Tag Archives: cloud

Moving to the Cloud with Amazon Web Services

Presenters

  • Ron Kraemer, VP and CIO, University of Notre Dame
  • Ryan Frazier, Director, System Engineering & Operations, Harvard Business School
  • Sarah Christen, Director of Community Platforms and CIO, Cornell University
  • Mike Chapple, Senior Director, IT Service Delivery, University of Notre Dame
  • Blake Chism, IT Transformation Sr., Amazon Web Services

Resource

Session Introduction

RC: we want to accomplish 1 major goal: roadmap and framework to take back to campus and “deal with the cloud in your culture and your world.”

It’s not perfect, and it’s a lot of work. BUT, it’s better service to our universities if we do it well.

SC: we’re a cloud-first institution. Lots of leadership change since that initiative started. We have 62 accounts under our master contract (master contract signed 18 months ago). Lots of accounts outside our contract. About $300K annual spend outside the IT org…we have a very distributed IT model.

We call the transformation “cloudification.” It’s a partnership with campus IT units. We refactor for most effective use of cloud technologies and containerization vs. “lift and shift.” Central IT must be the expert that campus wants to come to for help. We want to enable, not enforce (we do have SOME requirements to move to the master contract). We understand that if IaaS isn’t better with us, campus will make the move without us. We allow campus technologists to focus on unit differentiators central IT can help with the utilities.

Reqs for Cornell Master Contract

  • Onboarding discussion
  • Attestation
  • Shibboleth for authentication
  • DUO for multi-factor authentication for AWS Console access
  • Lock down root account, escrow with security office
  • Activation of AWS config
  • Activation of CloudTrail
  • CloudTrail logs sent to Security office
  • Activation of Cloudcheckr

What About Researcher AWS Accounts?

  • Easy onboarding without a lot of steps or complication
  • No interference with their research. No overhead (cost or performance)
  • Solutions for export control data and other compliance reqs.
  • Standard network config not always a good fit. “I am an island, not part of Cornell campus.”
  • Technical consultation options: docker, data storage, training, devops support

Today

  • All centrally hosted apps are being moved if possible
  • Infrastructure services are a large part of our on prem inventory
  • Campus units are moving more quickly than our central IT org

Biggest Challenge to Cloud Transformation: RESISTANCE TO CHANGE

RF: I’m director of Infrastructure Customer and Project Services. Initiated cloud strategy and planning when I was in the central IT division.

Cloud @Harvard

  • <2013: Exploration. Very early adopters at Harvard Medical School (research lab), pockets of uncoordinated use, little use within central and school-level IT departments.
  • 2013-2016: Alignment. We got enterprise agreement, direct billing and enterprise support services, laid technical foundations, brought on early adopters, developed cloud strategy.
  • 2016-?: Implementation. Accelerating adoption at all levels, i.e. labs, initiatives, schools, and central IT; shared service roadmaps; early adopters beginning to focus on optimization.

The Case for Cloud

  • Quality, cost, reliability, speed.
  • cloud.huit.harvard.edu
  • Our goal was to have 75% of our infrastructure at AWS by 2017. We’re currently at 31%.

HBX: Can We Deliver the Rich Interactive Experience of the Business School Online?

  • LET’S TRY
  • Move fast – 90 days to build, implement and launch application and registration system, < 1 year for complete course platform
  • Run independent of HBS IT – minimize impact on eisting services, enable new approaches to new needs
  • Be able to scale up or down rapidly – prepare for success or failure of the experiment

AWS Service Mix

  • 17 VPCs, 23 ELBs, 135 EC2 instances, 345 EBS volumes, 18TB instance storage, 4 Redshift Clusters, 18 RDS DBs, 30+ TB loaded via snowball, 78 TB object storage
  • Storage is a very small part of our spend (data transfer is 1%)
  • EC2 is about 58% of our spend

Notre Dame’s Journey to the Cloud

Why move at all? For us, we were sitting on an aging data center infrastructure. A capital investment – particularly cooling – had to happen if were going to continue. Tech demands from students, faculty and administrators outpaced our time and budget. In 2012, emergency communications were a critical concern.

2012

Originally we moved the web site as part of an emergency mitigation effort – “can we move the site in the event of an emergency?”

  • www.nd.edu
  • 3 web servers
  • load-driven autoscaling
  • Geographic diversity
  • It was really an easy move for us

2013

  • 435 web sites
  • 4 million monthly views
  • db as a service
  • ElastiCache

Cloud First

  • In 2013, we began having conversations about “why don’t we move everything over?”
  • We wanted to take advantage of what the cloud offers: 80% by the end of 2017; we’re at 59% today.
  • SaaS first, then PaaS, then IaaS, then on-prem.
  • Setting a goal created “a line in the sand,” that made it real for our people.

What We Learned

  • Rethink technical roles. NOBODY IS GOING TO LOSE THEIR JOB! However, you might not be doing the same job three years from now…
  • We were a very siloed organization prior to the cloud move. As a result of our move, those silos are breaking down.
  • Rethink security processes and tools (this was hard for us). We’re not mapping THINGS 1-to-1, we’re mapping OBJECTIVES.
  • Leverage automation – we’ve used ansible
  • Practical financial engineering. Our data center manager is now the guy who is our financial expert, who gives us insight into our costs. We’ve standardized on regions, instances (T2 class – about 3/4 of all our instances), use of reserve instances, etc.
  • Make a few choices and just go with them!

Cloud Transformation Maturity Model

  • Project Stage: limited knowledge, executive support, inability to purchase, limited confidence, no clear ownership or direction.
  • Foundation Stage
  • Migration Stage
  • Optimization Stage

Blake Chism from AWS: we developed this model to help you figure out where you are in the process. We’ve found that for most of our customers, procurement conversations are getting easier, but they’re still a challenge. If the central IT team helps take ownership, it can help organizations move forward more effectively, i.e. central IT not perceived as “being in the way.”

If your team has good processes now, your move will be much easier.

Project Stage

No matter what, you need to have a business case, a reason why you’re doing it. The roadmap helps describe how you’re doing it. Governance models evolve, and you get better at understanding them. Services change, and you need to have a plan about how you’ll integrate them (or not).

POC are much easier because if it doesn’t work, you can simply shut it off and you’re only out a few bucks. Try things out!

During the Project Stage, establish a “Cloud Center of Excellence” or “Cloud Competency Center” to get the organization moving in the right direction.

Foundation Stage

Lack of a detailed organizational transformation plan can be a challenge. Do a staff skills gap analysis to help you here.

Migration Stage

Should be as short as possible to get over the hump of hybrid and duplicate hosting. All-in will allow you to BEGIN doing new and exciting things. Imagine a space where the default state of, say, development environments, is OFF. All in is just the end of the adoption journey.

Were your enterprise systems like LMS, SIS, HR, Financials and the portal viewed as special and treated differently from smaller apps? Have you moved them yet?

  • Cornell: our KFS (Kuali) finance moved first (we dockerize ours) high availability on file shares was an early challenge (EFS – Elastic File Services are out now)
  • Harvard: IdM was first, we do Peoplesoft now, Oracle e-business is happening now
  • ND: ERP and LMS  – do not separate db servers and application servers!

AWS Cloud Adoption Journey

ALL: we use our AWS solutions architects extensively, and we’ve relied on AWS consulting almost exclusively for our migrations. These interactions have helped to accelerate our staff learning, because our staff are the ones who will need to maintain it long-term.

The professional services unit can help you figure out the high-level ecosystem you need for your particular situation. Enterprise support services is a bit pricey, but it’s useful in many cases.

SC: at Cornell, we created a 100 day training program that includes getting Amazon Solutions Architect certification. This is a good way to assure a certain level of competency. Some schools are using our model for training up their people, and they’re also using it as a way to network and learn new things, i.e. get names of people at other institutions that are going through the same problems.

Building the Roadmap – “Cloud Adoption Framework”

More details here: https://aws.amazon.com/education/movingtothecloudworkshop/

Organizes and describes the perspectives in planning, creating, managing, and supporting a modern IT service. Provides practical guidance and comprehensive guidelines for establishing, developing and running AWS cloud-enabled environments.

Don’t try to use all the components at once! Have your Cloud Center of Excellence (or whatever you choose to call it) do it in sprints by taking five or six of the elements and working through them.

In the private sector, the push to move to the cloud typically comes from the top. In higher ed IT, the push to move to the cloud typically comes from below. What we’ve often done is break off a small part of our budget, and use it to fund an “engineering SkunkWorks” where we can do the POCs and get staff buy-in. If the “where you do computing versus how you do computing” equation doesn’t click in your leadership’s minds, you’re going to have a hard time going anywhere.

Serverless Mobile Application & Game Development with Amazon Web Services (AWS)

Presenter

  • Curtis Bray, Manager of Solutions Architecture – US Education
  • Heather Matheson, Account Manager for UCLA
  • Amie Carobrese, Account Manager for UC & CSU

We’re deep into the public sector!  2,300+ govt agencies, 7,000+ educational institutions, etc.

When starting out, you pick a region, which is a location where your stuff (apps, data, whatever) will live. For example US-West-2 is a region. Within each region is a number of availability zones (AZs), separated by tens of miles.

How Do You Build a Mobile App Today?

  • Authorize
  • Authenticate
  • Synchronize
  • Store & Deliver Media
  • Analyze User Behavior
  • Send Push Notifications (bus arrival, quiz/test results, etc.)
  • Send Real Time Events
  • Store Shared Data (i.e. leaderboards)

Some of the products that’ll be covered:

  • Cognito: authentication
  • Kinesis Recorder: create live dashboards to track user events in real time
  • DynamoDB Mapper: store & query fast NoSQL data across users & devices
  • SNS Mobile Push: for push notifications
  • Lambda: “serverless” service that runs your functions

Authenticate Users: Amazon Cognito

What it does:

  1. Synchronize user’s data across devices / platforms
  2. Manage users as unique identities across identity providers
  3. Securely access all AWS services from Mobile device

It can provide temporary credentials to securely access your resources. It provides comprehensive support for identity use cases.

Synchronize data across devices: Amazon Cognito (Sync)

  • Store app data, preferences and staet
  • Cross-device Cross-OS Sync
  • Work Offline

Post processing can be done: push sync, events, streams

Store & Deliver Media Assets: S3 & CloudFront

  • S3 Connector transfer utility: multipart upload, fault tolerant download, no backend required, automatic retries, pause, resume, cancel functions.

Mobile Analytics

Collect, visualize and understand app usage data. Data stored can be put into a data warehouse if you want to.

Send Push Notifications: Amazon SNS Mobile Push

A single API can push messaging across multiple platforms.

Amazon DynamoDB Connector: Object Mapper

A NoSQL database that’s mobile aware

Which services should I use?

How do I connect them all together? We created the “AWS Mobile Hub” which ties into your AWS account. You create a project and add features you need to get up-and-running. The AWS Mobile Hub needs an IAM role so it can create resources on your behalf.

Working Mobile App project includes:

  • Xcode/Android Studio project
  • AWS resources
  • App Code
  • Helper “glue” code
  • SDKs
  • Detailed developer instructions

We then ran through an hour-long demonstration of the tools mentioned above…pretty powerful and easy-to-use stuff. The automated testing with AWS device farm was cool. You test against actual physical devices.

Cloud 101: Tools and Strategies for Evaluating Cloud Services

Presenters:

  • Khalil Yazdi, CIO in Residence, Internet2
  • Andrew Keating, Director, Cloud Services Internet2, andrew@internet2.edu

Assets from this session (shared box folder):

I’m looking forward to this session because there are so many SaaS, PaaS and IaaS tools that I’m being asked to review by my colleagues. There is a box link http://bit.ly/1H7tKhP that contains the notes from this session.  The Sample Security Clauses and Sample Data Handling Clauses were worth the price of admission, btw.

The EDUCAUSE app says about this session:

This seminar will introduce participants to the technical, legal, and risk management considerations important to evaluating and selecting cloud services for their campuses. Learn the key aspects of the Cloud Controls Matrix for security assessments as well as legal terms and conditions that make for successful cloud contracts.
OUTCOMES: Categorize the elements of cloud service assessment * Identify risks associated with cloud services and develop mitigation strategies * Distinguish how to engage campus stakeholders in evaluating cloud services

POLL:  What’s Attractive to You About Cloud Services?

  • Cost
  • Reduced overhead
  • Features
  • Functionality
  • DR / BC
  • Value-add functionality for staff
  • Scalability
  • Risk
  • Compliance

POLL:  What Concerns do you Have About Cloud Services?

  • SLA
  • Responsiveness
  • Integration of systems
  • Data and data analysis
  • What happens if your provider goes away
  • Security
  • Data location (regulatory)
  • Latency
  • Data ownership / retrieval
  • Manage cloud service, not our actual work
  • Funding / budgeting model CapEx > OpEx
  • Governance:  accessibility, PCI, FERPA, etc.
  • “Too easy” i.e. barrier to entry is very low
  • Billing
  • Enterprise vs. consumer purchasing

Items that are attractive and items that are concerns can (mostly) be argued either way!

Overview of Cloud and R&E Community Cloud

  • Internet2 founded 1996
  • National network
  • 300 member universities; 80 corps; 70 govt. orgs, etc.
  • Supports research and education

Goal for Today:  Informed Decision-Making About This Deployment Vehicle

  • It’s no longer an emerging technology

What Drives Us to Cloud Services?

  • Reducing costs
  • Realigning staff
  • Meet institutional goals
  • Help students learn more effectively
  • Aging infrastructure
  • Scalability & elasticity, simplicity, expandability (ebb and flow of normal campus activities)
  • Volume up; prices down (with these kinds of services, IT  is more like a portfolio manager of financial assets)

Business Drivers:  What’s Different?

  • Student Expectations
  • Faculty Roles & Requirements
  • Higher Education Business Needs
  • IT Services & Delivery
  • IT Procurement Strategies

Definition is Still Elusive & Amorphous

NIST definition: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

In short:  it’s a shared experience.

Underneath it all, you need a network carrier; Internet2 has this.

We wanted to created a scalable community approach for the higher ed space to communicate with cloud providers.

The NIST framework is not perfect:  identity is missing, it has overhead, security lives in the “cloud provider” segment, etc.

EDUCAUSE Top Issues:  Four Strategic Priorities

  • Efficiency:  reduce operational costs
  • Effectiveness:  achieve demonstrable improvements in student outcomes
  • Relevance:  keep pace with innovations in eLearning, and use eLearning as a competitive advantage
  • Value:  Meet students and faculty member expectations of contemporary consumer technologies and communications

You have to be able to speak to the above issues if you want to be relevant when pushing cloud services on your campus.

Interactive Section

  1. What’s Your Role and why are you here?  I’m director for Web & Technology Services in the division of Student Affairs.  I’m here because I want to get a handle on the approaches needed to manage the adoption of cloud services beyond web site and web application hosting (i.e. – product purchasing, governance, security, etc.)
  2. What are the business drivers at your campus for going to the cloud?  Speaking for my own unit:  cost, better understanding of service utilization.
  3. What are the budgetary drivers motivating consideration of the cloud?  Changing from CapEx to OpEx model.
  4. What are the technical drivers for moving to the cloud?  Reduction of technical overhead in maintaining a web infrastructure, reliability, flexibility.
  5. Who are the champions for cloud adoption on your campus?  What are their expectations?  Often, those who can’t or don’t want to support the technology themselves, but typically people who want stuff we can’t deliver.
  6. Who are the detractors and resistant to moving to the cloud?  Not many detractors, but there are people who continue to retain latent suspicions of the technology.  Central IT itself is often resistant to moving to the cloud.
  7. What do you see as major challenges to cloud adoption?  Scalability within the organization; how do we approach adoption in a holistic sense.

 

Cloud Assessment Skills

Technical & Architectural

  • Aspirational view of the cloud:  simplify and obfuscate complexity
  • Responsibility and management model:  need to understand the vendor’s relationships on all the different components of what represents “their problem” versus “your problem.”
  • IaaS:  is all purely infrastructure.  Provider says:  “we’re just giving you hardware in the cloud.  Everything else is your problem.”
  • PaaS:  Provider says:  “we’re giving you everything EXCEPT your application.  You’re responsible for that.”
  • SaaS:  Provider says:  we’ll manage everything for you.”  However, it’s all about who owns your data.

Cloud Service Functional Assessment

  • Review current features and functionality
  • Discuss existing Service Provider product roadmap (under NDA)
  • Determine ways in which service needs to be tuned for research and education usage
  • Prioritize feature requests discuss prioritization with SP’s product team

Process and Deliverables:  understand current features, functionality, and future roadmap; determine how to request features and inform the roadmap as well as process for reporting bugs.

Cloud Service Technical Integration

Network:  test network performance or review 3rd party testing; determine service connectivity with the Internet2 R&E network and optimize for enhanced delivery.  Test the network to create benchmarks!

Identity:  review SP’s identity strategy and determine InCommon integration.  Net+ Identity Guidance for Services

Process and Deliverables:  assign technical team members on networking and identity; develop and review testing plans; and produce reference documents for service subscribers

Security & Compliance

  • What are the documents involved?
  • Definitions, CCM or Cloud Control Matrix (self-reported like a VPAT, not audited), SOC 2 (an audit report), ISO 27001 (an audit report pass/fail)
  • How to read and understand these documents
  • Security assessment:  customized version of the CCM developed by the Cloud Security Alliance
  • Accessibility review and roadmap commitment
  • Data handling:  FERPA, HIPAA, privacy, data handling

Process and deliverables:  SP to give review copies of 3rd party audit materials, and completes Cloud Controls Matrix for review; campus security officer review and assess service; accessibility engineers review service and communicate needs to SP.

Legal & Contracts

What are the key elements in a successful cloud contract?

  • Description of service components, features
  • pricing and business terms
  • Indemnification and limitation of liability
  • security
  • compliance and representations
  • Data & data handling (data retrieval on termination, data destruction, etc.)
  • “Exit strategy,” source code escrow
  • SLA
  • Insurance provisions

When Reviewing Sample Contract Materials

The following questions were based on sample templates in the Box share described waaaay above.

  • What does this contract language aim to do?
  • Who or what does it protect?
  • What are the risk considerations for the university?  For end users?  For the service provider?
  • Which would you sign and agree to?
  • Which would a commercial service provider sign and agree to?

Cloud Assessments:  Conclusions

  • Specificity matters
  • Consider whether it is more helpful to spell out what a SP will do OR what they will not do
  • Some flexibility is required:  if you want to use a commercial service, determine what is reasonable
  • Do not accept standard commercial terms or “click through”
  • Do not assume the worst of commercial SPs
  • Consider the future and ongoing relationship
  • Remember that both sides are managing risk and the overall aim is to to come up with something that both your campus an the SP can live with

 

 

 

My EDUCAUSE 2013 Mega Post

One the things I try to do when I attend conferences is to make a detailed record of all the sessions I attend, with the exception of keynotes, which tend to get really good coverage from other folks.  I live blog the events as I attend them, which hopefully helps those who committed to other sessions, and then I do one of these “mega posts,” which summarize all the posts I attended.  Based on my itinerary, 2013 seems to be the year of big data and analytics.  I’m willing to bet a lot of my fellow attendees will agree 🙂

I’ve been in higher education for just over seven years now, and somewhat amazingly, this was the very first EDUCAUSE event I’ve ever attended.  Why didn’t anyone tell me about this conference?  It was an extremely worthwhile event, at least for me…one of the meetings I had will likely save my division close to $50,000 each year!  That savings will go a long way toward providing students at CSUN with more and/or better services.  There were lots of great sessions to attend, with lots of smart folks sharing what they’re doing with IT on their campuses.  I’ll definitely be back next year.

Without any further ado, here’s my EDUCAUSE 2013 mega-post…please drop me a line and let me know if this helps you!

 

Friday, October 18 (last day of EDUCAUSE was a half day)

 

Thursday, October 17 (my busiest day)

 

Wednesday, October 16 (spent a few hours prowling the vendor floor and visiting with my accessibility colleagues)

 

Tuesday, October 15 (each session was a half-day long)

 

Silver Linings Playbook: Hard Earned Lessons from the Cloud

Session Title:  Silver Linings Playbook:  Hard Earned Lessons from the Cloud

Presenters:

  • Bob Carozzoni, Cornell University
  • Erik Lundberg, University of Washington
  • Bill Wrobleski, University of Michigan

The presenters agreed that they are all slightly insane, which is a good sign, IMO 🙂

Presentation Survey:  tinyurl.com/edu-silver

 

Session Goals:

  1. Challenge you to rethink the implications of cloud computing
  2. Provoke you to think beyond the status quo
  3. Inform you of what we’re seeing as we move forward
  4. Learn from you by asking questions

 

SLIDE:  It’s a BYOA (Bring Your Own App) kind of world:

  1. Consumers are more in contorl
  2. IT decisions are increasingly being made by non-IT pros
  3. Big, long software selction processes are a thing of the past

We generally don’t have the time to talk through the tech that touch the consumer.

 

SLIDE:  If no one follows, are we leading?

With SaaS, vendors go straight to the consumer (business).  Consumers are driving the bus.

 

SLIDE:  IT can lead in a new way, by:

  • Partnering
  • Inspiring
  • Coaching
  • Brokering
  • Enabling

 

SLIDE:  Slow Central IT means no central IT (be on the train or be under it)

Reality is that IT is never fast enough, even if you’re operating at peak efficiency and in the best possible way.

  • Concept to delivery must be faster than ever in a cloud world
  • You need to learn to move at the speed of cloud
  • A great but slow implementation is an unsuccessful implementation

 

SLIDE:  If you can’t take risks, end users will do it for you

  • Users take risks, often without even realizing it
  • No longer is risk managed through a single central decision /contract
  • We don’t have to be reckless, but we have to rethink how we look at and manage risk

Thinking about risk needs to be shifted.

 

SLIDE:  On-premise systems are too risky

  • Cloud providers survival depends on a rock solid security posture
  • They’re bigger targets, but they also make bigger security investments
  • Your IT security officer may soon be leading the charge to the cloud!  (there’s a big difference between security and compliance)

FISMA compliance may drive some ISO’s to push for the cloud

 

SLIDE:  big vendors rock (and suck)

  • Big vendors offer stability.  Also deep pockets for innovation, though not always in the direction we need
  • Small vendors are nimble, and will actually listen to higher education
  • Mastery of vendor management will become a critical IT skill

Independently we can’t influence big vendors, but they are responsive to consortia like Internet2, EDUCAUSE, etc.  While universities were cauldrons of innovation in the past, today we’re just small fish.

 

SLIDE:  Candlestick makers usually don’t invent lightbulbs

  • Transformative changes rarely come from someone immersed in operations
  • It’s hard to see over the horizon when you’re in the weeds
  • Liberate your change leaders so they can focus on change

Be careful in selection of your change agents and leaders!  People with positional authority are often NOT the people who can actually move the logjam forward.  You have to be intentional about giving people the free time and space to innovate.

 

SLIDE:  You need to be more fliexible than your cloud vendor

  • Customization creates lock-in, “version freeze,” and raises the cost of updates
  • Alter you business processes not the SaaS app
  • The days of customization are coming to an end

Using SaaS gives you economies of scale; you may need to stop thinking about app customization and start thinking about changing your business processes.  Expectations of your customers are different when using services provided by say, Google.

 

SLIDE:  Watch your Wake!

  • Cloud adoption, like any change, disrupts lives of real people
  • Find ways to support those affected by your transformation efforts
  • Help people work outside their comfort zones, but keep it outside their fear zone

The intellectual challenge is different now..instead of integration it’s a new intellection challenge.

 

SLIDE:  Experience can be a boat anchor

  • Deconstruct habitual thinking that’s based on old paradigms
  • Old  “What problem are we trying to solve?”
  • New: “What new opportunity does this present?”
  • Most of what we have learned about procurement, rsik management, project management, financial models and staffing is changing

Consumers don’t shop based on requirements, we shop based on what we want (right color, size, cost, etc.).  How we staff will change.

 

SLIDE:  Don’t Fight Redundancy

  • Cloud makes duplication more affordable
  • Feature overlap from our perspective is micro-specialization from the end-user perspective
  • Sometimes duplication is  bad, but it isn’t bad as a principle

We don’t worry about duplication in consumer products like ovens, toaster ovens, toasters, bagel toasters 🙂  Thinking about the middleware and integration points is probably a more useful exercise.

 

SLIDE:  Welcome to the Hotel California (check-in but never leave)

  • Make an exit strategy part of the selection and on-boardiing process
  • Getting your data isn’t hard, getting your meta data is
  • Architect to control key integration points, to minimize lock-in

Does your exit strategy work?  Have you ever tested it?  Automobiles are very dangerous, but have we stopped driving them?  No!  They’re far too useful.  We insure them!

Our focus is changing.

 

SLIDE:  Reviewed Summary of Survey

 

AUDIENCE QUESTIONS

Biggest risk is the network…how do you address that?  Students have multiple ways to get to a network, whether it’s 3G, wifi, etc.  Even identity is a risk if it’s housed on campus.  Even the network itself is a security consideration.

 

Have you found a good way to deal with risk incurred by click-through agreements?  We work with procurement to review P-card stuff to see what people are buying here and there.  Click-throughs have never been tested in court…yet.

 

Can we take advantage of the work done by other campuses?  YES!  Aggregation of vendor negotiations is a good thing for everyone, sort of like a “buying club.”

 

What if the negotiated contract ISN’T good enough for your counsel?  The university needs to make that decision for itself.

 

What strategies have you used to get traditional procurement folks to get over their concerns with risk?  We’ve dealt with it from a relationship perspective.  You need to become best friends with your procurement folks.  We developed a default addendum that covers every single issue that might “light up” our procurement folks.  Our addendum supersedes your contract.  This shows that we’ve heard their concerns

 

Cloud “stuff” is very much like a cafeteria where consumers pick and choose the services they want…what services do you see IT continuing to value and maintain?