• No results found

Information Technology Strategic Plan

N/A
N/A
Protected

Academic year: 2021

Share "Information Technology Strategic Plan"

Copied!
18
0
0

Loading.... (view fulltext now)

Full text

(1)

Information Technology

Strategic Plan - 2014

(2)
(3)

City of Greater Sudbury

Information Technology

Strategic Plan - 2014

Table of Contents

Executive Summary ... 1 

Information Technology Vision ... 1 

Recommendations ... 2  Operating Platforms ... 2  Computers ... 3  Application Security ... 4  Business Continuity ... 5  GIS ... 5  Cloud ... 6  Compliance ... 8  Mobile Devices ... 10 

Bring Your Own Device (BYOD) ... 11 

Project Portfolio Management ... 11 

Social Media Strategy ... 12 

(4)

1

Executive Summary

Technology changes are rapid and what was new five years ago may now be

obsolete. Technology advancements over the last few years have drastically changed the way information is delivered, received, stored and created. While creating many opportunities, it can also create additional workloads on existing resources, added expenses and constraints.

This changing environment means that we all – and particularly IT departments – need to be innovative, efficient and resourceful. Ways need to be found to harness these advancements to achieve more with less and to consolidate while modernizing. This Information Technology Strategic Plan is the result of the Technology Services Division’s dedicated and hardworking staff. Starting with strategies for operating platforms, standards, security and business needs, along with strategies for many new items such as mobile devices, the cloud, social media, open data and BYOD (bring your own device), we have developed a comprehensive IT strategy that

communicates the vision for meeting the City’s Information Technology needs. The last plan was updated in 2007, and many of those strategies are still currently in place, as the plan was intended to be long-lasting. The current plan is our way forward and will form the basis of our IT business plans for the next several years. By working to strategy, we will be able to provide new and improved services to more effectively meet the needs of our clients.

Information Technology Vision

The vision for the Information Technology Department is that:

Information

Technology

provides

quality

service

in

support

of

Corporate

goals

by

evaluating

client

needs,

encouraging

responsible

use

of

technology

and

(5)

2

Recommendations

Operating Platforms

Standardization is a very important item for any Information Technology department. Standardization allows for stable and reliable systems, allowing IT to concentrate on other end user needs as less time is spent on the basic tools.

Our standard network operating system to date has been Novell’s network operating system. IT is currently running a mix of Novell and Microsoft’s Active directory system. The Active directory (AD) system is being adopted by most software vendors and has become a requirement to allow integration of many of our applications.

The standard desktop operating system is Microsoft Windows. The latest version, Windows 7, is being phased in as our primary desktop operating system for the City. Windows 7 offers superior performance and stability for today’s applications and will allow us to operate in a 64 bit environment.

Many unique legacy applications prove challenging for operating in our newer Windows 7 environments. A software solution called Citrix allows for the use of any legacy system to be run independent of the user’s operating system by using a virtual environment. The Citrix system has been adopted to solve these issues and will become a standard moving forward with respect to simplifying desktop environments.

Recommendations:

 Transition our network operating system to Microsoft’s Active directory environment (including file and print) and phase out the Novell Edirectory system.

 Microsoft Windows Operating system will be the standard for all computers including servers. As new versions are released, IT will review and upgrade as required.

 Use Citrix for application/desktop virtualization and desktop standardization.

 GroupWise will remain the standard platform for e-mail. IT will review hosted solutions as they become mature and more affordable.

 Microsoft Office Suite will be the standard for office productivity products.

 Agilis (Sudbury Hydro) will continue to be our provider for connectivity to our city facilities where available, otherwise, DSL/Cable connections will be used.

(6)

3

Computers

The Standardization of hardware remains a key requirement for enabling the IT dept to manage over 2,000 systems city wide. The desktop personal computer continues to provide more power and storage for the least cost, while utilizing less energy.

Enhanced desktop systems can provide excellent processing power for many of the higher end workstation users in place today. When feasible, these high end desktops will be provided as opposed to expensive workstations. The IT policy provides detailed information with respect to the usage of laptops, their security and data protection, as well as allowed personal usage and the recovery of data.

All systems are now purchased with solid state drives to provide good performance over an extended life of at least 4 years.

Some of the City’s work has always been carried out away from the office, for example, by by-law officers and building inspectors. Until recently, laptops were the only

generally available tool for mobile or remote system access and they have been difficult to use in many mobile situations.

The development of smart phones and tablets creates an opportunity both to replace laptops in some situations and to extend mobile system access to applications not currently supported in a mobile environment. Our plan is to leverage the use of newer mobile devices, especially tablets, as an alternative to traditional laptops for staff operating away from their office. Our initial tests of tablets have been positive, especially when used to access web applications.

As IT evaluates any new applications, it will assess how to deliver the associated services more effectively to mobile users. Alternative devices will be deployed for specific uses, where there is an advantage over laptops. IT will assess if and how tablets or other mobile devices can improve staff effectiveness.

Recommendations:

 Standard Desktop computer will be provided to employees that require regular access to the network resources.

 IT Policy criteria is used to evaluate the need for laptops and mobile devices on an individual basis.

 Workstations will be provided to staff where a desktop will not provide sufficient processing power (ex. Autocad).

 IT will evaluate tablets as alternatives to laptops.

 Tablets will be provided to staff that have special requirements that can only be addressed with a portable input device (ex. building inspectors and field

(7)

4

tablets and where a laptop cannot perform the required function without causing significant hardship or inefficiency.

 Staff should not be assigned more than one device (example: a laptop and a tablet).

 IT will evolve our application systems to enhance their usability and value when accessed through a mobile device.

Application Security

Securing Desktops/Servers has required a shift in how they are managed in the new AD (Active Directory) model. Local Administration of desktops and servers will be done via the Active Directory system using only auditable domain based accounts as opposed to local generic accounts. All local administrative accounts will have passwords with complex strings stored and generated with our PCI compliant password management server. Information Technology staff will utilize elevated administrative accounts for administrative tasks to mitigate threats from hackers and viruses. All servers must remain patch current to eliminate security risk. Responsibility for server patching will be

automated wherever possible in conjunction with snapshot technology for protection of the Operating System. Mobile network authentication is required to ensure the security of our mobile workforce. The City has adopted a mobile access system which provides secure remote access.

IT has recently implemented a security review process for applications in an effort to better protect applications from threats. The process includes automated reviews using static code analysis and vulnerability scanning tools, as well as manual auditing of application security. Throughout the development phase of the project, the

application is routinely checked for known vulnerabilities and common attack vectors and if any problems should arise, they are addressed immediately. In addition, prior to the project moving to both staging and production, IT conducts a manual security review of the application. This includes analysis from several team members who then sign-off that, to the best of their knowledge, the application is sufficiently secure to move to staging, and then production environments."

Recommendations:

 Application security code reviews will be conducted for all development

(8)

5

 New security and authentication practices will be enforced for all server administration.

All servers must be patch current to maintain a secure infrastructure.

All laptops must be secured with our mobile security application system.

 Remote access to our systems will continue to be protected by using any combination of firewalls, VPNs, two factor authentication, mobility XE or any other method as determined by IT.

 Regular backups must be performed, including mirroring of data to our offsite SAN along with offsite storage of regular tape backups .

 Antivirus/spam/spyware protection will be continually monitored and enhanced as required.

Business Continuity

The last strategic plan recommended that the Lionel E. Lalonde Centre (LEL) be used as the City’s backup location. LEL is now our live mirror site for data replication of the primary site (Tom Davies Square). The appropriate server hardware and software is now in place at LEL and will be configured to bring systems back online in the event of a disaster at the primary site.

Procedures will be in place to ensure that in the event of a disaster, the migration of applications running on the primary site over to the backup site will be as quick and as smooth as possible. To allow this to occur, software will need to be acquired and configured .

Recommendations:

 Complete the final phase of enabling the transfer of live applications and servers to the backup site with the procurement of the appropriate software and

configuration of the system.

GIS

Geographic Information Systems is now common technology used by just about any citizen. Consumers can use traditional GIS systems in their business, via Google Maps and Google Street View on their smart phones, or using dash mounted GPS systems to

(9)

6

help provide direction in their cars. This explosion of “map” related information has increased the popularity of GIS even if citizens do not recognize the term GIS. The City has dramatically improved their GIS strategy by providing tools for public and staff to use to improve decision making and has advanced considerably towards a full enterprise GIS to manage spatial assets throughout the City. Staff developed data models for significant assets including addressing, parcels, water, wastewater, storm, roads, and traffic. These models are being populated for use in a new maintenance management system.

From a strategic perspective, enterprise GIS requires implementation of operational data management to keep asset information up to date. Working with the end user departments, documenting workflows for operational data management will provide opportunities for streamlining business processes. Once in place, providing data and applications to staff and citizens can be achieved with a greater measure of

confidence in the accuracy and timeliness of the information. The data and

applications provided to citizens can range from open data to web map applications of specific interest to citizens. Staff can take advantage of mobile data collection applications, web applications for updating and reviewing information, and up-to-date asset information for better decision making.

Recommendations:

 Implement operational data management practices for GIS related assets.

 Research opportunities for streamlining business processes.

 Foster open data and data sharing agreements.

 Provide web based tools for staff and citizens to access GIS related information.

Cloud

Until recently, most organizations delivered their information services through

applications that were internally developed or purchased for installation in their own data centres. This approach requires a significant up-front investment in software licenses, implementation support, ongoing internal expertise and internal computer hardware (servers and storage). A number of vendors have recognized the challenges of in-house models and have developed alternatives. Customers can share in the use of applications like e-mail (Google Mail) or Office (Microsoft Office 365). The vendor provides either total software application services (like the sales support service Salesforce.com) or some specialized technical services (for example data sharing services like Apple’s iCloud) for numerous customers needing similar services.

(10)

7

The term “cloud” is being used for a variety of these shared systems services operated on behalf of a wide range of customers. Cloud customers buy services from a vendor who addresses the development, technical and operational issues that were previously their own responsibility. The evolution of “cloud” service providers for either total

software application services (or SASS - Software-as-a-Service) or for certain

infrastructure services (Platform-as-a-Service or Infrastructure-as-a-Service) makes it possible for customers to add new services or hardware capacity at a lower initial cost and a “pay as you use” ongoing expense. The customers avoid the need for extensive internal expertise and can deploy solutions faster.

Cloud computing also has great potential to improve services to citizens using efficient and cost saving measures. For eGovernment, this means not having to develop

products available in the cloud. Using web based systems to provide calendaring or customer relationship management, can quickly meet the needs or staff trying to provide online services to citizens.

IT sees increasing opportunities to leverage software as a service and infrastructure as a service as the number of players and the range of services further expand. Our pilot deployments of cloud services have worked well, showing that IT can deploy cloud services when there is economic value and adequate functionality.

Cloud services for new initiatives or enhanced services (such as major e-mail and Office upgrades, or new software applications) can provide several advantages. They require less internal expertise and labour to implement and operate the services and in some cases, services can be activated fairly quickly. However, cloud services are generally not appropriate as straight replacements for existing services. Up-front investments have already been made and on-going charges are usually higher than current internal costs. And cloud services are not available for all City requirements.

There are two challenges in the use of cloud services. First, if new applications are not closely related to others already in place, then cloud solutions can be implemented without consideration of any related systems. However, if there is a relationship, the cost and time to develop connections between systems may eliminate the advantage of a cloud solution. Additionally, as the customer has limited oversight over a cloud supplier’s security processes, there can be greater security risks. The City will ensure that any recommended cloud vendor adequately and contractually ensures the security, privacy and protection and backup of all data, including meeting Canadian legislated requirements.

The primary change to our application strategy is to give preference to cloud based solutions when reviewing any changes or additions to our business applications.

Solutions will still be reviewed to ensure that the City receives the best solution meeting our requirements including resources and budgets.

(11)

8

Additionally, citizens and visitors are using similar devices to access Sudbury’s web services. As the devices evolve, IT will enhance our systems to support the different screen sizes of the new devices and to leverage their unique capabilities. For example, the location (GPS) capabilities of smart phones can be used to assist tourists or transit users. Mobile application development is an area that has expanded a great deal in the last few years. Citizens are using smart phones and tablet computers to access information and services online where traditionally this was done via desktop and notebook computers. Companies are now developing mobile websites and mobile applications to address this new market. Website and web application development must give careful consideration to mobile design as a first step in new projects.

As IT evaluates any new applications, it will assess how to deliver the associated services more effectively to mobile users. Alternative devices will be deployed for specific uses, where there is an advantage over laptops. For example, by-law officers are already using laptops. IT will assess if and how tablets or other mobile devices can improve staff effectiveness.

Recommendations:

 Adopt cloud computing in eGovernment plans.

 Consider mobile technology when developing new websites and web applications.

 Decisions around the acquisition of new software applications will now be addressed with the following preference:

o Adjustments to the PeopleSoft application suite already deployed, where

there is a strong link to financial data.

o Cloud based solutions.

o Third party software applications.

o Internal system development, when none of the above applies.

Compliance

With increased dependence on electronic information comes increased importance of the security and privacy of information.

Personal information about employees and citizens must be protected in accordance with both legislative and industry standards. For example, medical and health related records are protected under the Personal Health Information Protection Act (PHIPA), while the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)

(12)

9

applies to all other personal information in the custody of the municipality as well as to how public access may or may not be granted to records in all formats and containing different types of information. In accordance with MFIPPA legislation, disclosure of or access to personal information to employees within the institution is only permitted in limited circumstances, those being that the employees need the information to perform their job duties and that the disclosure is necessary and proper to carry out the

institution’s functions. It is particularly important that any apparent privacy breaches, are reported, contained, investigated and remediated and IT will participate in this process as appropriate.

The management of credit card transactions is controlled and adheres to Payment Card Industry (PCI) standards and provincial regulations regarding the handling of and access to all personal data. Other legislation, such as Bill C-28, Canada's Anti Spam Legislation (CASL), also impacts compliance. IT will need to review and implement appropriate processes as new legislation is enacted or as legislation changes. IT systems are structured to ensure that employee access to systems containing

personal or payment information is secured appropriately and that information systems comply with established standards, regulations and legislation. Our current controls for data update and access by staff and external agencies require regular reviews of our IT policies as the regulations change and become more restrictive. The standards affect who should be allowed to update and access information and what controls must be in place to ensure that data is correct and protected.

Good accounting practices require segregation of duties when it comes to any

changes to our applications, especially those carrying financial data. For example, the person making a change in a development or test environment should not be the same person who implements that change in a production environment. A recent review by the City’s auditors has highlighted the fact that IT does not have adequate segregation of duties. The auditors have recommended good logging of data changes as a compensating control.

As a large amount of data must be recorded and evaluated on an ongoing basis, IT is considering the acquisition of a software tool to automate this process. These solutions, called Security Information and Event Management (SIEM) software, enable improved logging. They combine and correlate events and logs, including application changes, to provide a complete picture of computer activities so as to allow timely response.

Recommendations:

 The IT department will carry out periodic review of relevant compliance regulations and identify any changes required to ensure that data access is adequately controlled.

 The City Clerk who is the Head under PHIPA and MFIPPA will be consulted in regards to privacy obligations and any apparent privacy breaches of personal information will be reported to the Head.

(13)

10

 IT will update policies on acceptable computer use and data confidentiality, and provide support for enforcement. The Employee Handbook will be updated to reference these.

 IT will address the insufficient separation of duties by logging changes to applications and data. IT will evaluate SIEM software to automate the logging processes and the review of log data.

Mobile Devices

For years, the only mobile devices allowed at the City have been laptops and Blackberry smart phones. The laptops have been secured by IT by various methods including encryption of data. With the Blackberry device comes a highly secure system and the ability to control the device using the Blackberry Enterprise Server (BES).

Over the last couple of years, there has been a growing trend for the use of mobile devices at the City. With the large and growing diversity of smart phones and tablets, it is important to realize that IT cannot support all models. There are security risks, resource issues and budget constraints to deal with to name a few. The industry has now

progressed to the stage where mobile device management (MDM) solutions are now available to help support more than one type of mobile device. This allows IT to support more than just the Blackberry devices. City IT has reviewed the various options as to what devices it can support and has extended support to now include Apple devices. Android devices were also reviewed but due to the security risks associated with these devices, IT cannot support these until such time as the security issues are resolved.

IT is also considering the deployment of software (desktop virtualization or Citrix) that enables smart phone or tablet users to access applications securely without requiring the application to be installed on each mobile device and with no security issues arising from the storage of data on the device.

Recommendations:

 IT will implement Mobile Device Management systems to extend control of all connected mobile devices.

 Besides the standard laptop computers, IT will only support Blackberry or Apple Corporately owned mobile devices.

 IT will evolve our application systems, including web sites, to enhance their usability and value when accessed through a mobile device.

(14)

11

 IT will expand the Citrix system to provide secure access to existing applications from a variety of mobile devices.

Bring Your Own Device (BYOD)

Employees, whether they are allowed to or not, are using their own personal devices on the job. They are using all sorts of readily available applications on their devices. Some are using products like Dropbox and iCloud to store or exchange data in the cloud. This trend is also called "Consumerization of IT". The best IT can do is to minimize any potential risks to corporate data as well as possible lost employee time.

A review of BYOD was conducted in conjunction with a number of other Municipalities through the Municipal Information Systems Association (MISA). The review was

completed in early 2013 and has shown that there is no benefit to the municipality to justify its use. In fact, allowing BYOD would incur additional costs. The biggest request from employees is to access their corporate email system using personal devices. The City recently upgraded its email system which now allows full secured use from any mobile device utilizing the web based version of the email system. There is no additional cost for this option.

Use of personal devices during the course of the working day is subject to all the provisions of employment as contained in the Employee Handbook.

Recommendations:

 IT will not support employee owned devices.

 IT will ensure its email system continue to provide a secured web based portal for mobile devices.

Project Portfolio Management

The City has over 150 projects in consideration or in process at any time. The number is growing, and with a limited number of staff, IT is unable to address all requests. IT must have a holistic view of all of these initiatives. IT must apply an effective process for filtering out less valuable ideas early and prioritizing those projects that are of most value and urgency.

(15)

12

Fortunately, there is an effective solution to this challenge, called Project Portfolio Management. This is a process (supported by software tools) that enables

management to apply a consistent process for deciding which of a competing set of projects or project proposals to consider or to initiate and where to apply available but limited resources. The process also enables improved tracking of all projects, not just major ones. The Project Portfolio Management approach allows organizations to focus their staff on those projects that will provide the most value and to manage them to their successful completion.

Improved visibility into overall resource availability has already provided benefits in IT. IT has prioritized small projects to be carried out when staff have a gap between tasks for larger projects. This results in better utilization of staff and the completion of more projects in a smaller timeframe.

IT has acquired a system called Eclipse to assist in the Project Portfolio Management process. Eclipse is a “cloud” system, operated from the supplier’s secure data center. The system also has the ability to provide reports to management review of IT projects. These reports should be reviewed on a regular basis by the Senior Administration Team.

Recommendations:

 Adopt a Project Portfolio approach in all areas of the City administration that carry out technology projects.

 Support the broad use of the Eclipse system to simplify record-keeping and tracking.

 IT is to review it’s portfolio with the senior staff annually.

Social Media Strategy

Social media has been one of the most rapidly and broadly adopted technology innovations, and services such as Facebook, YouTube, Twitter and LinkedIn are

recognized and used everywhere. Very recently, Microsoft purchased a social media developer, Yammer, and is integrating its capabilities into the upcoming version of Office.

The rapid adoption of social media provides opportunities for the City. With social media, communication to and by citizens is faster, more frequent and involves a greater proportion of the community. Social media is a technology that assists in

achieving our eGovernment goals and can be included in our plans to engage citizens and measure the reach of our message. The City will increasingly leverage popular social media sites such as Facebook and Twitter and extend our own web site. As the volume of messages increases and as citizens or tourists post comments on a variety of sites, it will become important to work with Communications and other sections to manage all comments and communications about CGS. IT will evaluate Social Media Analysis tools to provide timely information about key issues that concern the citizens.

(16)

13

Many organizations have leveraged social media also as a way of improving internal staff communication and collaboration through their own networks. Many staff already access social media sites using their own devices at work either on their own provider's network or on the City's public internet access. Restricting access to social media sites on the City's network no longer prevents staff from doing so. Due to the evolution of Social Media, access by all staff should be available. IT will provide appropriate usage reports to enable management to monitor usage of these sites as deemed

appropriate. Reviewing these reports or monitoring the use of these sites by employees should be the responsibility of the various managers.

Recommendations:

 Apply the use of social media to enhance our customers experience and requirements with our websites and eGovernment applications.

 Evaluate Social Media Analysis tools when the volume of social media transactions from citizens and visitors requires automated management and analysis.

 Allow staff access to Social Media sites.

 Upon request, and in support of compliance with corporate policies and legislation, IT will provide usage information to authorized staff.

Open Data Strategy

Cities collect information that can be very useful to the public, community groups, businesses and other levels of government. Citizens or businesses that wanted to use this data have had to request special reports and transcribe the resulting data into their own systems. This overhead effectively reduces the valuable use of municipal data for improved planning and decision-making by businesses or other groups.

Municipalities are, however, addressing the problem and making data access much simpler and, therefore, more broadly used. Larger Canadian cities, such as Toronto, Ottawa, Edmonton and Vancouver are making non-personal data routinely available in machine readable format for any public use, through a service called Open Data. They are cooperating in sharing technology and common data standards. Typical data includes budget and expenditures, maps, facility information, and election results. Application developers can reuse and mash-up this data for commercial purposes,

research or community services.Interested individuals or groups register and are given

access to catalogued data that can be downloaded in standardized formats and analyzed. Principles for Open Data deployment have been published by the Office of

(17)

14

the Information and Privacy Commissioner of Ontario and by the Federal Privacy Commissioner. They are:

1. Proactive, not reactive

2. Access embedded into design

3. Openness and transparency = accountability 4. Fosters Collaboration

5. Enhances Efficient Government 6. Makes Access Accessible

7. Increases Quality of Information.

The value of Open Data is broadly accepted. The Canadian Government, for example, makes available more than 273,000 datasets from 21 participating organizations

through its Open Data portal.

The City should initiate a similar program. IT will cooperate with cities such as Toronto and Ottawa to accelerate our deployment at the lowest possible cost. This

cooperation will include a review of their standard policies for end user access to this type of data.

Recommendations:

 In conjunction with other City departments, IT will assist in the development of an Open Data strategy and Plan.

(18)

15

References

Related documents

The activity of two different functional groups, aerobic methane oxidizers and anaerobic nitrous oxide producers, were monitored to evaluate the effect of temperature and 10% DMSO

will want to think of ways in which people can continue to engage with it in other ways, e.g. through digital technology. You will also need to tell us about the activity you will

Morphological study revealed entangled hexagonal nanorods oriented vertically upwards hexagonal top front elevation with increased annealing temperature. The controlled

Social Media & Mobile Handheld Devices: The Platforms, Operating Systems, devices& Applications.. The wireless last mile & User Interface choices

In this case, hybridism entails that Eddie has a possi- bilist moral obligation to <pay his workers a high wage> and also to <keep the factory open as long as it’s

Social Media Marketing Strategies BUS ADM X432.5 (2 semester units) Learn to plan and execute a strategic marketing program that includes new media integrated with

Aching and longing to turn the world around, you are given to subtle or obvious ways to channel and express what lives inside, you feel intensively committed to bringing it