Hardware Asset & Lifecycle Management

This task force looked at how devices enter, exist in, and exit the university environment. Task force lead: Sarah Christen.

Major Discoveries 

• Across the colleges and administrative units there exists significant variability in procurement practices of devices and peripherals.
• There also exists significant variability in identifying, collecting, tracking, and reporting on institutionally owned devices.  
• There is no central responsibility, standard, or system for tracking or reporting on these institutional assets. 
• There is no common device lifecycle management across campus.

Operational Impacts

• There exists an elevated risk of device theft.
• It is difficult or impossible for the university to report on security compliance.
• The university has an unknown institutional compliance to federal and state regulations.
• Negative cyber security impacts arise from theft, non-standard imaging, and old devices that may be vulnerable to OS and hardware vulnerabilities.

Software Asset & Lifecycle Management

This task force looked at how software enters, exists in, and exits the university environment. Task force lead: Debbi Kruszewski Warner.

Major Discoveries

• Software Asset and Lifecycle Management is broken.
• Over $20M is spent on software annually. 
• Purchasing is decentralized causing duplicative, inconsistent, and redundant efforts. One (of many) examples: Six units purchased one software title independently. Each unit signed a different contract with different pricing.
• It is very difficult to get supporting data about our software purchasing history because we use the same object codes for hardware and software purchases.

Operational Impacts

• There is no straightforward way to respond to vendor license audits, and audits are time consuming, inaccurate, and expensive. In FY2022, Cornell spent $1M on audit true ups. 
• The current licensing and allocation process is cumbersome, and our risk is increased by the number of people involved.
• We are not taking advantage of volume purchase agreements and/or site licenses.
• Contracts and end user license agreements are reviewed and signed by those unfamiliar with legal terms and agreements.
• Cornell could potentially save 20-25% by consolidating responsibility and authority into one central group.
• Software is seen through the lens of each college or unit, not the university as a whole.

Metrics & KPIs

This task force looked at the data points available to make effective IT decisions at Cornell. Task force lead: Chris Hufnagel.

Major Discoveries

• The University lacks the ability to measure metrics and key performance indicators (KPIs) for information technology (IT) accurately and efficiently. 
• While colleges and administrative units are measuring some aspects of IT, the results cannot be compared or combined because of differences in methodology and definitions. 
• This gap constrains university-wide, multi-level, data-driven, decision making and poses difficulty in validating the quality, cost, and value of IT at Cornell.
• IT seen through the lens of each college or unit, not the university as a whole.

Operational Impacts

• There’s little insight into impacts of IT investment (or lack of), which reduces the effectiveness of short-term and long-range strategic planning.
• Cornell has limited-to-no ability to make cross-campus or university-wide decisions using sound data, which increases likelihood of decisions being driven by perceptions, influence, or preference.
• It is difficult to compare IT structures and investments across units, which creates disparities, confusion, and tension with staffing levels, roles, and responsibilities, thus creating deeper human resource issues.
• Lack of impartial data also creates a perception among IT peers, faculty, and staff that IT units are staffed inconsistently and inequitably.
• Customers and constituents face uncertainty, and ultimately frustration, about which IT units provide support to whom, for what, and why.

Imaging & Provisioning

This task force looks at computer imaging (initial operating system and software install) and provisioning (ongoing management of a system). Task force lead: Scott Yoest.

Major Discoveries

• Campus wide individual, unit-based methodologies to address provisioning, deployment and ongoing management of computing devices have developed over the years. This organically grown set of solutions has created a lack of consistency and reportability, redundancy in effort expended, a lack of unity in addressing challenges and security concerns that are common across the enterprise.
• There is an inability to manage and report on devices based on use case due to the current provisioning process. The process does not include standardization or categorization of data recorded at the time of provisioning. 
• The Cornell DNS solution does not meet operational needs or policy requirements. 
• Lack of automated bios configuration.
• Establishing appointments for deploying systems to end users is complicated and time consuming.
• Overall staff times spent to prepare systems were determined as follows:
  • 146 minutes on average per standard Windows unit
  • 214 minutes on average per non-standard Windows unit
  • 121 minutes on average per standard Macintosh unit

Operational Impacts

• A total of 4.1 work years of staff effort was consumed in provisioning Cornell’s current fleet as only standard units (approximately 20,000 Windows and 10,000 Macintosh). In truth, the actual effort is even higher, as the fleet includes non-standard units.
• Maintenance of an accurate, up-to-date DNS record for all devices that exist on the Cornell network is required. However, accurate records are nearly impossible to achieve currently.
• After receipt from factory, systems need to have BIOS settings modified, requiring manual processing prior to deployment. Examples include settings for dock, keyboard, mouse, power, and BIOS password.
• Windows devices require OS patching and driver updates post imaging, consuming staff resources. 
• During deployment of new computers, printers typically need to be added manually for each user. Staff time is required to install printers and drivers for the user and/or teach the user how to install the printers themselves.

For additional detail or information, contact individual task force leads.