Call Centre Capability, handsets must be able to be used via SIP on an alternative solution, etc. They then decided to standardise their approach, implement Service Numbers, have Personal DDI for all Staff, Minimal number of configuration options, Minimal number of Handset options, Auto Logoff each night, which later proved to be problematic and so was reversed, and have Automated Reports Platform. From the invitation to tender, 4 suppliers were selected offering various solutions and the solution they chose was by UNIFY, now part of ATOS collaboration solutions, which offered them a PAYG Model, Fully Hosted, Only Handsets owned, Flex Up/Down, Fully Resilient, Dedicated SIP Connections and a 5-year Contract. As with many projects, they had challenges on the way, some in their control while others were not, more in the supplier’s control. Consequently, some things went not so well, and some things went well. Next steps for them is to implement the UC Client, merge their existing Switchboards into one, and bring on other 2 Colleges following Merger during 2018/19. Roberto admitted that the system was not perfect, but they are working on it, and that they would not go back to the old system, the new system was cheaper to run and easier to Manage especially with the Mobility functions – Business Changing.
Roberto’s presentation can be seen here.
The meeting was another great opportunity for institutional representatives to meet, share, dialogue and network. The format for the day worked well for all, the topics of presentation were all well received, and delegates participated in discussions and the question and answers that followed each presentation. Also, turnout from the FE community was much improved compared with turnout at the last event in October. UCISA is grateful to all the delegates, presenters and our sponsor for the day, Box.com, for helping to make it happen!
The next meeting is on Wednesday 17 January 2018 at University College London, 1 St Martin’s Le Grand.
London Liaison Officer (Part-time)