All that's green turns gold

October 09

fallcolor

With stately Catt Hall towering in the background, students journey across Iowa State's scenic central campus, silhouetted by autumn's golden foliage. The university's award-winning campus landscape is picturesque all year, but the fall colors seem to especially magnify that beauty. Photo by Amy Vinchattle.

Input sought on eight efficiency proposals

By Anne Krapfl
October 09

Staff positions impacted by efficiencies gained in five more proposed administrative business cases in the state Board of Regents' TIER study could be absorbed in most instances through "natural attrition" over several years, say the consultants doing the study. But board president Bruce Rastetter said it's premature to talk about position cuts because the board won't make decisions about implementing the additional business cases – a cost/savings/risks/benefits analysis of specific efficiency proposals – for at least five weeks.

In a special board meeting on Oct. 2, members from Deloitte Consulting summarized eight business cases (PDF) in the areas of information technology (4), facilities (2), human resources and financial transactions. The three universities now have time to discuss the proposals and provide input to the board and consultants. That process includes a town meeting on each campus; Iowa State's is Monday, Oct. 13 (8:30-10 a.m., Memorial Union Gallery), and all are invited. It will be video streamed and tweeted (@IowaStateUNews) for those unable to attend.

"We're looking for feedback from the universities prior to going ahead with any implementation phase," Rastetter said.

For proposals that might be implemented, he said the board also would rely on the university communities to indicate what they have the time, resources and expertise to tackle themselves. The Deloitte team offered three implementation models: university-led, consultant-coached or consultant-facilitated.

At a Nov. 14 telephonic meeting, the board is expected to decide on the future of each proposed business case.

TIER (Transparent Inclusive Efficiency Review) is a board-initiated review of the three regent universities to identify areas for dollar savings and/or more efficient processes. In February, the board hired Deloitte Consulting to lead the review.

Rastetter said the TIER goal is to strengthen public higher education for the long term.

"We know our present system is not sustainable. It's only sustainable if we're going to increase tuition, increase student debt and ask the state for more money," he said. "Any savings we have with this, we've told the universities they're going to reinvest to create better universities and better programs."

Proposals are estimates

Deloitte project manager Virginia Fraser emphasized that the business cases are estimates. "They're not precise, they're not 100 percent accurate. But it is the right level of analysis to inform a decision," she said. "We expect our estimates to change as we move into implementation. Some will go up, many will go down. That's a normal part of the process."

In their presentation to the board, Deloitte team members indicated that efficiencies gained could consolidate and eliminate Iowa State positions in five of the proposals. Typically, those losses could be absorbed through "natural attrition" (noted with *). At Iowa State, that's turnover between 7 and 9 percent annually. The consultants mentioned both attrition and phased retirement for two of the cases (noted with **).

Here's a summary of the eight business cases:

In the area of information technology

(two technology-related proposals would precede two operational proposals):

  • As use cycles end, replace desktop computers with thin client option (networked computer without its own hard drive), and replace personal printers with networked printers that serve groups of employees. Estimated annual savings at Iowa State, including lower energy costs, is $1.6 million-$2 million.
  • Reduce the number of software applications purchased or developed within and across the three universities* and create an inter-university council that finds a consensus regarding the overall inventory, particularly in areas common to all (for example, facilities management or library management). Estimated annual savings at Iowa State is $1.6 million.
  • Technology changes from the above proposals, future innovations and leaner supervisor/employee ratios will "transform" central IT services.* Estimated annual savings at Iowa State is $500,000.
  • Reduce duplication of services between central IT and distributed IT units.* Use a central team for common infrastructure-related services (for example, server or network management, help desk, end user support), with department teams focusing on local or specialized needs such as research. Estimated annual savings at Iowa State is $1.5 million.

In the area of internal financial transactions:

  • Streamline and standardize how the universities provide some finance transactions (suggested are travel and expense reports, purchase requisitions, accounts payable and accounting services), offering them at either the college* or university** level. Estimated annual savings at Iowa State, once startup costs are recovered, is $1.7 million to $2.7 million. Both options would involve retraining and relocating employees. As estimated by the consultants, shared services at a university-wide level could result in greater savings, but also greater shifts in staffing.

In the area of human resources:

  • Revise Iowa State's decentralized HR services model. Options include purchasing** ($10 million) or updating** ($2.3 million) the current HR information system, with the goal of decreasing manual processing and data entry, increasing access to information and improving security and reporting capabilities. Some HR liaison employees around campus would be retrained. Once implementation costs are recovered, estimated annual savings at Iowa State is $800,000 to $2.1 million.

In the area of facilities management:

  • Invest in energy-saving initiatives (for example, digital control systems, occupancy sensors and new light fixtures) with short payback periods and financed through a new energy management fund of $1.85 million. The emphasis is on saving money rather than sustainability. Estimated annual savings at Iowa State is $270,000.
  • Adjust thermostats in classroom buildings during evenings and the summer (this proposal applies only to Northern Iowa).

First implementation contract on hold

At its August meeting, the board agreed to implement changes related to university purchasing processes and to negotiate a separate contract with Deloitte to lead that implementation work. Rastetter said that contract is on hold pending the board's November vote on the eight remaining business cases. 

Oct. 13 town hall topic: Proposed efficiencies

By Diana Pounds
October 09

Consultants will present their latest efficiency recommendations -- in the areas of information technology, human resources, finance and facilities -- during a town hall meeting on campus Monday, Oct. 13.

It's Iowa State's third university-wide forum, held in connection with the state Board of Regents' Transparent Inclusive Efficiency Review (TIER) of the state universities.

Follow the forum live

The university community is invited to attend the meeting (8:30-10 a.m., Memorial Union Gallery) to discuss the recommendations with representatives of the regents and Deloitte Consulting, the firm conducting the review. Those who are unable to attend can follow the forum through a video livestream or on Twitter (@IowaStateUNews). Archived video will be available a few hours after the forum.

Business cases

The focus of the town hall is eight business cases developed by the consultants. A business case is defined as a costs-benefits analysis of an efficiency opportunity. The eight business cases are summarized in this week's Inside Iowa State article -- "Input Sought on Eight Efficiency Proposals."

Questions and comments

The town hall will include a brief presentation followed by a questions-and-comments session. There are several ways to pose questions:

  • Submit questions in person or via cards provided at the meeting
  • Send questions to tierforum@iastate.edu, during or in advance of the meeting
  • Tweet questions, using #TIERforum during the event

Feedback matters

In a recent TIER update, board officials encouraged feedback through university town halls, public meetings and the regents' TIER website to "help the board determine how and if it should move forward with implementation" on the business cases.

The regents will hold a telephonic meeting on Nov. 14 to vote on the eight business cases.

Cyber security moves

By Diana Pounds
October 09

Would-be intruders are always out there, poking at the edges of the university network, looking for a way in. To help keep intruders at bay, information technology services (ITS) is rolling out a number of cyber security measures this school year.

Among those measures are encrypted laptops, software that sniffs out security holes in campus servers and stronger passwords. They're part of a six-point plan developed last spring in the wake of breaches on several department servers.

"There are technological ways to tighten security, said chief information officer Jim Davis. "We'll add some new software tools. We'll tap into expertise at the Information Assurance Center, which is nationally recognized for research and education in cyber security.

"But our technological efforts aren't enough. We'll need broad collaboration across the university community to secure our network and information. Everyone with a Net-ID and password has the key to some part of our network. We all have an important role to play in ensuring its safety."

Davis and several other IT officials recently talked about why and how new security measures will be implemented on campus. Joining Davis in the conversation, summarized below, were associate CIO Angela Bradley, systems and operations director Mike Lohrbach and information security officer Andrew Weisskopf.

1. Scanning for protected information

Among the thousands of servers and storage devices on campus, there are many forgotten files. Out of sight, deep in the folder hierarchy, most are innocuous -- old memos, drafts, reports. Some, however, are more troublesome. They could contain Social Security numbers of former students (as was the case with last spring's security breach) or other kinds of personal information, such as driver's license, passport or credit card numbers.

A new software program, IdentityFinder, is making it considerably easier to find pockets of protected information on campus servers. The software, provided to college and departmental IT staff in August, currently is scanning university web servers in search of data patterns that may indicate the presence of Social Security, credit card, driver's license or passport numbers. When it finds a likely pattern, it alerts the appropriate administrator to the file location. The administrator then checks the file to determine if it contains confidential information and takes appropriate action.

Once all web servers have been scanned, IdentityFinder will be used for similar scans on campus file and database servers.

2. Scan for bugs, vulnerabilities

Timely security updates on several storage devices might have prevented last spring's security breach. Unfortunately, keeping up with the steady stream of updates for browsers, operating systems and software is daunting, especially for IT administrators who are managing multiple servers.

The task will get easier with another scanning system that may be on campus as early as spring semester. Unlike IdentityFinder, the new system won't look for files that may contain confidential information. It will scan university servers in search of vulnerabilities -- potential security holes in everything from operating systems to browsers. IT administrators throughout campus can use the system to find vulnerabilities on their own servers, and plug security holes before intruders find them. The system won't be used to scan individual desktop computers.

3. Encrypting laptops

A login password won't protect the contents of a stolen laptop. That's because the thief can bypass the password altogether by plugging the laptop's hard drive into another computer. Data theft gets a lot harder, however, on an encrypted laptop. Without a password or an encryption key, the laptop won't yield anything but unreadable gibberish.

That's why Iowa State is moving toward full-disk encryption on all university-owned laptops. ITS has begun encrypting laptops of its clients. Windows laptops get Microsoft's native Bitlocker encryption and Macs use Apple's FileVault 2.

Other departments and units will be required to install encryption on their laptops as well. ITS staff are putting the finishing touches on a best practices document, and the official documentation should be available soon. An important issue is ensuring that IT has a way to recover data if users lose their encryption keys or passwords. ITS' solution is to securely store the encryption keys for its clients' laptops.

XKCD webcomic on password strength

See why hard-to-remember passwords are easily cracked. Source: xkcd.com.

Users shouldn't notice much difference between encrypted and unencrypted laptops. They'll sign onto encrypted laptops just like they did before, with their Net-IDs and passwords.

4. Stronger passwords

Virtually any security measure put into place on the university network can be foiled by a compromised password. And the kinds of passwords most of us have -- eight letters or so with a few numbers, symbols and capital letters thrown in -- are easily cracked by software programs that can spew out a thousand guesses a second.

ITS staff are working with university committees and cyber experts to come up with a policy to strengthen passwords. No requirements have been developed, but ITS officials say it's fairly certain that most passwords will need to be longer and that we'll all be required to change our passwords occasionally.

The good news is that longer password phrases are easier for humans to remember and harder for computers to crack.

5. Protect personal info in reports, AccessPlus

ISU officials recently began a review of business processes and reports with the goal of:

  • Reducing the number of reports that contain confidential information
  • Reducing the number of people who have access to those reports

SSNs are a key target for the reviewers. While SSNs are still needed in some areas, like financial aid, payroll and human resource services, officials want to be sure that the number of people with access to SSNs is kept as small as possible.

ITS officials also are considering extra authentication steps or another type of added security on AccessPlus. Someone who gains entry to your AccessPlus account can change direct deposits or even grab your W2, file a tax return and beat you to your own tax refund. Both kinds of incidents have occurred at other Iowa universities in recent years.

6. Provide workshops and training on security

Over the summer, ITS released "Don't Be Fooled," a well-received online training video to help faculty, staff and students spot fake web pages and possibly dangerous links. More training opportunities will be introduced to the university community in the coming months.

"We're working hard to let the campus community know what the risks are and provide them with the common-sense things they can do to help keep our network safe and secure," Davis said.

New award established for P&S employees

By Erin Rosacker
October 09

The Professional and Scientific Council added a third category to its CYtation awards list, this one created to honor long-time council member and ISU employee Dan Woodin, who died last year.

Lindsey Wanderscheid, chair of the council's awards committee, said development of the award began soon after the council passed a memorial resolution to recognize Woodin's service, including four terms as president.

"It's amazing how much he did for P&S Council," Wanderscheid said.

The committee developed the criteria and initiated the process to establish the award. The group met with Woodin's family, who endorsed the award, and partnered with the athletics department to provide a pair of skybox tickets to the 2015 football home opener.

One Woodin CYtation Award will be presented this spring to a P&S employee who:

  • Demonstrates exemplary service to the council or P&S employees
  • Shows willingness to go above and beyond
  • Displays a positive attitude and compassion for others
  • Treats everyone with respect
  • Exhibits leadership, innovation and initiative

Nominations for all three P&S CYtation categories -- individual, team and Woodin awards -- are due Dec. 1. Information about the awards, including criteria and nomination forms, is available on the P&S Council website. Recipients will be recognized at an awards banquet in spring 2015.

Get 'exCYted' for Homecoming 2014

By Paula Van Brocklin
October 09

button

Buy this homecoming button for $5 and enjoy lunch on central campus the rest of the week. Photo by Amy Vinchattle.

Homecoming 2014, "Experience the ExCYtement," kicked off earlier this week and culminates with an array of weekend events. In addition to this year's traditional homecoming activities, Cy is celebrating his 60th birthday, complete with cake and balloons. Below is a list of public, family-friendly events for the remainder of homecoming weekend. All activities are free unless indicated.

Thursday, Oct. 9

  • Beginning today through Oct. 13, each CyclONE City Cy statue around Ames will hold a balloon honoring Cy's 60th birthday, map of locations
  • Food on Campus (11 a.m.-1 p.m., central campus), orange chicken, sesame chicken, lo mein, fried rice, fortune cookies, free with purchase of $5 homecoming button (available at the lunch or the ISU Alumni Center, 8 a.m. to 5 p.m. weekdays)

Friday, Oct. 10

  • Food on Campus (11 a.m.-1 p.m., central campus), pork patties, carrots, chips, cupcakes, free with $5 homecoming button
  • Honors and Awards Ceremony (1:30 p.m., Benton Auditorium, Scheman Building), dessert reception follows, list of award winners
  • Homecoming celebration and pep rally (5-9 p.m., Alumni Center), pizza available for purchase or free with a homecoming button (5-7 p.m. or until it runs out), birthday cupcakes honoring Cy, cash bar, family-friendly tailgate games and giveaways, live music, ISU marching band and spirit squad (6:30 p.m.), and pep rally (7 p.m.) featuring coaches, student-athletes, Yell-Like-Hell finals, Cardinal Court and a "Happy Birthday" salute to Cy
  • ExCYtement in the Streets (8-10 p.m., Greek community), lighted lawn displays created by teams of ISU Greek chapters, map of locations
  • Pancake feed (10 p.m.-midnight, central campus), $3
  • Mass campaniling and fireworks (midnight, central campus)

Saturday, Oct. 11

  • College open houses (9-11 a.m.): Curtiss, Gerdin, Design, Howe, LeBaron, MacKay and Palmer halls open for self-guided tours
  • Cyclone central homecoming tailgate (9 a.m.-2 p.m., Alumni Center), cash bar, Cyclone gear for sale, spirit squad, marching band, a visit from Cy and kids activities
  • Iowa State football vs. Toledo (2:30 p.m., Jack Trice Stadium), tickets are $25-$65