- Performance and Information Technology
- Technology Plan
- IT Security & Networking
Technology Plan
Page Navigation
IT Security & Networking
-
Information sharing is vital to carrying out the District’s mission to ensure every student will graduate ready for college and career. Information about students, staff, courses, programs, fa- cilities, and fiscal activities is collected and maintained to effectively coordinate services offered, measure learning progress, assign and monitor staff and resource use. It is essential to have an effective information security strategy to protect the confidentiality, integrity, and availability of the District’s information assets.
IT SECURITY
-
Current Reality
- Palo Alto firewalls detects/blocks sophisticated attacks by URL filtering/enforcing security policies at application level.
- Securly web filter provides safe internet access for our students while off campus.
- Cyclance provides endpoint protection to servers and workstations.
- Rapid 7 Vulnerability Scanner used to scan devices on the APS network & report vulnerabilities to teams for mitigation.
- Active Directory/Microsoft Identity Manager are identity management tools used to manage user digital identity, credentials, and groupings. With the use of Active Directory group policy, the IT Team manages users and governs how users and computers operate within the APS network and provide a consistent security configuration in the environment.
- Multifactor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to resources such as VPN, email and ERP.
- Proofpoint is the email security tool used to filter emails for malware, phishing and spam.
- Clearpass Network Access Control tool used to implement policies controlling devices and connected users.
- IP and Analog Security cameras (conversion to full IP system is planned).
- Support for Safety & Security Systems: Fire and burglar alarms; Intercom system Badge readers; Motion Sensors; Metal Detectors; Perimeter Door Audible Alarms; Door/Vestibule Stations – (Buzzers).
- APS Information Technology has made great strides to improve the security infrastructure. However, more needs to be done in the areas of organization policy and processes to minimize security risks. These risks include but are not limited to: Critical system failures; Unauthorized access to confidential information; Loss of electronic educational records; End-point patch management; Mandatory cybersecurity training.
Gap Analysis
APS IT has implemented some cutting-edge security technologies, but there are still challenges managing security risks due to the lack of, or the need to re–engineer organizational and operational policies and processes. Information security policies must be a shared vision that requires input and commitment from the whole organization and buy-in from senior leadership.
- Lack Of Contingency Plans for newer security cameras.
- Coordination With Local Law Enforcement & First Response Agencies (Pending).
- Lack of Awareness of New Security Technology – Collaborate with stakeholders on security needs, i.e. The International Security Conference – West, the American Society for Industrial Security Global Security Exchange.
- Cell Phone & Radio Reception Limitations – At some schools and administrative sites, cell phone reception is weak, or non–existent.
- Lack of Integration Among Systems – There are systems that cannot be integrated due to safety regulations.
- CCTV “Pop-up” at CCR – Intrusion alarms “self-activate” the camera nearest the location to a dedicated screen.
- “LPR to SRO” –This directly informs the SRO assigned at a location that a vehicle entering the property is to be evaluated. Early detection can address a wide range of issues, from a stolen vehicle to a “Megan’s Law” predator.
- Single button – LOCKDOWN (SBL) – Single button lockdown allows for car-reader entrances for police personnel only.
- CCTV Additional integration – Implement Main Office monitor which will only display with the nearest camera to an alarmed door to circumvent the main entrance and vestibule, to avoid screening and ID at that location.
- Playgrounds Point to Point (PTP) Wireless Technology for CCTV – Good CCTV coverage of playgrounds is often difficult, as they are distant from the main building, so, the ability to have wireless technology cameras should be explored.
Future Vision
The vision of IT Security & Network Services is to safely secure the District’s assets by establishing an IT Security Framework that will enhance the educational experience. This will be accomplished by building relationships and collaborating with organizational leaders to provide appropriate security policies, processes, and controls that will incorporate security practices into the daily use of the District’s information assets.
This vision includes four strategic objectives and 8 key initiatives necessary to iteratively improve the security posture of the District. Assuming that there will be sufficient resources for people, processes, and tools, it will take 3 to 5 years to fully implement all the objectives.
- Proactive Risk Management – Initiatives that will support this objective will allow data owners and administrators to be more aware of the security risks that their information assets are vulnerable to, identify controls to reduce those risks, and understand what risks remain after any identified controls have been implemented.
- Data Loss Prevention – Initiatives that support this objective will help the District reduce the likelihood of data loss or disclosure of confidential or federally protected data.
- Improved Security of System and Network Services – Initiatives that support this objective will support a defense in-depth architecture and provide increased security of critical services. Many of these initiatives and projects are required to be in place according to Federal regulations and various State laws (FERPA, HIPAA, GLBA, GPIPA, etc.).
- Crisis and Security Incident Management – Initiatives that support this objective will help the District recover its information assets in the event of a catastrophic event or service disruption. Additionally, these initiatives will enable the District to manage security events more efficiently and effectively, thereby reducing or minimizing damages.
NETWORK
-
Current Reality
- The APS enterprise network infrastructure runs on both Cisco and HP platforms, with approximately 4,500 switches. The District’s backbone network is co-located at two central facilities with a total bandwidth of 40 GB, 20 GB at each location.
- Most of the schools and remote administrative sites connect back to the central locations with 1GB Multi-Protocol Label Switching (MPLS) Wide Area Network (WAN) circuits.
Gap Analysis
Considering the drive towards a “21st century classroom”, in which the model of instruction is leaning towards heavy use of online instructional technologies, namely in the areas of augmented, virtual and mixed reality content and online testing, we need to improve the network infrastructure and capacity.
Future Vision
SHORT TERM VISION
The future of instructional technology will be characterized by the ever-increasing amounts of multimedia content traversing the enterprise network.
To prepare for the future requires planning and upgrading network infrastructure inside the schools and the external WAN and Internet capacity. For classrooms, this includes upgrading to more robust access points to support the increase of devices in the classroom, as well as having network switches that can support the needs of these access points and other instructional technologies.
LONG TERM VISION
In support of the growing need for network capacity, it is recommended that APS implement a private fiber ring solution. This will provide direct fiber connectivity between the central facilities and all remote sites. Future bandwidth demands can easily be fulfilled by simply installing the appropriate fiber optics. Alternatively, APS can adopt a LTE Wireless topology which provides dynamic bandwidth capabilities. All sites will aggregate back to the two central facilities:
- Central locations will have direct connectivity to each Hub site over 50 GB per site.
- Data Center will have direct connectivity to each school/site over 10 GB.
- Data Center will have direct connectivity to the co-location site over 40 GB.
All sites will aggregate back to APS’s Data Center with direct connectivity to:
- Each Hub–site over 80 GB.
- Each school/site over 10 GB.
- Telex (disaster recovery) over 10 GB.
- The disaster recovery (DR) site over 40 GB.
IT SERVICE DELIVERY
-
Current Reality
- IT Service Delivery Team consists of the Service Desk (Level 1 support), Field & Service Delivery Support (Level 2 support), I.T. Logistics, and escalation support from the IT School Support Specialists and the Asset Management team.
- Service Desk - serves as first–level support, operating from 7AM-5:30PM, logging incidents and using remote management tools to implement local system activities; also manages support hotlines.
- Field Support - 54 technicians and contractors, support 82 instructional sites and 8 admin offices: approximately 28k desktops and laptops and 3,500 interactive panels/boards used by 40k students and 4,500 staff.
- Student Device Support - 9 technicians troubleshoot student-issued devices and software; approximately 36k Chromebooks, 4k iPads and 10k hotspots.
- IT School Support Specialists and Asset Management Team - 8 staff, 2 managers, and 2 Assistant Directors focus on: Service Desk; Field Support; Student Device Support; Asset Management; Interactive Technology; A/V Event Support.
- Support Specialists and Asset Management units also serve internal business units as project liaisons and representatives on cross functional teams, working to ensure that project initiatives are properly transitioned into supportable operational models that will serve our school users.
Gap Analysis
- Current hours of the Service Desk do not fully support the needs of instructional staff. In addition, the hours do not lend to full event monitoring in the APS Network Operations Center (NOC).
- The existing ticketing system is difficult to manage and requires third–party support. Greater functionality is needed to provide more asset management functions. The poor line of sight into our mobile hardware means frequent asset loss.
- Flexibility will be needed if multiple charter schools choose to purchase technology services via APS internal resources.
- The Service Integration Team supports many initiatives and projects without a clear role and responsibility focus.
- Hardware deliveries are frequently handled in personal vehicles; the IT Department does not have access to a lift gate truck.
Future Vision
- Increase Service Desk staff to provide support from 7AM-7PM to give staff access to high–level phone support throughout the business day. Virtual Assistant technology and Self-service will be introduced, as well.
- Implement new ITIL–compliant ITSM suite to support robust ticketing and tracking processes, to better support management and tracking of all mobile-configurable items, and track laptops and tablets.
- Field Support should move to a clear 1:1 (technician per school) support model to lessen downtimes, and create better collaborative partnership opportunities with schools, with respect to PTA or Foundation sourced technology purchases. With increased human resources, we would also be able to better support internal IT infrastructure projects.
- More clearly define School Support Specialist Team roles, allowing for closer contact with school administrators/staff.
-
- Expansion of School Integration by at least 1 staff person to provide better management of field technicians.
- Expansion of Service Desk, by at least 2 persons, to provide the District with support scalability.
- Assignment of at least four (4) dedicated IT Warehouse personnel & one (1) IT Warehouse lead to better facilitate the warranty management process, parts inventory, & overall asset management activities, including annual site inventories.