Jan 31 2017

From Data to Dashboard: Visibility Leads to Better Insights

As IT pros manage increasing amounts of information, analytics tools break down silos to support proactive strategy.

A recent survey from the operational intelligence software manufacturer Splunk questioned 600 IT decision makers in the public sector, including 234 from higher education, and found that IT teams perceive considerable challenges arising from increasing digitization.

As expected, some of respondents’ biggest challenges are shared by enterprises everywhere, such as budget constraints and difficulty in finding qualified employees. But higher ed institutions foresee an additional challenge in coming years: three-quarters of respondents think they’ll need to increase their investment in regulatory and compliance management systems, and nearly that many expect to invest in real-time monitoring and dashboards.

In the education sector, nearly two-thirds of IT pros say that data-driven insights are important to carrying out their organizational mission. Yet many also perceive weaknesses in their ability to fully capture, analyze and act on these types of insights. When it comes to risk management, these vulnerabilities have potentially serious implications.

For example, 59 percent of education respondents say their colleges lack visibility across IT systems, 48 percent say that having data in different formats makes it difficult to diagnose problems, and 32 percent say they have trouble pinpointing problems because systems are siloed. In addition, 69 percent say that if IT service was interrupted, they would gather information manually to identify the issue, and 59 percent describe their institution’s troubleshooting as manual and ad hoc.

Case in Point: Splunk for Security and Operations

To address these challenges, many institutions find value in data analytics software that not only captures information across multiple systems, but also presents it in dashboards that yield actionable, timely insights. Indiana University’s IT team began using Splunk Enterprise to drive policy and compliance alignment, but expanded it to security applications after seeing big gains in visibility, says Allen Tucker, who manages the university’s HELPnet Technology Services team. He spoke with EdTech about his experience.

EDTECH: What issues did you seek to address with Splunk Enterprise?

TUCKER: Within University Information Technology Services (UITS), six divisions focus on different areas of IT. These divisions are siloed in their specialties and areas of expertise. This runs the gamut between networking, systems administrators, research technologists, support personnel, etc. Getting all of these people to talk and have data available across the pond was difficult, and that is an area where we were trying to bridge the gap. Splunk is making that a possibility, where before we didn’t really have any technology that allowed us to do that.

EDTECH: How did your Splunk implementation evolve?

TUCKER: Our implementation was different than many other universities. Most implement Splunk for IT operations in the security arena. Usually, it’s security first, get buy-in and realization of value, and then move into compliance and policy alignment. We did the absolute opposite. Our first major project was to provide a utility to help hundreds of departmental IT staff align their thousands of servers with IU IT policies on log monitoring and review. This was a great success and it has raised compliance in that area significantly across the university.

Another one of our early projects was to bring in event logs from distributed systems in our central authentication services. The logs that are generated in these different systems are not the easiest to look at, let alone correlate what is in them. Now, we have built dashboards and searches around the entire authentication process so we can track authentications through each layer of the service. Clearly, that was not a possibility prior to Splunk. Administrators were doing a lot of manual review, pulling logs from many different areas and running manual searches across each one of those sources. Now, the team can ingest that data into Splunk, search it faster and more efficiently, and have greater insight into their service.

EDTECH: Did this require any staffing or process changes?

TUCKER: There is now a dedicated UITS team that manages the Splunk environment. We recognized early on that staffing focused on this area would be necessary going forward, so we included labor in our proposal to leadership. Another item to note regarding labor is the importance of training. Getting our team members trained and certified had a large impact to our success. The process was time-consuming for the staff, but it has definitely paid off. Having the staff understand the architecture and how to utilize the resources efficiently makes a world of difference.

Having a team that is focused on log management and the development of meaningful visualizations has had a great impact. Prior to this, many administrators and developers viewed log management as a necessity in order to investigate issues if they arose. Clearly, this viewpoint is not a proactive approach. Splunk has given IU’s IT staff the opportunity to become more proactive with their IT operations, and I believe this shift is helping us provide more stable, secure and forward-thinking IT services to the entire IU community.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.