Risk Reduction
Vital university information needs to be protected and business continuity, or restoration after a major event, are both parts of OIT's strategy for risk reduction. IT security, redundancy, cloud services, and recovery planning are all part of our helping to make sure you can confidently use technology in your job.
Secret Server and LastPass
OIT has adopted Secret Server as a secure shared password store for our systems use and LastPass Enterprise as a secure personal password store for campus use, allowing only those who are entitled to access online resources.
Amazon Web Services
We are moving services to Amazon Web Services (AWS) to improve the availability of Enrollment Services and Commencement applications, among others.
Duo MFA
OIT rolled out multi-factor authentication with Duo to reduce the consequences of password theft.
DR drills
OIT has a disaster recovery (DR) and business continuity plan for all of our services, and we conduct annual DR exercises within OIT and with partners to test and improve those plans.
Cloud Services
We are using other cloud services such as Microsoft's Office 365 which includes cloud email and file sharing.
Windows Server
We continue to upgrade Windows servers and databases to current, secure versions, and implementing network firewalls as requested by partner departments.
Office 365
This year we conducted a pilot of the features included with A5 licenses. The pilot departments received advanced security integrated with email and their desktop environment, Office 365 Safe Attachments and Windows Defender ATP.
Tenable and VMP
We are now using Tenable to scan for vulnerable systems, and (with suitable communication with system owners) our Vulnerability Management Program (VMP) isolates vulnerable systems from the rest of UCInet. We continue to gather data on the servers which have sensitive data, and ensure they comply with the higher security standards appropriate for them.
Phishing Awareness Campaign
and Cybersecurity Training
Security measures include assisting the campus community in understanding their role in keeping the campus secure. We promote, along with UCOP, participation in annual cybersecurity training, and add our own efforts such as our phishing education campaign.
Security Information and Event Management
We have begun developing a Security Information and Event Management (SIEM) process to respond to cybersecurity attacks.
Data Protection
We have complied with the requirements of Europe's new General Data Protection Regulation (GDPR) communication standards.
Payment Security
We have implemented Payment Card Industry (PCI) security standards.
Retiring Legacy Systems
Managed workstations and servers were upgraded to Windows 10 and Server 2016 from Windows 7 and Server 2008. This was done in advance of Win7/2008 end of life in Jan 2020.
VEEAM and VMware
We have deployed VEEAM cloud backups and continue to expand our VMWare virtual server infrastructure for fast recovery from inevitable hardware and software failures.
Stabilize and Secure
We are identifying unsupportable, insecure, and otherwise obsolete systems and developing more stable and secure alternatives, including outdated SmartClassroom equipment, the Payroll/Personnel System (PPS), Security Access Management System (SAMS) which associates staff with authorization to access various online systems, the Electronic Document Library (EDL) in favor of FileNet, migrating older Sun SPARC systems to Linux, and retiring aging EEE applications in favor of EEE+ and Canvas.