Information Systems & Technology Annual Report

Our year in review

It is with immense pride that I share with you the 2023 IST Annual Report. The initiatives profiled here represent important work that IST has undertaken on behalf of the campus community to strengthen our campus cybersecurity defences, enrich the educational technologies used for teaching and learning, and to modernize information systems used to serve our campus community. This work is done in partnership with the many IT units and people across campus, who work together to provide you, our campus community, with a seamless IT experience to support research, teaching and learning, and efficient administration of the University.

Below the profiled initiatives you will find links to planned and upcoming initiatives and a more fulsome list of other initiatives that were started or completed in 2023.

My sincere thanks and gratitude to everyone who has contributed to the success of IT projects across campus in 2023!

Gregory Smith
Chief Information Officer

Digital Accessibility

6.2M+Canadians identify as having a disability

750,000+public-facing University web pages exist

12%of Waterloo students reported having a disability (Equity Survey)

Ensuring University of Waterloo websites are compliant

About the Digital Accessibility project

The Accessibility for Ontarians with Disabilities Act (AODA), established in 2005, is an Ontario law mandating that organizations must follow standards to become more accessible to people with disabilities.

In February 2023, Waterloo received a noncompliance notice from the Ministry for Seniors and Accessibility, citing findings from our 2021 Accessibility Compliance Report, which revealed that not all our websites meet compliance standards. Subsequently, a workplan was devised and communicated to both The Ministry of Seniors and Accessibility and AODA in response to the situation.

Waterloo is committed to making all our websites and digital platforms, including social media channels, inclusive to all.

Our ultimate goal is a culture where all digital content is designed with accessibility in mind, right from the start.

Our plan

Collaborating with University Relations, IST’s Web Development team supported a request for proposal (RFP) process to select and acquire a digital accessibility platform from SiteImprove.

A pilot project and 'early adopter' program was launched in October 2023 and will run through 2024. The initiative aims to detect and address websites that do not adhere to the required WCAG 2.0 Level AA standards. The plan involves creating a lasting governance framework for website accessibility that encompasses the identification of all publicly accessible websites and content under University jurisdiction. Additionally, it involves the implementation of an ongoing strategy for monitoring website accessibility.

Improving processes for the creation of new websites, applications, and social media platforms is crucial, and resources for training will be enhanced to support new development endeavors.

Through the success of this program and further operationalization of digital accessibility standards, the University of Waterloo will both conform to the Government standards and also support our diverse community.

Access control enhancements

108,557new credentials/WatCards issued to date

10controllers updated

62interior and/or exterior doors upgraded

Upgrading University physical access control systems

IST is piloting and preparing an upgrade of the physical access control systems on campus. This work involves transitioning from outdated technology to an innovative product offered by Integrated Control Technology (ICT). This transformation aims to streamline credential management by integrating it directly with individual WatCards. WatCard serves as the authoritative source for all credentials with enhanced security by implementing MiFare DESFire EV2 encryption technologies on these cards. In addition to the migration of WatCard, this project is future-proofing and will support the utilization of mobile credentials aligning with evolving technological trends and user preferences.

Integrated Control Technology (ICT)

The advanced configurations supported by the ICT platform allow for integrations with external systems. Conceptual examples include linking the access control system with room bookings, class enrolment processes, facility memberships, and training record verification. These integrations enhance the system's functionality and contribute to a more seamless user experience and advanced use cases required by the campus community. The hardware and software solution from ICT provide a comprehensive security strategy that is unified with an intrusion detection system (Alarm system) with further advanced features.

Work completed to date

East Campus 2 (EC2) was successfully migrated to the new system in October 2023. A pilot deployment is planned at the School of Architecture for further investigation. To provide optimization and improve the overall usage of access control and intrusion detection on campus, the entire system is being redesigned from the ground up. In consultation with the space owners, all access levels and door configurations/groupings are being reorganized and designed to support an enterprise deployment. This restructuring supports scalability and increased capabilities while also contributing to the system's adaptability to a broader organizational context. With these new designs, advanced features, and integrations, the security posture of the University will be improved, providing the ability for enhanced incident responses and lockdown capabilities.

These upgrades will come with a reduction in costs while concurrently increasing the system's capabilities and scalability. This cost-effectiveness is achieved through strategic technological choices, streamlined processes, expansion capabilities, and a forward-looking approach to the system's design and functionality. Inquiries about this work can be directed to Steven Bourque or Diana Timmermans.

IT Services for Researchers

20+consultation sessions held

10service categories to explore

96.3%website engagement rate

Improving access to IT services for Researchers

The IT Services for Researchers “portal” was launched during the fall 2023 term to provide information about and convenient access to the IT services available to support research computing at Waterloo, including research data management, advanced research computing, and research computing software. The portal is a resource-rich, user-friendly platform that aids in the discovery of IT services available at both a Faculty and institutional level.

Engaging and collaborating with campus partners

Throughout May and June 2023, user experience testing and consultation sessions were conducted with representatives of nearly all Faculties and key stakeholders from across campus, the findings of which guided and supported the development of the IT Services for Researchers portal. Prior to this, the project team engaged members of various academic support and Faculty units to develop an initial inventory of IT services available to researchers. Thank you to those that participated in this important work.

About this project

The IT Review, conducted between April 2019 and May 2020, was launched to assess the University of Waterloo's overall IT capability. The result of this work was captured in the Campus Information Technology Review Final Report (PDF) and included a number of recommendations (see Research Computing theme and recommendations on the IT Review website) for building on and enhancing Waterloo's IT landscape.

The new IT Services for Researchers Portal is one of several initiatives and process improvements aimed at better coordinating, communicating, and making more accessible to researchers, the campus-wide IT resources available that support research computing at the University. Visit the IT Review website to learn more about this project or review Waterloo’s 2020-2025 Strategic Plan for more on the University’s commitment to supporting and advancing research.

EndPoint Detection and Response (EDR)

3,219Academic Support Units with EDR solution installed

4,106Faculty devices with EDR solution installed

662views of EDR service page in 2023

EndPoint Detection and Response (EDR)

A year of significant security incidents

In April 2023, a group of students reported to the University of Waterloo Special Constable Service that their credit cards had fraudulent transactions. An investigation that found the W Store suffered a breach earlier in the year where the attacker, based in Eastern Europe, had developed malicious code custom to the W Store to effectively syphon credit card information during the ordering phase. IST could not detect the syphoning because credit card information is never processed by UWaterloo e-commerce systems.

In late May 2023, IST were notified by law enforcement that a ransomware group was in the process of breaching core UWaterloo systems. Fortunately, IST acted quickly enough and with the help of faculty IT groups and external incident response firms, the incident was contained, and no ransomware was deployed. A deeper investigation found no access to, or exfiltration of, any information other than (hashed) password databases. IST’s response was to force a UWaterloo-wide password reset and rebuild of some core infrastructure.

In mid-September 2023, a network administrator in IST reviewing logs discovered evidence of anomalous network activity originating from a research server. Further investigation revealed that the server was compromised two weeks earlier and was being used to scan UWaterloo’s internal network for vulnerabilities to exploit. The research server contained data on human research participants. Fortunately, the data on the server was de-identified so there was no privacy breach. The attacker was unsuccessful in gaining further access to UWaterloo infrastructure.

Enhancing cybersecurity defences

You may notice something in common with each incident: The breach was not detected by any IST security tool.

Advanced threats require advanced detection capabilities, and the market has addressed this with next-generation anti-virus technology referred to as Endpoint Detection and Response (EDR).

In late 2023, IST acquired the SentinelOne (S1) EDR solution through a competitive procurement process. S1 is a lightweight agent that runs on a device and uses data from the device’s operating system to perform automated analysis using global threat intelligence. This approach enables quick detection and response to attacks.

S1 is already deployed to thousands of computers campus wide, and we hope to see maximum coverage within the first couple of months of 2024.

Visit the IST Service Catalogue to learn more about this tool, or request use on non-managed, University-owned machines.

Enhancing LEARN for the teaching and learning experience

76M+Total logins to LEARN during one fall term

2,000+Courses hosted in LEARN during one fall term

52,000+Unique logins to LEARN during one fall term

Enhancing the Learning Management System (LMS)

After a thorough review of the University’s centrally supported learning management system (LMS), a decision was made to continue using LEARN (D2L Brightspace), with a focus on improvements. A new 5-year contract was negotiated with D2L, effective October 31, 2023.

Data supporting this decision

Over 2,200 faculty, staff, and students were engaged throughout this project, providing feedback and identifying areas of satisfaction, dissatisfaction, and LMS expectations.

Results of the campus-wide survey indicated 78% of faculty, staff and students are satisfied with LEARN.

Based on some of this survey feedback, as well as data collected via market research, goals and strategies outlined in the University's Strategic Plan, and 2019 IT Review, it is evident there are issues with LEARN that need to be addressed, however now is not the time to change Waterloo’s chosen platform.

A summary of these findings are available in the LMS Review Final Report (authentication required).

How we'll work to improve LEARN

Projects to prioritize and address opportunities for improvement will be related to University processes/workflows/policies, Brightspace functionality, LEARN configuration, and/or knowledge gaps on current functionality. Common themes arising from the feedback included:

tools to create interactive digital course content;
access to data for reporting and analytics;
infrastructure improvements;
usability and performance;
tools for synchronous collaboration and group work, robust live video/class functionality;
improvements to accessibility and accommodations;
improvements for non-academic courses; and
more transparent decision-making.

quotations

“I think LEARN has the capabilities of being really great but it’s really up to how individual profs set up their course on the platform. If anything, give profs more training for LEARN and conduct more surveys on how profs can better use LEARN to benefit students (best practices).”

- Anonymous student

quotations

“I have colleagues at other universities who use other systems. They all have their quirks and all can be frustrating at times. The time investment of trying to switch platforms will take another decade to pay off.”

- Anonymous faculty member