By SHANNON O. WELLS
Pitt Information Technology’s upcoming 10-year “Planning Horizon” initiative promises to be anything but an isolated or exclusive endeavor.
That’s the spirit Mark Henderson, vice chancellor and chief information officer, conveyed to the Senate Computing and Information Technology Committee at its Feb. 26 meeting.
“Pitt IT is undergoing a 10-year Planning Horizon … which will invite all voices from across the University, so faculty, staff, students, senior leaders,” he explained. “We will also be extending invitations into the communities that surround us.
“We'll be talking to some of our vendor partners to incorporate what's over the horizon in terms of technologies (and) also asking for some of the other universities in our area to weigh in on this.”
Deloitte Consulting of Pittsburgh will facilitate the process, which is intended to be “in alignment” with the reimagined Plan for Pitt being developed by Chancellor Joan Gabel, based on input from a range of stakeholders.
“Really, what we want to do through Deloitte facilitating this is make sure that we're aligned with what the chancellor has shared in terms of the reimagined Plan for Pitt,” Henderson said, noting the first five-year horizon will enable that.
“The next five-year horizon is more of an aspirational approach. And there's going to be a lot of kind of future thinking and what we ought to be doing and how we ought to be doing it and things we ought to be considering during that timeframe,” he added. “It's a really exciting endeavor, I will say.”
Henderson said the collaborative approach evolved from a conversation with Rob Rutenbar, senior vice chancellor for research, as the two were “kind of waxing philosophically about technology that can support the research enterprise based on his aspirations for continued growth in that space.”
Agreeing it would be good to involve a “good facilitator,” a competitive search process led them to Deloitte. They also made a point of including “all voices who are stakeholders now, and quite frankly into the future, represented in our planning process,” Henderson said. “So, many of you will be hearing from Deloitte, to sit down with them and provide insights against questions that they have. For those who may not, we still want your voices heard.”
Henderson encouraged visiting the 10-Year Horizon webpage, which contains a link to a survey, where Pitt community members can “provide insights and things that we ought to be thinking about.
“And we're really committed to the process, because most importantly is understanding the voices of all of those who we're here to serve: faculty, students, staff, community leaders and our vendor partners and our fellow higher education institutions, because the things that we do are not done in a vacuum,” he said, adding that UPMC will be part of the process. “(There’s) much more to come in that regard. We're excited to be moving in this direction.”
Alumni email accounts
In other computer committee news, John Duska, Pitt IT’s chief information security officer, shared updates on digital security.
Driven by a “higher-than-average” percentage of fraudulent “phishing” attempts from compromised alumni-associated email accounts, an effort is underway to reduce the volume of these accounts. Now exceeding 83,000, most alumni accounts, Duska said, are not being used. The project is expected to be finished by the end of summer.
Responding to a question about what defines a “needed” alumni account, Duska explained that, with 27 percent of alumni having forwarding email accounts, IT plans to “email every one of those people and ask them if they want to keep their accounts,” giving them 30 days to reply. “So that's why it's going to take a few months to go through the process,” he said. “If any (alum) wants to keep their account, that's fine. They can keep it.”
Email authentication
In other digital security matters, Duska talked about implementing Domain-based Message Authentication, or DMARC, an email authentication protocol. Once enabled, DMARC will ensure any email received from a @pitt.edu email address is actually coming from a Pitt sender and not a forgery.
“A lot of times you may get spam or phishing emails, and it says the person is from Pitt, but that's fictitious,” he said. “They can put in anything they want in that line.”
Once enabled, DMARC will prevent phishing by detecting non-authentic @pitt addresses. “That message will fail the DMARC check and will end up going into quarantine instead of being delivered to your inbox,” Duska said, noting the validation will be enabled after the end of spring term.
Also being considering is an external email tag, which involves adding the word “external” to the beginning of email subject lines for emails coming from outside the University.
“This is an easy way to identify emails that aren't originating from Pitt,” he said. While it’s not specific to protect against phishing, it provides more information “to clarify if the sender is from Pitt or not. We've been testing this for many months at Pitt IT (and) in Health Sciences IT, and there are no issues with it.”
An activation date for this has yet to be set.
Endpoint protection tool changes
“Legacy” endpoint protection tools Sentinel One and Malwarebytes are being retired, leaving Microsoft Defender as the University’s “endpoint protection standard.” Malwarebytes will be decommissioned by the end of March, and Sentinel One by late May.
Since announcing the decommissioning at an IT partners meeting in early February, Duska said the number of Malwarebytes installations dropped from 1,600 to 770. Only used in rare circumstances now, Sentinel One was left with only 10 clients on campus, “so you may not have even heard of that one,” he said.
Email communications from IT will explain what steps should be taken to facilitate the changes. Each department’s IT representative should lead efforts to remove the programs from individual computers. Pitt IT recommends those using Windows-based laptops switch to Microsoft Defender if they haven’t already done so, Duska said.
As opposed to earlier applications used at Pitt, Duska said Defender uses intelligence from across the University to help “make itself smarter. It's like an artificial intelligence feature of the product, so over time it tailors itself to the Pitt environment.”
Multiple antivirus products on a computer can interfere with each other, he added, “so it's really best to just pick one, and that's why we're going with Microsoft Defender.”
Duo multi-factor authentication — the screen Pitt computer users see after logging into My.Pitt.edu or using the University-wide Enterprise service — will change as of March 30. Duo is phasing out the current “traditional” prompt and replacing it with a new “universal” prompt, which Duska said is “simpler and it improves accessibility on the web.”
“Essentially this is just a cosmetic change to the appearance of the prompt,” he explained. “There's no real changes to the functionality.”
Security training
Responding to a question, Duska clarified that digital security training is not enforced, except for some annual trainings geared specifically toward compliance, “in which case, we will ensure that you do take those trainings or you will not have access to certain things.”
Henderson elaborated that security training puts IT in “the very best position to have a culture of security at the University,” and has implications for evaluations based on cybersecurity and its costs. The level of training will influence what future rates may be.
“The realities are, if you don't take training and you are at the root of a bad experience that the University has … the needs of the one cannot outweigh the needs of the many,” he said. “So we are trying to (reach) a position where we are, as best as we possibly can, protecting the assets of the University and the assets of the faculty, your IP (addresses).
“It has to be a holistic approach to security,” he added, “and there will be consequences in the near future.”
New research information system
Michelle Fullem, Pitt IT's interim executive director - enterprise applications, provided an update on upgrading the Symplectic-based Elements research platform.
The upgrade “helps streamline research-related administrative tasks, fostering collaboration, improve research, visibility, and … reporting and other information that can be out there, really from a collaborative kind of showcase (along with) research that faculty members do,” she said.
A variety of stakeholders throughout the University, including the University Library System’s research office, the senior vice chancellor of health sciences’ office, the Health Sciences Library System, Swanson School of Engineering, and Office of Industry and Economic Partnership asked Pitt IT to assist with facilitating a request for proposal process.
Started last year, the process included gathering and scoring requirements, identifying potential vendors from a pool of five and inviting them to present demonstrations. “And through that thorough analysis and assessment, a decision was made to actually upgrade our existing Symplectic Elements System to their cloud version,” Fullem said.
The implementation phase of the project will include engagement with “all the right individuals throughout the University” as well as “change management” and communications, she said, estimating the kickoff would take place by early spring.
Responding to a question about functionality considerations in various facets of the University, Fullem said she envisioned most University responsibility centers, schools and academic departments “probably would welcome to have that functionality in this product.
“The existing Elements is very dated,” she added, noting that “obviously what's nice about being in the cloud is (staying) current on the latest platforms that they offer,” including a reporting analytics platform “that is part of what we’re moving to.”
Shannon O. Wells is a writer for the University Times. Reach him at shannonw@pitt.edu.
Have a story idea or news to share? Share it with the University Times.