Month: February 2023

Staying ahead of the Technology Curve. Why it is Important to Have a Planned Hardware Refresh Cycle

Posted on by John D'Annunzio

A common challenge in higher education often centers around managing technology lifecycles, which can be crucial. Technology is constantly evolving and improving, and hardware can quickly become outdated. At times, even before it has been installed and put into service. In addition, every capital equipment purchase incurs expense costs regarding support agreements, labor for supporting assets, configuring assets, patches, etc.

Technology departments continually work towards addressing the challenges which include, but are not limited to:

    • Planning changes, upgrades, and budgeting, including depreciation of assets.
    • Management and justification of unplanned cost per incident (i.e., fix on failure) due to asset failure and replacement.
    • Mitigating risk related to security, reliability, performance, usability, obsolescence/maintainability, etc.
    • Addressing audit findings for at-risk assets no longer supported by the vendor.
    • Elevating resource skill sets, knowledge and maintaining technical relevance.

Refreshing technology is of vital importance. The inhibitors to these challenges are often external: IT models driven by departmental projects and CAPEX budgets inherent in a cost center model.

One example of refreshing hardware’s importance is seen in the aviation industry, as outlined in a recent Wall Street Journal article. The Federal Aviation Administration (FAA) issued a “Notice to Airmen” (NOTAM) warning pilots and airlines about the potential risks of using older navigation hardware. The NOTAM stated that some older navigation hardware might not properly process satellite signals transmitted by the next generation of GPS satellites. This highlights the importance of regularly upgrading and refreshing hardware to stay current with the latest technology and ensure systems function properly.

The higher education market greatly benefits from a managed approach to upgrading and refreshing hardware. With the growing emphasis on technology in classrooms, universities and colleges must ensure that their hardware is up to date to provide students with the best possible learning experience. This includes upgrading and refreshing equipment such as computer labs, classrooms, and lecture halls. Obsolete computer equipment will no longer be able to support the current Operating Systems (OS), thus no longer be supported for security patching. They may also not support modern software. Upgrading hardware also allows institutions to adopt new and innovative teaching methods, such as online and blended learning, which are becoming increasingly popular.

Higher Education can mitigate some of these costs by leveraging cloud technologies for servers. Using capital server purchases requires purchasing hardware to meet peak demand, thus, over-purchasing capacity is needed for only 20% of the year. Cloud technologies can provide right-sized servers with in-place server “upgrades” or “downgrades” dynamically. This provides better cost management. It also offers the advantage of reducing the number of servers where a single, more powerful computer can be used to consolidate multiple smaller servers, thus lowering overall cost and support effort.

Yet some hardware assets live on the campus, such as external and in-building network infrastructure and classroom technologies. Failure to keep up with network technologies can translate into poor performance with newer laptops/phones/tablets, etc. In addition, known security vulnerabilities in obsolete equipment pose a significant risk. Cybersecurity audit findings for obsolete network equipment can cost millions of dollars to retrofit.

In conclusion, upgrading and refreshing hardware is essential to maintaining any system’s reliability and efficiency. This is particularly true in industries that rely heavily on technology, such as aviation, commercial, and higher education markets. Staying current with the latest hardware allows businesses and organizations to improve efficiency, stay competitive and provide the best possible service to customers and students.   Staying current with technology is a strategic and financial decision.  Can businesses afford to wait to invest in technology only after failure?

Leaders need to pay attention to the technology mix within their organization.  As technology stacks reach their peak simultaneously, the organization’s resources will be consumed by operational plays while contributing little to strategic development.   Consequently, leaders face the challenge of escaping the trap of rigidly staying too long with a set of successful technology ventures.  New technology platforms are always needed, and the skills to transform from old to new are demanded.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Tim Taylor

Director ITSM

Why are Compliance and Related Controls so important in IT?

Posted on by David McLaughlin

Policies and industry standards help to ensure the confidentiality, integrity, and availability of sensitive information. For example, higher education institutions must protect student data and financial information through FERPA and other regulations, healthcare organizations must comply with HIPAA regulations to protect patient information, and financial institutions must comply with PCI-DSS to protect credit card information. Compliance with these regulations helps prevent data breaches and other security incidents that could significantly harm individuals or organizations.

Maintaining compliance helps to protect organizations from financial and reputational damage. Failing to comply with regulations can result in significant fines and penalties and damage to the organization’s reputation. For example, organizations that fail to comply with GDPR can be fined up to 4% of their annual revenue or $20 million, whichever is greater.

Maintaining regulatory compliance also helps to ensure the proper functioning of IT systems and processes. For example, IT general controls such as change management and incident management help to ensure that changes to systems and processes are made, controlled, and authorized and that incidents are quickly identified and resolved. One of the biggest causes of a data breach is the failure to patch software systems, so many companies and institutions have policies and compliance controls to ensure this is done. This helps minimize the risk of system failures and other issues that disrupt business operations.

In summary, compliance and related IT controls are critical for protecting sensitive information, preventing financial and reputational damage, and ensuring the proper functioning of IT systems and processes.

Gartner and EDUCAUSE recognize this importance and have published several reports, papers, and studies on the topic. Gartner, for example, has published reports on IT risk management and compliance, as well as studies on developing a successful compliance program. EDUCAUSE has published several papers and guides on various compliance-related topics, such as data security and HIPAA compliance for higher education institutions. Both organizations offer a wealth of information, guidance, and best practices for organizations looking to improve their compliance and control practices.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Picture of David McLaughlin

David McLaughlin

CEO

Do’s and Dont’s of Software Selection

Posted on by David McLaughlin

Software selection is a crucial process for organizations looking to enhance their productivity and efficiency. The right software can streamline processes, automate manual tasks, and provide valuable insights into business operations. However, making the wrong selection can lead to frustration, wasted resources, and a negative impact on productivity. At CAG, we do many software selection projects for clients as a standalone or part of more extensive managed service agreements. In this blog post, I will discuss some of the dos and don’ts of software selection we have learned over the years.

Do’s of Software Selection

Buy In:
Ensure you have the right stakeholders involved and committed to the process. Educate them on why the process is necessary, how long it will take, and what their time commitment will need to be.

Define your requirements:
Before searching for the right software, you must define your requirements. This includes identifying the specific business problems you want to solve and the features and capabilities required to address them.

Consider your budget:
 Software selection involves making a significant investment, so it’s essential to consider your budget. Determine how much you’re willing to spend and look for software that offers the needed features within your budget constraints.

Consider alternatives:
 Upgrading or adding capabilities to existing systems, better user training, and/or enhanced support. Sometimes the best solution is already there and needs to be better utilized.

Research potential vendors:
Do your research on potential vendors. Look for a vendor with a proven record, a compelling reputation, and a history of providing high-quality software solutions.

Evaluate vendor support:
Consider the level of support you’ll receive from the vendor. Look for a vendor that offers excellent customer support, including training, technical support, and maintenance.

Don’ts of Software Selection

Don’t rush the process:
 Software selection is a complex process that requires careful consideration and research. Don’t rush the process, or you may make a hasty decision that you’ll regret later.

Don’t forget about scalability:
When selecting software, it’s important to consider the future. Don’t forget to look for software that is scalable, so you can continue to use it as your business grows.

Don’t forget about the soft costs:
Large-scale organizational change can cause a lot of uncertainty with users, negatively impacting productivity and your vendors and customers.

Don’t overlook security:
 Security is a critical concern in today’s digital world, and some organizations also have regulatory requirements for security. Don’t overlook this factor when selecting software, as a security breach can seriously affect your organization.

Don’t rely solely on vendor presentations:
Vendor presentations can be misleading, and it’s important to do your research.

Expect the unexpected:
 Users will find potential solutions that haven’t been considered until the middle of the process, and vendors who have capabilities that weren’t surfaced in the research will pop up.  Maintain your process, but make sure you have a way of managing added information that comes up during the process.

In conclusion, the software selection process is critical to the success of any organization. By following the do’s and don’ts of software selection, according to Gartner, organizations can make informed decisions that will lead to enhanced productivity, efficiency, and profitability. The key is to take the time to involve stakeholders in the process, define your requirements, research potential vendors and options, and carefully evaluate and plan for the impact the solution will have on the organization. With careful consideration and diligence, organizations can find the right software to meet their needs and achieve their goals.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Picture of David McLaughlin

David McLaughlin

CEO

What is Salesforce Education Cloud and Why Should Higher Education Consider It?

Posted on by Sameer Vitvekar

Salesforce Education Cloud is a cloud-based platform designed specifically for the education industry. It provides tools and resources that can help educators, administrators, and students manage, track, and analyze academic data, as well as communicate and collaborate more effectively. Some specific use cases for Salesforce Education Cloud include:

  1. Student and academic data management: Education Cloud can be used to store and manage student records, including demographics, grades, transcripts, and other relevant information. This can help educators and administrators keep track of student progress and identify areas for improvement.
  2. Course and program management: Education Cloud can be used to create and manage courses and programs, including schedules, curricula, and assessments. This can help educators and administrators track student progress and ensure that students are meeting academic goals.
  3. Collaboration and communication: Education Cloud provides platform for collaboration and communication, such as group chat and file sharing, which can be used by educators, students, and administrators to work together more effectively.
  4. Analytics and reporting: Education Cloud includes a range of analytics and reporting tools that can be used to track student progress and identify areas for improvement. This can help educators and administrators make data-driven decisions about how to best support student success. 

There are several reasons why higher education institutions should consider implementing Salesforce Education Cloud:

  1. Improved student engagement: Salesforce Education Cloud provides tools and resources to help higher education institutions better engage with their students. By using the platform, institutions can track student interactions, provide personalized support, and keep students informed about important updates and events. This can help to improve student satisfaction and retention rates.
  2. Increased efficiency: Salesforce Education Cloud can help higher education institutions streamline their operations and increase efficiency. By using the platform, institutions can automate many administrative tasks, such as scheduling, course registration, and student record-keeping. This can free up time and resources that can be better utilized in other areas of the business.
  3. Enhanced collaboration: Salesforce Education Cloud also provides tools and resources to help higher education institutions improve collaboration and communication between faculty, staff, and students. By using the platform, institutions can easily share documents, collaborate on projects, and communicate with students in real-time.
  4. Better data management: Salesforce Education Cloud can also help higher education institutions improve their data management processes. By using the platform, institutions can easily store and access student data, such as transcripts, enrollment records, and course schedules. This can help to improve decision-making and better track student progress.
  5. Configuration: Salesforce Education Cloud is highly configurable, which means that higher education institutions can tailor the platform to meet their specific needs. Institutions can choose which features and modules to use and can integrate the platform with other systems and tools.

In conclusion, Salesforce Education Cloud can provide numerous benefits to higher education institutions, including improved student engagement, increased efficiency, enhanced collaboration, better data management, and customization. By implementing Salesforce Education Cloud, higher education institutions can streamline their operations and better serve their students.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Sameer Vitvekar

MS in Business Analytics, Accounting, and Economics

What is CMMC 2.0, and Why Must I Comply With it if I am a Small Business?

Posted on by Brad Hudson

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to ensure that contractors and other organizations that handle sensitive information for the DoD have adequate cybersecurity controls in place. The CMMC framework includes three- levels of cybersecurity maturity, with Level 1 representing the most entry-level of cybersecurity and Level 3 representing the highest level, expert.

CMMC version 2.0 is the latest version of the framework, which was released in 2021. It includes several updates and improvements over previous versions, including:

  1. CMMC 2.0 streamlined model focuses on the most critical requirements. In addition, CMMC 2.0 reduces the model from 5 to 3 compliance levels and is aligned with NIST cybersecurity standards.
  2. A new certification process: CMMC 2.0 introduces a new certification process designed to be more streamlined and efficient. This process includes assessments and audits by third organizations accredited by the CMMC Accreditation Body (CMMC-AB).
  3. A focus on supply chain security: CMMC 2.0 includes a greater emphasis on supply chain security, with specific requirements for protection against the introduction of malicious software and other cyber threats through the supply chain.

If you are a small business that works with the DoD or handles sensitive information for the DoD, it is crucial to comply with CMMC 2.0 to protect your organization and your customers from cyber threats. Failure to comply with CMMC 2.0 could result in lost contracts and other negative consequences for your business.

In addition to helping protect your business and your customers, complying with CMMC 2.0 can also have other benefits, such as:

  1. Improved cybersecurity: By implementing the cybersecurity practices outlined in CMMC 2.0, you can improve your overall cybersecurity posture and reduce your risk of cyber incidents.
  2. Enhanced reputation: By demonstrating your commitment to cybersecurity through CMMC 2.0 compliance, you can enhance your reputation as a reliable and trustworthy business partner.
  3. Increased competitiveness: As more organizations begin implementing CMMC 2.0, compliance may become necessary for doing business with the DoD and other government agencies. Demonstrating compliance can increase your competitiveness and position your business for future growth.

Cybersecurity Maturity Model Certification 2.0 recently entered the Defense Department’s rulemaking process. The rulemaking process is the final step before it becomes an official requirement. However, despite questions about the industry’s cybersecurity capabilities and the challenging documentation process, defense companies could be required to comply with CMMC for new contracts as soon as May 2023.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security

Why is it a Good Idea for Higher Education to Outsource its Cybersecurity Framework Assessments and Consider Hiring a Fractional vCISO

Posted on by Brad Hudson

There are several reasons why higher education institutions should consider outsourcing their Cybersecurity Framework Assessments (NIST Cybersecurity Framework, HIPAA, GDPR, etc.) and hiring a fractional virtual Chief Information Security Officer (vCISO).

First and foremost, outsourcing Cybersecurity Framework Assessments can provide higher education institutions with access to a greater level of expertise and experience. Cybersecurity Framework Assessments, such as NIST Cybersecurity Framework, HIPAA, GDPR, etc., are a comprehensive set of security and privacy controls used by many organizations, including higher education institutions, to ensure the confidentiality, integrity, and availability of their systems and data. However, conducting these assessments can be a complex and time-consuming process that requires specialized knowledge and skills. By outsourcing these assessments to a qualified third party, higher education institutions can leverage the expertise and experience of professionals who have a deep understanding of numerous Cybersecurity Frameworks and how to implement their controls effectively.

Another reason to outsource Cybersecurity Framework Assessments is to ensure that the evaluation is conducted unbiasedly and objectively. In organizations that perform internal assessments, the risk of bias or subjectivity creeps into the process. Unfortunately, this can lead to an incomplete or inaccurate measurement of the organization’s security posture; in turn, this can increase the chances of an incident, such as a breach or intrusion, that may result in the loss, damage, or disclosure of assets. By outsourcing the assessment to a third party, higher education institutions can ensure that the evaluation is performed unbiasedly and objectively, providing a more accurate picture of their security posture.

After a cybersecurity framework assessment has been conducted, it’s paramount that a Governance, Risk, and Compliance Program is put in place to manage risk moving forward. In addition, a security program and plan need to be developed to track and remediate deficiencies identified during the assessment. Therefore, CAG recommends hiring a fractional vCISO to guide higher education institutions through the Governance, Risk, and Compliance minefields. A fractional vCISO is a professional who works remotely part-time or on a contract basis, providing expert guidance and support to the organization’s security efforts. In addition, a fractional vCISO can offer a range of services, including conducting risk assessments, developing, and implementing security policies and procedures, and providing guidance on compliance with regulatory requirements such as NIST, GDPR, HIPAA, and FERPA.

In conclusion, there are several reasons why higher education institutions should consider outsourcing their Cybersecurity Framework Assessments and hiring a fractional vCISO. These approaches can provide higher education institutions access to greater expertise and experience, ensure that assessments are conducted unbiased and objectively, and build a robust Governance, Risk, and Compliance program through a fractional vCISO. In addition, by leveraging these resources, higher education institutions can strengthen their security posture and better protect their systems and data.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security