Improving Campus IT Security

Posted on: August 20, 2015

On September 1, 2014, the Executive Compliance Committee approved a policy change to reduce the overall risk of cyber-attacks on campus by increasing physical security and information security. The policy requires commodity IT servers to transition to our virtual server environment or be co-located in the University Data Center (UDC). Commodity servers are defined as systems providing basic information technology services (e.g., web services, mail services, file services, database services, directory services, collaboration services) to the University’s colleges, schools, and units. In special cases, exception requests may be granted by the Information Security Office (ISO).

Earlier this summer, the ISO sent a message to the campus IT support community asking for their help in gathering information on approximately 400 commodity servers located outside the UDC. To ensure compliance, the ISO requested information on the future disposition of these servers (co-location, or retirement, or virtualization) and estimated dates when these corrective actions will be completed.

So far, the ISO has received a 97% response regarding the disposition of the non-compliant, commodity servers on campus. Of those, 65% either have been or will be retired, 26% are planning to physically migrate to the UDC, and 9% are expected to move to the University’s virtual server service. To encourage adoption of both virtualization and co-location in the UDC, the rates for these services are highly subsidized. Many Colleges, Schools, and Units who have virtualized or co-located servers have freed-up valuable space and are reporting reduced operational costs.

The ISO is on track to have plans for the remaining commodity servers by the end of the month. As the campus IT support community continues to implement this policy change , we will be better able to protect UT Austins digital assets and reduce the risk of cyber-attacks on campus. If you have questions about this policy, please contact the Information Security Office .

See Also: