© 2009 Anne Scrivener Agee, Catherine Yang, and the 2009 EDUCAUSE Current Issues Committee. The text of the section by Shelton Waggener is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License (http://creativecommons.org/licenses/by-nc-nd/3.0/).

EDUCAUSE Review, vol. 44, no. 4 (July/August 2009): 44–59

Top-Ten IT Issues, 2009

Anne Scrivener Agee, Catherine Yang, and the 2009 EDUCAUSE Current Issues Committee

How have the events of the past year affected the IT issues of top concern to technology leaders in higher education today? Is higher education IT experiencing an evolution or a revolution? Have new issues emerged on the top-ten list? Are some issues less relevant?

The tenth annual EDUCAUSE Current Issues Survey has the answers. Administered by the EDUCAUSE Current Issues Committee, the electronic survey was conducted in December 2008.¹ Survey participants — typically CIOs of EDUCAUSE member institutions — were asked to select the five most-important IT issues out of a selection of thirty-one in each of four areas: (1) issues that are critical for strategic success; (2) issues that are expected to increase in significance; (3) issues that demand the greatest amount of the campus IT leader's time; and (4) issues that require the largest expenditures of human and fiscal resources. This EDUCAUSE Review article focuses on the first of the four areas noted above: the top-ten issues that IT leaders identified as the most important for their institutions to resolve for strategic success.² For each issue, the members of the 2009 EDUCAUSE Current Issues Committee offer a few thoughts and a set of questions. The questions are not meant to be comprehensive; they are intended to encourage further thinking and discussion.

Issue #1: Funding IT

These are very trying economic times for higher education institutions. Diving endowments, hiring freezes, and budget cuts are the main topics of executive focus and discussion. Not surprisingly, the economic downturn overshadowed many of this year's top-ten issues, with the current focus on fiscal conservatism reflected in this year's #1 issue for IT leaders: Funding IT.

Funding IT will be a challenge for most higher education IT organizations as they grapple with fiercely competing budget priorities in the process of overall institutional budgets being reduced. But during these difficult economic times, IT will have the opportunity to show its worth to the institution by being able to create and/or enhance organizational effectiveness and efficiencies while realizing cost savings. These cost savings may be accomplished through a variety of methods and in a variety of areas.

For example, virtualization allows for optimal infrastructure utilization, efficient IT management of hardware and services, and realized cost savings; virtualization of servers in the data center and thin clients in labs and user desktops are also very green solutions. Virtualization has the added benefit of running highly available, safe/secure IT environments. Another area for cost savings is cloud/grid computing, in which scalable and elastic resources are obtained on demand via the Internet. SaaS (Software as a Service) is one example of this paradigm. Likewise, the use of online collaborations — web-based, open-source software applications, wikis, portals, shared documents, shared work spaces, and web-based tele/videoconferencing — allows higher education institutions not only to enhance employee performance but also to offer optimized services, all while having a truly global reach in terms of both employees and students. In web-enabled educational experiences, the CMS/LMS can be integrated with social websites such as Twitter, LinkedIn, Facebook, and MySpace. Virtual worlds such as Second Life can be used as a total immersion experience to test the lessons taught in both online and in-person classrooms. These experiences can be aided with enhanced mobility. The fast adoption of iPods, iPhones, Blackberries, and (more generically) smartphones is allowing students and employees to collaborate on the go. Adopting a mobile paradigm increases organizational effectiveness and efficiencies, resulting in overall cost savings for the institution. Efficiencies can also be created through partnerships: what cannot be done internally by current IT staff creates opportunities for partnerships with external entities. Often erroneously called "outsourcing," this is more accurately defined as "right-sourcing." Right-sourcing IT operations frees up existing IT staff, who can then focus on more value-added efforts for the institution as defined by the strategic plan. Finally, key to cost savings is a highly trained and diverse staff. Now is the time for institutions to invest in people. If there is less money to implement new IT, then IT organizations should train their staff and prepare for the next boom cycle.

Critical questions for Funding IT include the following:

• What can an IT organization take advantage of to enhance revenue — rather than cutting the budget — in these difficult economic times? How can IT be a viable partner in grant, research, and government funding opportunities?
• What technologies can be implemented to assist in cost savings? Are these savings in utility costs? Savings from increases in operational effectiveness and efficiencies? Can IT management prove return on investment (ROI), in either the short term or the long term?
• What choices can the IT organization make to save money for the institution? What choices should be made regarding which products and services the IT organization will continue to provide and which it will right-source? Are there cost savings in the right-sourcing of e-mail? In the right-sourcing of certain helpdesk functions? In the right-sourcing of the LMS/CMS? Are there cost savings in the adoption of open-source solutions?
• How can IT leaders coordinate IT budgeting with institutional planning and budgeting processes to achieve economies of scale? What can IT leaders do to implement life-cycle funding so as to leverage and maximize every budgetary dollar and maintain technology refreshment?

Issue #2: Administrative/ERP Information Systems

In the past decade of EDUCAUSE Current Issues Surveys, few issues have been highly ranked as consistently as Administrative/ERP Information Systems. For three of the four survey areas, the Administrative/ERP Information Systems issue has ranked in the top three every year except the very first. Undoubtedly, IT leaders consider administrative/ERP information systems to be essential to higher education institutions.

Over the same time period, administrative/ERP information systems have grown beyond their original scope of addressing financial and student information needs. The leading vendors have developed or purchased software applications that address numerous other functions previously separate from the administrative/ERP area. These applications include software for admissions and enrollment management, advancement/funds management, alumni records, web front-end applications, and business intelligence systems. Ironically, the larger these systems have grown, the more difficult it has become for them to introduce and support features that do not rely on the core software program — one of the reasons that ERP vendors have been criticized for their late integration of various Web 2.0 features.

For an institution looking for a new administrative/ERP solution, the good news is that the systems are continuing to improve. However, many agree that the selection process has become so complex — particularly with regard to licensing — that choosing an administrative/ERP information system requires the assistance of experienced consultants. Institutions seeking a new administrative/ERP solution, as well as those looking to leverage previous long-standing investments, face significant challenges.

Critical questions for Administrative/ERP Information Systems include the following:

• What is the level of executive support for the administrative/ERP information system? Is there an awareness that executive buy-in is critical to the review of existing business practices and workflows? Is there an understanding that failure to seize these opportunities frequently results in the continuation and creation of shadow systems and procedures that undermine the functionality of the new system?
• What is the commitment from senior administration to additional investments in the administrative/ERP or the new subsystems? Are there clear ROI analyses that indicate both the opportunities and the limits of the new system?
• What is the level of customization — if any — that is appropriate, given available staff and financial resources? Is there administrative support to limit customization? Are there resources to upgrade customizations?
• How are stakeholders' expectations regarding add-on applications managed? Is the need to consider the costs of interoperability, including the potential need for additional staff expertise or resources, clearly documented?
• Is an open-source solution appropriate? Have the advantages and disadvantages of an open-source solution been clearly presented to all interest groups on campus?
• Has the institution considered outsourcing administrative/ERP systems? Does the institution have the experience to negotiate a service contract that includes vendor response time, performance standards, and protection against cost-plus upgrades? Do the institutional leaders understand that acquiring external consultant services will be helpful but that outsourcing does not relieve the institution of having internal staff to protect the original investment?

Issue #3: Security

Security remains near the top of the list of strategic issues facing higher education institutions. Given the increasing volume of information that needs to be protected, the expanding body of rules, regulations, and laws governing information security and privacy, and the current economic downturn, which makes it even harder for an institution to obtain the funding necessary to keep up with requirements, this is not at all surprising. With these immense challenges, Security will likely remain high on the Current Issues Survey list in the years to come.

Security is not strictly a technology matter; indeed, it is a foundational element for almost all institutional business. Responsibility for security needs to extend beyond information technology to every functional office in the institution and to the highest level of management. IT professionals can assist in this endeavor by not limiting their own perspective to IT and by modeling behavior to treat security and privacy best practices as everybody's responsibility.

Critical questions for Security include the following:

• Do institutional leaders recognize the balance needed between privacy and security policies? How does the institution resolve the tension between the academic environment's commitment to openness of process and access to content and the institution's need to protect an individual's privacy — all while securing data from unauthorized access and use?
• How is the institution developing and implementing an information security infrastructure? What steps are being taken to ensure that all aspects of the technology support structure for the institution have been evaluated for security vulnerabilities and to ensure that appropriate procedures are in place to prevent breaches from occurring and to respond if they do occur?
• How is the institution developing campus-wide security policies, awareness, and training? Are the security policies well-defined? How is the institution addressing prevention of, detection of, response to, and recovery from security breaches? Do all employees annually revisit a security training and awareness program? Do staff understand how to prevent breaches and how to address breaches if/when they occur?
• How has the institution created a culture in which security roles and responsibilities are understood? To what extent has management recognized information security as an issue shared by all and not merely a technology issue borne by the IT organization? Does an information security culture of care and vigilance exist?
• Is data being encrypted on databases, laptops, handheld/mobile devices, and portable storage devices? Is an aggressive program of data encryption — particularly for data handled and carried by staff with legitimate access to secure and personal data — in place?
• What is the institution's understanding and implementation of computer forensics? Has the institution identified firms and consultants who can be hired to assess and help implement the forensics capability that needs to be in place to analyze breaches and help prevent them in the future?
• Is staffing for security adequate to address the security agenda? Does the institution have a full-time Information Security Officer and a full-time Information Privacy Officer? What resources are assigned to implement, maintain, and enhance the security program and conduct training and awareness classes?
• How are students being educated about the risks of social networking services? Does the security training and awareness program include a social networking component for students?

Issue #4: Infrastructure/Cyberinfrastructure

For 2009, the categories of Infrastructure and Advanced Networking were combined to create a single category called Infrastructure/Cyberinfrastructure, which encompasses a more holistic view of IT than was provided by either of the separate categories. As evidenced by the current buzz surrounding cloud computing, stakeholders are increasingly less concerned about where the applications end and where the network begins. In this combined category, the term cyberinfrastructure embodies the notion of a "layer of enabling hardware, algorithms, software, communications, institutions, and personnel"³ — a layer that makes digital scholarship possible.⁴

For the second year in a row, the Infrastructure category ranked in fourth place, after gaining three positions from 2007. This reflects not only the importance of maintaining a robust infrastructure/cyberinfrastructure but also the nascent paradigm shifts in infrastructure technologies. It is becoming outdated to assume that college/university IT services are provided by institutionally licensed applications running on campus-owned servers connected via higher education networks.

Many IT leaders have chosen to outsource basic services, e-mail in particular, to third parties such as Google and Microsoft. New sourcing models, including SaaS, are obviating the need to acquire new hardware to run new applications. Open-source communities, including Sakai and Moodle, are tackling inter-institutional software development and maintenance. Instructors are not waiting for the IT organization to roll out new learning applications but instead are adopting freely available Web 2.0 collaboration tools.

Just as server virtualization is decoupling enterprise applications from specific pieces of hardware, virtual desktop infrastructure (VDI) is expected to decouple personal productivity applications from specific desktops and laptops. The consumerization of IT is resulting in members of the campus community accessing services through a constantly evolving array of new devices, especially smartphones and netbooks, which will likely outpace the standardization and support initiatives of the IT organization.

Although Research Support was a separate survey issue that failed to rank in the top ten, it is worth noting that in some disciplines, grid computing is breaking down the former relationships determining which institutions provide computing cycles and which institutions employ the principle investigators doing the computational research.

Critical questions for Infrastructure/Cyberinfrastructure include the following:

• How well is the IT organization assessing the institution's cyberinfrastructure with respect to a recognized practice such as ITIL, COBIT, the Infrastructure Maturity Model, or an enterprise architecture design of its own?
• How well are the privacy rights of the members of the campus community protected for the software applications that reside "in the cloud" or on the vendor's hardware? Have vendors been vetted for awareness of and compliance with the requirements of FERPA, HIPAA, PCI, and GLB legislation?
• To what extent are those members of the campus community who use Web 2.0 services aware of whether their intellectual property is adequately safeguarded by services not provided by the institution?
• How is the institution avoiding loss of the understanding and control of its own procedures and policies as a consequence of the adoption of third-party services?
• How well has the IT organization, along with its partners in the library, legal affairs, and instructional design, acquired the expertise to evaluate and manage external sourcing contracts and services?
• What are the institution's plans to authenticate members of its community with respect to a growing set of services and applications that are sourced from multiple providers?
• What are the institution's policies for channeling community members' technology acquisitions toward a set of supported devices versus assisting clients with whichever devices they choose?

Issue #5: Teaching and Learning with Technology

Teaching and Learning with Technology — formerly E-Learning / Distributed Teaching and Learning — ranked #5 this year, moving up from #9 in the 2008 survey. With the increasing availability of technology-based learning tools both internal and external to the institution, the role of the CIO and other IT leaders is expanding to encompass many teaching and learning domains. The trend toward augmenting instruction with technology creates opportunities and substantial challenges for those who must respond to increasingly diverse and fluid instructional environments. CIOs have become crucial to instructional units because they provide leadership in evaluating and supporting the teaching technologies that underlie multiple forms of distributed learning.

A growing proportion of learning takes place outside the traditional boundaries of the classroom, facilitated by applications such as social networks and technologies that support a culture in which everyone creates and shares. In the current economic environment, IT leaders must make decisions about whether or not to accommodate these miscellaneous technologies. Further, they are being asked to provide technological direction for cultural transformations — such as information fluency — that involve library faculty, department faculty, technology specialists, and students as co-creators of knowledge. Finding the proper balance between systemic and ad hoc technologies will be fundamental for IT leaders as they respond to a student generation that prefers less passive and more agile learning. These instructional modalities will foster transformational innovations such as the need for e-portfolios in a reflective, contextual, authentic, and active learning environment.

All of these developments play out in a landscape where IT leaders bear responsibility for systems that support institutional functionality, that protect the privacy and security of faculty members, students, administrators, and staff, that safeguard information and intellectual property, that respond to the data and information needs of the institution, and that provide effective means of communication. This responsibility forces IT leaders to function in a mediated environment — one in which they must manage dwindling resources, increasing demands, and the necessity for a collaborative establishment of effective priorities with administrative and academic constituencies.

Critical questions for Teaching and Learning with Technology include the following:

• To what extent are IT leaders involved in active communities of practice, sharing ideas that facilitate consensus for information and instructional technology?
• What mechanisms are used to provide information about the effectiveness and possible reformulation of institutional technology? Are evaluation results shared on an institution-wide basis with opportunities for reflection?
• How are IT leaders taking an active role in informing key stakeholders about the necessary policy realignments caused by emerging technologies?
• What mechanisms are in place for faculty development? How are faculty members involved in the process?
• What system is in place to examine and reevaluate institutional structures for campus technology on a regular basis?

Issue # 6: Identity/Access Management

In recent years, many higher education institutions have created or acquired institutional resources requiring restricted electronic access, including databases and intellectual property. Moreover, state laws and agencies often require limiting access to non-public resources. These expectations support strong institutional identity/access management (I/AM) strategies. Initially, many campuses start with I/AM by strongly connecting it to e-mail service, whereas others educate campus constituents in understanding that an electronic identity is more than just an e-mail address or an ERP logon.

Issues surrounding I/AM include developing strong vetting, credentialing, and provisioning processes for all constituents (including guests), inventorying and integrating all decentralized systems into a centralized I/AM strategy; and ensuring the federation of identity. In addition, I/AM solutions must be flexible and easily scalable over time.

Outsourcing, hosted, and cloud computing solutions present new challenges. Keeping identity credentialing systems on campus is still a preferred architecture. A separate identity system for the outsourced system can be used, but doing so presents significant challenges — for example, another password for the user to manage or another identity vetting process. As campuses evaluate outsourced e-mail systems, allowing identity credentials to be stored by a vendor service provider causes concern. Institutions must consider whether they should have outsourced e-mail providers authenticate against an in-house system or whether they should outsource credentials.

Federation of identity serves to enable the portability of identity information across security domains, including institutional, agency, and corporate service providers. The need for federation grows as resources, particularly academic research resources, require remote access by trusted associates. Faculty and students are increasingly mobile among campuses, and service solutions must be mobile between campus and vendor. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain, with vetting and authenticating a user done once and with full trust of credentials presented through the federation.

Critical questions for Identity/Access Management include the following:

• What is the institution's documented process for vetting the identity of individuals?
• Can other colleges and universities trust the electronic identities and the vetting process behind those identities, if presented in a federation?
• Can access be defined by role and accommodate role changes over time?
• Should all campus systems be part of a single-sign-on environment?
• As systems move to hosted, cloud, and outsourced solutions, what I/AM plan does the institution have for handling credentials?
• Will outsourced system access be included in the single-sign-on strategy?
• What role will federation play in I/AM solutions?

Issue #7: Governance, Organization, and Leadership

IT leaders continue to rate the issue of Governance, Organization, and Leadership as a top-ten concern. Challenges related to the topic include the lack of standardization of roles and responsibilities of CIOs and IT organizations within institutions, campus politics, changing expectations of constituents, and resource constraints, especially in the face of the recent economic crisis.

From a governance perspective, the recent downturn in the economy has created new opportunities for some CIOs and IT leaders as their expertise — along with that of other senior administrators — is sought to address urgent needs to increase efficiency and effectiveness across campus. The trend to involve IT leaders in broadly based institutional decisions may continue as the percentage of the top technology administrators reporting directly to the president or chancellor continues to increase.⁵ However, even though advances are being seen on some campuses, other technology organizations are struggling to change the perception of IT as an ever-growing expense rather than a potential solution to critical campus issues.

From an organization perspective, widespread budget cuts are negatively affecting IT leaders' ability to fill open positions, advance professional development, and support projects and equipment replacement. IT leaders will need to use strong communication skills to update constituents' expectations for service delivery, staff workload, and purchasing capabilities.

From a leadership perspective, CIOs will face difficult decisions stemming from resource constraints and other aspects of the economic crisis, including dealing with increased staff stress. However, visionary leaders will undoubtedly leverage this time of hardship to uncover new possibilities. They will inspire staff to discover more original solutions, target new collaborations in alignment with institutional priorities, and use creativity to tackle seemingly impossible problems. After all, this is where technology leaders have proven their competence time and again: in the ability to go off the beaten path, to recognize the need for change, and to find breakthroughs where none existed before.

Critical questions for Governance, Organization, and Leadership include the following:

• In an age of increased scrutiny of budgets and priorities, what committees, processes, and procedures are in place to share technology information, discuss priorities, and collect feedback from the campus community?
• Are IT leaders seeking opportunities to understand the broad concerns of the institution and determine how technology might offer solutions?
• Are IT leaders reviewing multi-year technology plans (both strategic and project) in the context of the latest changes to the economy and challenges to the institution?
• How are IT leaders helping staff to manage expectations? Are IT leaders anticipating and preparing to address increased staff stress given the climate of reduced and/or eliminated staff/hiring, professional development, capital budgets, and projects?
• How are IT leaders motivating staff not only to search for cost efficiencies but also to leverage new opportunities that tighter economies encourage, including advancing discussions on integrated service offerings, forging new partnerships, and fostering environments that allow for more innovative solutions?

Issue #8: Disaster Recovery / Business Continuity

Disaster Recovery / Business Continuity (DR/BC) continues to be on the top-ten list of IT issues, and if a major disaster strikes an institution, it will undoubtedly move up the list of IT leaders' concerns. Business continuity can be defined as an institution's ability to maintain or restore its business and academic services when some circumstance disrupts normal operations. BC involves disaster recovery (DR), which encompasses the many activities that are necessary to restore the institution to operational status after a disaster. BC planning is an institution-wide responsibility and needs a champion at the executive level to be successful. Ideally, in an integrated approach, every campus department will understand and prepare for the role it will play in keeping the institution functional in a crisis and operational long-term. Planning includes the identification and alignment of institutional vulnerabilities, priorities, and dependencies, as well as the measures to be taken to facilitate continuity and recovery before, during, and after a crisis. Even more broadly, institutions need to plan for the overall resilience of the infrastructure that supports their teaching, learning, and research activities.

Senior administration should understand the high risk of not being prepared, including damage to institutional reputation, loss of students, and the overall lost opportunity costs of operating reactively. The case for DR/BC readiness needs to be tied to the academic mission; using terminology such as "academic sustainability," "high availability," and "resilience" may be better than "business continuity" when having conversations on campus. Indeed, academic sustainability must be at the forefront of institutional DR/BC planning.

An assessment of risks, including determining acceptable levels of risk and the right levels of investment, is often the place to begin to address DR/BC. Additionally, identification of key systems can ensure that the relevant operational units involved have robust DR/BC plans in place and the funding to accomplish and maintain them. Without risk assessment, there is no good way to understand where the institution stands with regard to BC readiness. Results from risk assessment must be addressed to avoid additional liabilities for the institution.

The process of planning is as valuable as the plan itself. The planning process directs continuing attention to the issues, brings awareness to risks, and identifies key players, relationships, and understandings to coordinate a recovery effort. Planning is key and fosters confidence. Training, simulation, and testing of the plan must be ongoing. Lessons learned locally or elsewhere should be incorporated into the plan. A profile describing the institution's ability to respond and to deliver services with high availability should also be part of the plan, which must be widely communicated. DR/BC planning and overall resilience need to be integrated into institutional thinking on an ongoing basis and in all aspects of campus activity: in designing systems and buildings, in practicing alternate ways of delivering classes, in considering research data, and in undertaking normal operations.

Critical questions for Disaster Recovery / Business Continuity include the following:

• Has the institution assigned responsibility for coordinating DR/BC planning to a specific individual or office? How are all critical departments involved in the planning?
• Has the institution conducted a risk assessment to determine likely threats and mitigation factors? How much of a risk are the current operating methods?
• Has the institution conducted a business impact analysis to determine mission-critical applications and restoration priorities?
• Does the institution have a documented and tested DR/BC plan for each mission-critical application? Is there a program in place for continuous revision and testing of the plans?
• What processes and capabilities are needed to make the institution resilient? What is the IT organization's plan for building and testing these capabilities?
• What opportunities for partnership exist within the state or region to provide resilience to the institution and a partner institution (e.g., a shared regional data center, cross-training, joint testing exercises)?
• Does it make sense for the institution to outsource some DR/BC functions?
• Are issues of DR/BC and resilience routinely included in every discussion about new technologies at the institution?

Issue #9: Agility, Adaptability, and Responsiveness

In the 2008 Current Issues Survey, the issue of Change Management — referring to the ability of an IT organization to drive change within an institution — appeared as #8. The committee re-titled the issue this year as Agility, Adaptability, and Responsiveness, which includes not only the ability to drive change but also, and especially important in the present fiscal climate, the ability of an IT organization to react to a changing landscape. Current times call for an IT organization and leadership that is able to quickly understand the frequently changing realities of the present environment so as to be able to adapt services and, if needed, restructure to meet those needs.

Being agile during times of relative calm is challenging enough, but doing so in a rapidly changing environment requires IT leaders to be aware of the challenges facing the institution at large and of how their services can help meet those challenges. Doing so requires IT leaders to create an organizational culture in which information is freely, honestly, and quickly shared and in which flexibility in work assignments is encouraged by management and accepted by staff. IT leaders also need to be an integral part of campus-wide discussions about how the institution needs to adapt and respond to the changing world. Many of the "efficiencies" that other departments will seek in times of downsizing will likely involve technology, thus adding additional work to the IT organization. Having the IT leaders present during those discussions and decisions will allow the institution to seek even more efficient solutions while at the same time minimizing the chances that unfunded mandates will be passed to IT.

IT organizations simply cannot change on a dime because they are, after all, part of educational institutions, which value the time-consuming goals of ensuring broad understanding and creating consensus. But IT organizations must be able to evolve, spending less time on protecting past accomplishments and focusing instead on how to do what needs to be done today and in the future.

Critical questions for Agility, Adaptability, and Responsiveness include the following:

• Are IT leaders present during campus-wide discussions about how the institution needs to adapt and respond to the changing world?
• To what extent do other campus leaders view the IT leader as a strategic partner who can help them adapt to the realities they face?
• How does the IT organization foster a climate where change is, if not embraced, at least accepted and understood?
• Do IT leaders fully understand the institutional context of the changes they are being asked to make?
• How are IT leaders taking advantage of the tools available to them to gain a quick read on how others are addressing similar issues? For example, have they used the various EDUCAUSE Constituent Group Lists to conduct quick surveys of their peers regarding specific issues?

Issue #10: Learning Management Systems

The learning management system (LMS) has become a mission-critical enterprise system for higher education institutions. According to the EDUCAUSE Core Data Service: Fiscal Year 2007 Summary Report, 93 percent of all campuses responding to the survey supported at least one LMS. In fact, only 0.5 percent of respondents did not deploy and had no plans to deploy such a system.⁶ In Campus Computing 2008, Kenneth C. Green reports that the percentage of college/university courses that use an LMS has risen from 14.7 percent in 2000 to 53.5 percent in 2008.⁷ Accordingly, the LMS faces challenges and concerns similar to all other enterprise systems: acquisition strategy, local needs, rising costs, data migration, system integrity, integration/interoperability with other campus resources, and expansion to purposes for which it was not initially intended.

Although the commercial LMS providers (e.g., Blackboard/Angel Learning and Desire2Learn) dominate higher education, the percentage of campuses using open-source applications (e.g., Moodle and Sakai) has nearly doubled in the last two years.⁸ Given the rising cost of the commercial LMS, the current economic climate, and the pattern of consolidations in the commercial LMS market, the open-source LMS may be a viable alternative for some institutions. For those institutions with an already established LMS, however, the human and technical resources needed to migrate to a new system may be a concern.

Over the years, the LMS has evolved from a content (course) management system (CMS)⁹ to a more all-encompassing system that includes groupware and social networking tools, as well as assessment and e-portfolios to track learning across courses and semesters. Although the LMS needs to continue serving as an enterprise CMS, it also needs to be a student-centered application that gives students greater control over content and learning. Hence, there is continual pressure for the LMS to utilize and integrate with many of the Web 2.0 tools that students already use freely on the Internet and that they expect to find in this kind of system. Some educators even argue that the next requirement is a Personal Learning Environment (PLE) that interoperates with an LMS.¹⁰

At the same time, the question remains: is the LMS being used effectively at the institution, by both faculty and students? Institutions need to ensure that there are quality guidelines for the LMS, that both faculty and staff receive training,¹¹ and that assessment is conducted regularly.

Critical questions for Learning Management Systems include the following:

• What factors at the institution favor buying a commercial LMS or supporting an open-source application?
• What systems need to be integrated with the LMS: portal? e-portfolio? ERP? library resources? Does the LMS support the integration of these systems?
• Does the institution have the development and support expertise either to support an open-source LMS or to integrate open-source components into a commercial LMS?
• Has the institution conducted, or is it planning to conduct, an assessment of how effectively the LMS is being used? What training/support resources are available to help faculty and students make better use of the LMS features?
• If a change will be made to a new system, what plan is in place to ensure the smooth migration of existing materials to the new system?

A Decade of Surveys

The first annual EDUCAUSE Current Issues Survey was conducted in 2000, making this the tenth anniversary. The decade of surveys has revealed, perhaps not surprisingly, a consistency in the issues that IT leaders consider to be critical for the strategic success of their institutions. In these ten years, only three issues have held the #1 spot: Funding IT has been the #1 issue six times; Administrative/ ERP Information Systems and Security have each held the top position twice. Indeed, since 2003, these three issues have always held the top-three spots, in various ranking order. (The only other issues to reach the top three were Faculty Development and Training in 2000, 2001, and 2002 and Distance Education in 2000.) Critical benchmarks for IT in higher education, the issues of Funding IT, Administrative/ ERP Information Systems, and Security are closely aligned with internal and external perceptions of an IT organization's overall efficiency and effectiveness.

Funding IT has appeared consistently not only as a strategic issue but also as an issue with the potential to become more significant and as an issue demanding a large amount of the IT leader's time. In 2004, 2005, and 2006, Funding IT also showed up as an issue that demanded the most expenditure of institutional resources. But Administrative/ERP Information Systems has been even more ubiquitous in the survey. In every year except 2000, this issue has been in the top ten for all four questions, and it has been the #1 issue every year in terms of expenditure of institutional resources. Although Security did not make the top-ten list in the first Current Issues Survey, by 2001 Security Management was ranked #3 in the list of issues with the potential to become more significant. It has remained as one of the top-two issues on that list ever since.

Issues related to teaching and learning have always occupied a high place in the survey. In the first survey, issues related to teaching and learning held three of the top-ten slots for issues of strategic importance: Faculty Development, Support, and Training was #2; Distance Education was #3; and E-Learning Environments was #4. The same three issues appeared in the top ten for issues with potential to become more significant, and the first two were also on the lists for demanding the IT leader's time and expenditure of institutional resources. Distance Education and E-Learning Environments went through several name changes and gradually morphed into Teaching and Learning with Technology by 2009. By whatever name, this category has shown up regularly not only as a strategic issue but also as an issue with the potential to become more significant and as an issue that demands expenditure of institutional resources.

Meanwhile, Faculty Development and Training continued to appear in the top-ten strategic issues list through the 2007 survey. Although Faculty Development, Support, and Training remained as a separate issue in the 2009 survey, many of the subissues were subsumed into the new Teaching and Learning with Technology category, which may explain why Faculty Development, Support, and Training did not show up as a top-ten strategic issue on its own. Finally, ever since Electronic Classrooms and Technology Buildings was added to the survey in 2001 (changed to Technology-Enhanced Classrooms and Other Learning Spaces in 2009), it has ranked in the top ten in terms of demand for institutional resources. Since 2003, Instructional/Course Management Systems (changed to Learning Management Systems in 2009) has joined it there. Clearly, the increasing influence of teaching and learning as a key element of the IT organization's mission and as an expanding function of the profession is reflected in the rise of the Teaching and Learning with Technology issue from #9 in strategic importance in 2008 to #5 in 2009 and to the reappearance of the enterprise-focused Learning Management Systems at #10 in strategic importance.

Infrastructure is another category that has consistently placed in the top-ten list of issues of strategic importance, although the definition has morphed somewhat over the decade. In 2000, this issue was called Advanced Networking Challenges (#9). The following year, Building and Maintaining Network and IT Infrastructure was #9, and by 2002, both Maintaining Network Infrastructure (#9) and Emerging Network Technologies (#10) were in the top ten. Infrastructure Management has consistently shown up as a top-ten issue for demanding the IT leader's time and for expenditure of institutional resources. In 2009, these infrastructure concerns were expressed in the Infrastructure/Cyberinfrastructure category, which ranked #4 in strategic importance. The persistence of this issue indicates that faculty and research computing issues and support continue to demand considerable attention from IT leaders.

Strategic Planning held a place in the top-ten list of strategic issues until 2008, when, interestingly, Change Management made its first appearance on the list. For 2009, the Current Issues Committee recast the Change Management issue as Agility, Adaptability, and Responsiveness, and it again appeared in the list of top issues for strategic success. Although Strategic Planning continues to hold a top place as an issue that demands the IT leader's time, more focus is being placed on Agility, Adaptability, and Responsiveness and on Governance, Organization and Leadership — #9 and #7, respectively, in the 2009 list of issues of strategic importance. Institutional funding challenges may be forcing campus IT leaders to quickly adapt and alter long-term plans to align with new institutional imperatives.

The EDUCAUSE Current Issues Surveys continue to provide insight into how IT leaders perceive their major challenges and opportunities. Over the past decade, the surveys have reflected the evolution and maturation of higher education information technology as a whole. As IT organizations have become a critical component of the business of the institution, organizational issues surrounding governance, alignment, accountability, and nimbleness have increased in strategic importance. As interest in integrating technology into instruction has spread, issues focused on teaching and learning with technology have likewise emerged as key to institutional success. And through it all, the traditional top-three issues — Funding IT, Administrative/ERP Information Systems, and Security — have remained the same. By ranking these issues high in strategic importance and by giving them the attention needed, IT leaders have provided a solid foundation on which to build new services.

In their book Reframing Organizations, Lee Bolman and Terrence Deal state: "Like surfers, leaders must always ride the waves of change. If they get too far ahead, they will be crushed. If they fall behind, they will become irrelevant."¹² By examining the relevant issues of yesterday, today, and tomorrow, IT leaders will find the knowledge, patience, and balance necessary to successfully ride the waves of present-day events.

1. Of the 1,955 EDUCAUSE primary member representatives who received an e-mail invitation to complete the survey, 554 (28%) responded.
2. Complete details of the 2009 Current Issues Survey are being published online, on the EDUCAUSE 2009 Current Issues website <http://www.educause.edu/2009IssuesResources/>.
3. Revolutionizing Science and Engineering through Cyberinfrastructure: Report of the National Science Foundation Blue-Ribbon Advisory Panel on Cyberinfrastructure, January 2003, p. 5, <http://www.nsf.gov/od/oci/reports/CH1.pdf>.
4. See American Council of Learned Societies Commission on Cyberinfrastructure for the Humanities and Social Sciences, Our Cultural Commonwealth (2006), <http://www.acls.org/uploadedfiles/publications/programs/our_cultural_commonwealth>.
5. See Brian L. Hawkins and Julia A. Rudy, EDUCAUSE Core Data Service: Fiscal Year 2007 Summary Report (Boulder, Colo.: EDUCAUSE, 2008), <http://net.educause.edu/apps/coredata/reports/2007/>.
6. Ibid., p. 33.
7. Kenneth C. Green, Campus Computing 2008: The 19th National Survey of Computing and Information Technology in American Higher Education (Encino, Calif.: The Campus Computing Project, 2008), p. 9, <http://www.campuscomputing.net>.
8. Ibid., pp. 9-10.
9. Brian Stewart, Rodger Graham, and Tim Terry, "Content Management for the Enterprise: CMS Definition and Selection," EDUCAUSE Center for Applied Research (ECAR) Research Bulletin, no. 22 (October 28, 2008), <http://connect.educause.edu/Library/Abstract/ContentManagementfortheEn/47540>.
10. Niall Sclater, "Web 2.0, Personal Learning Environments, and the Future of Learning Management Systems," EDUCAUSE Center for Applied Research (ECAR) Research Bulletin, no. 13 (June 24, 2008), <http://connect.educause.edu/Library/Abstract/Web20PersonalLearningEnvi/46952>.
11. Ining Tracy Chao, "Moving to Moodle: Reflections Two Years Later," EQ (EDUCAUSE Quarterly), vol. 31, no. 3 (2008), pp. 46-52.
12. Lee G. Bolman and Terrence E. Deal, Reframing Organizations: Artistry, Choice, and Leadership, 2d ed. (San Francisco: Jossey-Bass Publishers, 199

Anne Scrivener Agee, Catherine Yang, and the 2009 EDUCAUSE Current Issues Committee

How have the events of the past year affected the IT issues of top concern to technology leaders in higher education today? Is higher education IT experiencing an evolution or a revolution? Have new issues emerged on the top-ten list? Are some issues less relevant?

The tenth annual EDUCAUSE Current Issues Survey has the answers. Administered by the EDUCAUSE Current Issues Committee, the electronic survey was conducted in December 2008.¹ Survey participants — typically CIOs of EDUCAUSE member institutions — were asked to select the five most-important IT issues out of a selection of thirty-one in each of four areas: (1) issues that are critical for strategic success; (2) issues that are expected to increase in significance; (3) issues that demand the greatest amount of the campus IT leader's time; and (4) issues that require the largest expenditures of human and fiscal resources. This EDUCAUSE Review article focuses on the first of the four areas noted above: the top-ten issues that IT leaders identified as the most important for their institutions to resolve for strategic success.² For each issue, the members of the 2009 EDUCAUSE Current Issues Committee offer a few thoughts and a set of questions. The questions are not meant to be comprehensive; they are intended to encourage further thinking and discussion.

Issue #1: Funding IT

These are very trying economic times for higher education institutions. Diving endowments, hiring freezes, and budget cuts are the main topics of executive focus and discussion. Not surprisingly, the economic downturn overshadowed many of this year's top-ten issues, with the current focus on fiscal conservatism reflected in this year's #1 issue for IT leaders: Funding IT.

Funding IT will be a challenge for most higher education IT organizations as they grapple with fiercely competing budget priorities in the process of overall institutional budgets being reduced. But during these difficult economic times, IT will have the opportunity to show its worth to the institution by being able to create and/or enhance organizational effectiveness and efficiencies while realizing cost savings. These cost savings may be accomplished through a variety of methods and in a variety of areas.

For example, virtualization allows for optimal infrastructure utilization, efficient IT management of hardware and services, and realized cost savings; virtualization of servers in the data center and thin clients in labs and user desktops are also very green solutions. Virtualization has the added benefit of running highly available, safe/secure IT environments. Another area for cost savings is cloud/grid computing, in which scalable and elastic resources are obtained on demand via the Internet. SaaS (Software as a Service) is one example of this paradigm. Likewise, the use of online collaborations — web-based, open-source software applications, wikis, portals, shared documents, shared work spaces, and web-based tele/videoconferencing — allows higher education institutions not only to enhance employee performance but also to offer optimized services, all while having a truly global reach in terms of both employees and students. In web-enabled educational experiences, the CMS/LMS can be integrated with social websites such as Twitter, LinkedIn, Facebook, and MySpace. Virtual worlds such as Second Life can be used as a total immersion experience to test the lessons taught in both online and in-person classrooms. These experiences can be aided with enhanced mobility. The fast adoption of iPods, iPhones, Blackberries, and (more generically) smartphones is allowing students and employees to collaborate on the go. Adopting a mobile paradigm increases organizational effectiveness and efficiencies, resulting in overall cost savings for the institution. Efficiencies can also be created through partnerships: what cannot be done internally by current IT staff creates opportunities for partnerships with external entities. Often erroneously called "outsourcing," this is more accurately defined as "right-sourcing." Right-sourcing IT operations frees up existing IT staff, who can then focus on more value-added efforts for the institution as defined by the strategic plan. Finally, key to cost savings is a highly trained and diverse staff. Now is the time for institutions to invest in people. If there is less money to implement new IT, then IT organizations should train their staff and prepare for the next boom cycle.

Critical questions for Funding IT include the following:

• What can an IT organization take advantage of to enhance revenue — rather than cutting the budget — in these difficult economic times? How can IT be a viable partner in grant, research, and government funding opportunities?
• What technologies can be implemented to assist in cost savings? Are these savings in utility costs? Savings from increases in operational effectiveness and efficiencies? Can IT management prove return on investment (ROI), in either the short term or the long term?
• What choices can the IT organization make to save money for the institution? What choices should be made regarding which products and services the IT organization will continue to provide and which it will right-source? Are there cost savings in the right-sourcing of e-mail? In the right-sourcing of certain helpdesk functions? In the right-sourcing of the LMS/CMS? Are there cost savings in the adoption of open-source solutions?
• How can IT leaders coordinate IT budgeting with institutional planning and budgeting processes to achieve economies of scale? What can IT leaders do to implement life-cycle funding so as to leverage and maximize every budgetary dollar and maintain technology refreshment?

Issue #2: Administrative/ERP Information Systems

In the past decade of EDUCAUSE Current Issues Surveys, few issues have been highly ranked as consistently as Administrative/ERP Information Systems. For three of the four survey areas, the Administrative/ERP Information Systems issue has ranked in the top three every year except the very first. Undoubtedly, IT leaders consider administrative/ERP information systems to be essential to higher education institutions.

Over the same time period, administrative/ERP information systems have grown beyond their original scope of addressing financial and student information needs. The leading vendors have developed or purchased software applications that address numerous other functions previously separate from the administrative/ERP area. These applications include software for admissions and enrollment management, advancement/funds management, alumni records, web front-end applications, and business intelligence systems. Ironically, the larger these systems have grown, the more difficult it has become for them to introduce and support features that do not rely on the core software program — one of the reasons that ERP vendors have been criticized for their late integration of various Web 2.0 features.

For an institution looking for a new administrative/ERP solution, the good news is that the systems are continuing to improve. However, many agree that the selection process has become so complex — particularly with regard to licensing — that choosing an administrative/ERP information system requires the assistance of experienced consultants. Institutions seeking a new administrative/ERP solution, as well as those looking to leverage previous long-standing investments, face significant challenges.

Critical questions for Administrative/ERP Information Systems include the following:

• What is the level of executive support for the administrative/ERP information system? Is there an awareness that executive buy-in is critical to the review of existing business practices and workflows? Is there an understanding that failure to seize these opportunities frequently results in the continuation and creation of shadow systems and procedures that undermine the functionality of the new system?
• What is the commitment from senior administration to additional investments in the administrative/ERP or the new subsystems? Are there clear ROI analyses that indicate both the opportunities and the limits of the new system?
• What is the level of customization — if any — that is appropriate, given available staff and financial resources? Is there administrative support to limit customization? Are there resources to upgrade customizations?
• How are stakeholders' expectations regarding add-on applications managed? Is the need to consider the costs of interoperability, including the potential need for additional staff expertise or resources, clearly documented?
• Is an open-source solution appropriate? Have the advantages and disadvantages of an open-source solution been clearly presented to all interest groups on campus?
• Has the institution considered outsourcing administrative/ERP systems? Does the institution have the experience to negotiate a service contract that includes vendor response time, performance standards, and protection against cost-plus upgrades? Do the institutional leaders understand that acquiring external consultant services will be helpful but that outsourcing does not relieve the institution of having internal staff to protect the original investment?

Issue #3: Security

Security remains near the top of the list of strategic issues facing higher education institutions. Given the increasing volume of information that needs to be protected, the expanding body of rules, regulations, and laws governing information security and privacy, and the current economic downturn, which makes it even harder for an institution to obtain the funding necessary to keep up with requirements, this is not at all surprising. With these immense challenges, Security will likely remain high on the Current Issues Survey list in the years to come.

Security is not strictly a technology matter; indeed, it is a foundational element for almost all institutional business. Responsibility for security needs to extend beyond information technology to every functional office in the institution and to the highest level of management. IT professionals can assist in this endeavor by not limiting their own perspective to IT and by modeling behavior to treat security and privacy best practices as everybody's responsibility.

Critical questions for Security include the following:

• Do institutional leaders recognize the balance needed between privacy and security policies? How does the institution resolve the tension between the academic environment's commitment to openness of process and access to content and the institution's need to protect an individual's privacy — all while securing data from unauthorized access and use?
• How is the institution developing and implementing an information security infrastructure? What steps are being taken to ensure that all aspects of the technology support structure for the institution have been evaluated for security vulnerabilities and to ensure that appropriate procedures are in place to prevent breaches from occurring and to respond if they do occur?
• How is the institution developing campus-wide security policies, awareness, and training? Are the security policies well-defined? How is the institution addressing prevention of, detection of, response to, and recovery from security breaches? Do all employees annually revisit a security training and awareness program? Do staff understand how to prevent breaches and how to address breaches if/when they occur?
• How has the institution created a culture in which security roles and responsibilities are understood? To what extent has management recognized information security as an issue shared by all and not merely a technology issue borne by the IT organization? Does an information security culture of care and vigilance exist?
• Is data being encrypted on databases, laptops, handheld/mobile devices, and portable storage devices? Is an aggressive program of data encryption — particularly for data handled and carried by staff with legitimate access to secure and personal data — in place?
• What is the institution's understanding and implementation of computer forensics? Has the institution identified firms and consultants who can be hired to assess and help implement the forensics capability that needs to be in place to analyze breaches and help prevent them in the future?
• Is staffing for security adequate to address the security agenda? Does the institution have a full-time Information Security Officer and a full-time Information Privacy Officer? What resources are assigned to implement, maintain, and enhance the security program and conduct training and awareness classes?
• How are students being educated about the risks of social networking services? Does the security training and awareness program include a social networking component for students?

Issue #4: Infrastructure/Cyberinfrastructure

For 2009, the categories of Infrastructure and Advanced Networking were combined to create a single category called Infrastructure/Cyberinfrastructure, which encompasses a more holistic view of IT than was provided by either of the separate categories. As evidenced by the current buzz surrounding cloud computing, stakeholders are increasingly less concerned about where the applications end and where the network begins. In this combined category, the term cyberinfrastructure embodies the notion of a "layer of enabling hardware, algorithms, software, communications, institutions, and personnel"³ — a layer that makes digital scholarship possible.⁴

For the second year in a row, the Infrastructure category ranked in fourth place, after gaining three positions from 2007. This reflects not only the importance of maintaining a robust infrastructure/cyberinfrastructure but also the nascent paradigm shifts in infrastructure technologies. It is becoming outdated to assume that college/university IT services are provided by institutionally licensed applications running on campus-owned servers connected via higher education networks.

Many IT leaders have chosen to outsource basic services, e-mail in particular, to third parties such as Google and Microsoft. New sourcing models, including SaaS, are obviating the need to acquire new hardware to run new applications. Open-source communities, including Sakai and Moodle, are tackling inter-institutional software development and maintenance. Instructors are not waiting for the IT organization to roll out new learning applications but instead are adopting freely available Web 2.0 collaboration tools.

Just as server virtualization is decoupling enterprise applications from specific pieces of hardware, virtual desktop infrastructure (VDI) is expected to decouple personal productivity applications from specific desktops and laptops. The consumerization of IT is resulting in members of the campus community accessing services through a constantly evolving array of new devices, especially smartphones and netbooks, which will likely outpace the standardization and support initiatives of the IT organization.

Although Research Support was a separate survey issue that failed to rank in the top ten, it is worth noting that in some disciplines, grid computing is breaking down the former relationships determining which institutions provide computing cycles and which institutions employ the principle investigators doing the computational research.

Critical questions for Infrastructure/Cyberinfrastructure include the following:

• How well is the IT organization assessing the institution's cyberinfrastructure with respect to a recognized practice such as ITIL, COBIT, the Infrastructure Maturity Model, or an enterprise architecture design of its own?
• How well are the privacy rights of the members of the campus community protected for the software applications that reside "in the cloud" or on the vendor's hardware? Have vendors been vetted for awareness of and compliance with the requirements of FERPA, HIPAA, PCI, and GLB legislation?
• To what extent are those members of the campus community who use Web 2.0 services aware of whether their intellectual property is adequately safeguarded by services not provided by the institution?
• How is the institution avoiding loss of the understanding and control of its own procedures and policies as a consequence of the adoption of third-party services?
• How well has the IT organization, along with its partners in the library, legal affairs, and instructional design, acquired the expertise to evaluate and manage external sourcing contracts and services?
• What are the institution's plans to authenticate members of its community with respect to a growing set of services and applications that are sourced from multiple providers?
• What are the institution's policies for channeling community members' technology acquisitions toward a set of supported devices versus assisting clients with whichever devices they choose?

Issue #5: Teaching and Learning with Technology

Teaching and Learning with Technology — formerly E-Learning / Distributed Teaching and Learning — ranked #5 this year, moving up from #9 in the 2008 survey. With the increasing availability of technology-based learning tools both internal and external to the institution, the role of the CIO and other IT leaders is expanding to encompass many teaching and learning domains. The trend toward augmenting instruction with technology creates opportunities and substantial challenges for those who must respond to increasingly diverse and fluid instructional environments. CIOs have become crucial to instructional units because they provide leadership in evaluating and supporting the teaching technologies that underlie multiple forms of distributed learning.

A growing proportion of learning takes place outside the traditional boundaries of the classroom, facilitated by applications such as social networks and technologies that support a culture in which everyone creates and shares. In the current economic environment, IT leaders must make decisions about whether or not to accommodate these miscellaneous technologies. Further, they are being asked to provide technological direction for cultural transformations — such as information fluency — that involve library faculty, department faculty, technology specialists, and students as co-creators of knowledge. Finding the proper balance between systemic and ad hoc technologies will be fundamental for IT leaders as they respond to a student generation that prefers less passive and more agile learning. These instructional modalities will foster transformational innovations such as the need for e-portfolios in a reflective, contextual, authentic, and active learning environment.

All of these developments play out in a landscape where IT leaders bear responsibility for systems that support institutional functionality, that protect the privacy and security of faculty members, students, administrators, and staff, that safeguard information and intellectual property, that respond to the data and information needs of the institution, and that provide effective means of communication. This responsibility forces IT leaders to function in a mediated environment — one in which they must manage dwindling resources, increasing demands, and the necessity for a collaborative establishment of effective priorities with administrative and academic constituencies.

Critical questions for Teaching and Learning with Technology include the following:

• To what extent are IT leaders involved in active communities of practice, sharing ideas that facilitate consensus for information and instructional technology?
• What mechanisms are used to provide information about the effectiveness and possible reformulation of institutional technology? Are evaluation results shared on an institution-wide basis with opportunities for reflection?
• How are IT leaders taking an active role in informing key stakeholders about the necessary policy realignments caused by emerging technologies?
• What mechanisms are in place for faculty development? How are faculty members involved in the process?
• What system is in place to examine and reevaluate institutional structures for campus technology on a regular basis?

Issue # 6: Identity/Access Management

In recent years, many higher education institutions have created or acquired institutional resources requiring restricted electronic access, including databases and intellectual property. Moreover, state laws and agencies often require limiting access to non-public resources. These expectations support strong institutional identity/access management (I/AM) strategies. Initially, many campuses start with I/AM by strongly connecting it to e-mail service, whereas others educate campus constituents in understanding that an electronic identity is more than just an e-mail address or an ERP logon.

Issues surrounding I/AM include developing strong vetting, credentialing, and provisioning processes for all constituents (including guests), inventorying and integrating all decentralized systems into a centralized I/AM strategy; and ensuring the federation of identity. In addition, I/AM solutions must be flexible and easily scalable over time.

Outsourcing, hosted, and cloud computing solutions present new challenges. Keeping identity credentialing systems on campus is still a preferred architecture. A separate identity system for the outsourced system can be used, but doing so presents significant challenges — for example, another password for the user to manage or another identity vetting process. As campuses evaluate outsourced e-mail systems, allowing identity credentials to be stored by a vendor service provider causes concern. Institutions must consider whether they should have outsourced e-mail providers authenticate against an in-house system or whether they should outsource credentials.

Federation of identity serves to enable the portability of identity information across security domains, including institutional, agency, and corporate service providers. The need for federation grows as resources, particularly academic research resources, require remote access by trusted associates. Faculty and students are increasingly mobile among campuses, and service solutions must be mobile between campus and vendor. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain, with vetting and authenticating a user done once and with full trust of credentials presented through the federation.

Critical questions for Identity/Access Management include the following:

• What is the institution's documented process for vetting the identity of individuals?
• Can other colleges and universities trust the electronic identities and the vetting process behind those identities, if presented in a federation?
• Can access be defined by role and accommodate role changes over time?
• Should all campus systems be part of a single-sign-on environment?
• As systems move to hosted, cloud, and outsourced solutions, what I/AM plan does the institution have for handling credentials?
• Will outsourced system access be included in the single-sign-on strategy?
• What role will federation play in I/AM solutions?

Issue #7: Governance, Organization, and Leadership

IT leaders continue to rate the issue of Governance, Organization, and Leadership as a top-ten concern. Challenges related to the topic include the lack of standardization of roles and responsibilities of CIOs and IT organizations within institutions, campus politics, changing expectations of constituents, and resource constraints, especially in the face of the recent economic crisis.

From a governance perspective, the recent downturn in the economy has created new opportunities for some CIOs and IT leaders as their expertise — along with that of other senior administrators — is sought to address urgent needs to increase efficiency and effectiveness across campus. The trend to involve IT leaders in broadly based institutional decisions may continue as the percentage of the top technology administrators reporting directly to the president or chancellor continues to increase.⁵ However, even though advances are being seen on some campuses, other technology organizations are struggling to change the perception of IT as an ever-growing expense rather than a potential solution to critical campus issues.

From an organization perspective, widespread budget cuts are negatively affecting IT leaders' ability to fill open positions, advance professional development, and support projects and equipment replacement. IT leaders will need to use strong communication skills to update constituents' expectations for service delivery, staff workload, and purchasing capabilities.

From a leadership perspective, CIOs will face difficult decisions stemming from resource constraints and other aspects of the economic crisis, including dealing with increased staff stress. However, visionary leaders will undoubtedly leverage this time of hardship to uncover new possibilities. They will inspire staff to discover more original solutions, target new collaborations in alignment with institutional priorities, and use creativity to tackle seemingly impossible problems. After all, this is where technology leaders have proven their competence time and again: in the ability to go off the beaten path, to recognize the need for change, and to find breakthroughs where none existed before.

Critical questions for Governance, Organization, and Leadership include the following:

• In an age of increased scrutiny of budgets and priorities, what committees, processes, and procedures are in place to share technology information, discuss priorities, and collect feedback from the campus community?
• Are IT leaders seeking opportunities to understand the broad concerns of the institution and determine how technology might offer solutions?
• Are IT leaders reviewing multi-year technology plans (both strategic and project) in the context of the latest changes to the economy and challenges to the institution?
• How are IT leaders helping staff to manage expectations? Are IT leaders anticipating and preparing to address increased staff stress given the climate of reduced and/or eliminated staff/hiring, professional development, capital budgets, and projects?
• How are IT leaders motivating staff not only to search for cost efficiencies but also to leverage new opportunities that tighter economies encourage, including advancing discussions on integrated service offerings, forging new partnerships, and fostering environments that allow for more innovative solutions?

Issue #8: Disaster Recovery / Business Continuity

Disaster Recovery / Business Continuity (DR/BC) continues to be on the top-ten list of IT issues, and if a major disaster strikes an institution, it will undoubtedly move up the list of IT leaders' concerns. Business continuity can be defined as an institution's ability to maintain or restore its business and academic services when some circumstance disrupts normal operations. BC involves disaster recovery (DR), which encompasses the many activities that are necessary to restore the institution to operational status after a disaster. BC planning is an institution-wide responsibility and needs a champion at the executive level to be successful. Ideally, in an integrated approach, every campus department will understand and prepare for the role it will play in keeping the institution functional in a crisis and operational long-term. Planning includes the identification and alignment of institutional vulnerabilities, priorities, and dependencies, as well as the measures to be taken to facilitate continuity and recovery before, during, and after a crisis. Even more broadly, institutions need to plan for the overall resilience of the infrastructure that supports their teaching, learning, and research activities.

Senior administration should understand the high risk of not being prepared, including damage to institutional reputation, loss of students, and the overall lost opportunity costs of operating reactively. The case for DR/BC readiness needs to be tied to the academic mission; using terminology such as "academic sustainability," "high availability," and "resilience" may be better than "business continuity" when having conversations on campus. Indeed, academic sustainability must be at the forefront of institutional DR/BC planning.

An assessment of risks, including determining acceptable levels of risk and the right levels of investment, is often the place to begin to address DR/BC. Additionally, identification of key systems can ensure that the relevant operational units involved have robust DR/BC plans in place and the funding to accomplish and maintain them. Without risk assessment, there is no good way to understand where the institution stands with regard to BC readiness. Results from risk assessment must be addressed to avoid additional liabilities for the institution.

The process of planning is as valuable as the plan itself. The planning process directs continuing attention to the issues, brings awareness to risks, and identifies key players, relationships, and understandings to coordinate a recovery effort. Planning is key and fosters confidence. Training, simulation, and testing of the plan must be ongoing. Lessons learned locally or elsewhere should be incorporated into the plan. A profile describing the institution's ability to respond and to deliver services with high availability should also be part of the plan, which must be widely communicated. DR/BC planning and overall resilience need to be integrated into institutional thinking on an ongoing basis and in all aspects of campus activity: in designing systems and buildings, in practicing alternate ways of delivering classes, in considering research data, and in undertaking normal operations.

Critical questions for Disaster Recovery / Business Continuity include the following:

• Has the institution assigned responsibility for coordinating DR/BC planning to a specific individual or office? How are all critical departments involved in the planning?
• Has the institution conducted a risk assessment to determine likely threats and mitigation factors? How much of a risk are the current operating methods?
• Has the institution conducted a business impact analysis to determine mission-critical applications and restoration priorities?
• Does the institution have a documented and tested DR/BC plan for each mission-critical application? Is there a program in place for continuous revision and testing of the plans?
• What processes and capabilities are needed to make the institution resilient? What is the IT organization's plan for building and testing these capabilities?
• What opportunities for partnership exist within the state or region to provide resilience to the institution and a partner institution (e.g., a shared regional data center, cross-training, joint testing exercises)?
• Does it make sense for the institution to outsource some DR/BC functions?
• Are issues of DR/BC and resilience routinely included in every discussion about new technologies at the institution?

Issue #9: Agility, Adaptability, and Responsiveness

In the 2008 Current Issues Survey, the issue of Change Management — referring to the ability of an IT organization to drive change within an institution — appeared as #8. The committee re-titled the issue this year as Agility, Adaptability, and Responsiveness, which includes not only the ability to drive change but also, and especially important in the present fiscal climate, the ability of an IT organization to react to a changing landscape. Current times call for an IT organization and leadership that is able to quickly understand the frequently changing realities of the present environment so as to be able to adapt services and, if needed, restructure to meet those needs.

Being agile during times of relative calm is challenging enough, but doing so in a rapidly changing environment requires IT leaders to be aware of the challenges facing the institution at large and of how their services can help meet those challenges. Doing so requires IT leaders to create an organizational culture in which information is freely, honestly, and quickly shared and in which flexibility in work assignments is encouraged by management and accepted by staff. IT leaders also need to be an integral part of campus-wide discussions about how the institution needs to adapt and respond to the changing world. Many of the "efficiencies" that other departments will seek in times of downsizing will likely involve technology, thus adding additional work to the IT organization. Having the IT leaders present during those discussions and decisions will allow the institution to seek even more efficient solutions while at the same time minimizing the chances that unfunded mandates will be passed to IT.

IT organizations simply cannot change on a dime because they are, after all, part of educational institutions, which value the time-consuming goals of ensuring broad understanding and creating consensus. But IT organizations must be able to evolve, spending less time on protecting past accomplishments and focusing instead on how to do what needs to be done today and in the future.

Critical questions for Agility, Adaptability, and Responsiveness include the following:

• Are IT leaders present during campus-wide discussions about how the institution needs to adapt and respond to the changing world?
• To what extent do other campus leaders view the IT leader as a strategic partner who can help them adapt to the realities they face?
• How does the IT organization foster a climate where change is, if not embraced, at least accepted and understood?
• Do IT leaders fully understand the institutional context of the changes they are being asked to make?
• How are IT leaders taking advantage of the tools available to them to gain a quick read on how others are addressing similar issues? For example, have they used the various EDUCAUSE Constituent Group Lists to conduct quick surveys of their peers regarding specific issues?

Issue #10: Learning Management Systems

The learning management system (LMS) has become a mission-critical enterprise system for higher education institutions. According to the EDUCAUSE Core Data Service: Fiscal Year 2007 Summary Report, 93 percent of all campuses responding to the survey supported at least one LMS. In fact, only 0.5 percent of respondents did not deploy and had no plans to deploy such a system.⁶ In Campus Computing 2008, Kenneth C. Green reports that the percentage of college/university courses that use an LMS has risen from 14.7 percent in 2000 to 53.5 percent in 2008.⁷ Accordingly, the LMS faces challenges and concerns similar to all other enterprise systems: acquisition strategy, local needs, rising costs, data migration, system integrity, integration/interoperability with other campus resources, and expansion to purposes for which it was not initially intended.

Although the commercial LMS providers (e.g., Blackboard/Angel Learning and Desire2Learn) dominate higher education, the percentage of campuses using open-source applications (e.g., Moodle and Sakai) has nearly doubled in the last two years.⁸ Given the rising cost of the commercial LMS, the current economic climate, and the pattern of consolidations in the commercial LMS market, the open-source LMS may be a viable alternative for some institutions. For those institutions with an already established LMS, however, the human and technical resources needed to migrate to a new system may be a concern.

Over the years, the LMS has evolved from a content (course) management system (CMS)⁹ to a more all-encompassing system that includes groupware and social networking tools, as well as assessment and e-portfolios to track learning across courses and semesters. Although the LMS needs to continue serving as an enterprise CMS, it also needs to be a student-centered application that gives students greater control over content and learning. Hence, there is continual pressure for the LMS to utilize and integrate with many of the Web 2.0 tools that students already use freely on the Internet and that they expect to find in this kind of system. Some educators even argue that the next requirement is a Personal Learning Environment (PLE) that interoperates with an LMS.¹⁰

At the same time, the question remains: is the LMS being used effectively at the institution, by both faculty and students? Institutions need to ensure that there are quality guidelines for the LMS, that both faculty and staff receive training,¹¹ and that assessment is conducted regularly.

Critical questions for Learning Management Systems include the following:

• What factors at the institution favor buying a commercial LMS or supporting an open-source application?
• What systems need to be integrated with the LMS: portal? e-portfolio? ERP? library resources? Does the LMS support the integration of these systems?
• Does the institution have the development and support expertise either to support an open-source LMS or to integrate open-source components into a commercial LMS?
• Has the institution conducted, or is it planning to conduct, an assessment of how effectively the LMS is being used? What training/support resources are available to help faculty and students make better use of the LMS features?
• If a change will be made to a new system, what plan is in place to ensure the smooth migration of existing materials to the new system?

A Decade of Surveys

The first annual EDUCAUSE Current Issues Survey was conducted in 2000, making this the tenth anniversary. The decade of surveys has revealed, perhaps not surprisingly, a consistency in the issues that IT leaders consider to be critical for the strategic success of their institutions. In these ten years, only three issues have held the #1 spot: Funding IT has been the #1 issue six times; Administrative/ ERP Information Systems and Security have each held the top position twice. Indeed, since 2003, these three issues have always held the top-three spots, in various ranking order. (The only other issues to reach the top three were Faculty Development and Training in 2000, 2001, and 2002 and Distance Education in 2000.) Critical benchmarks for IT in higher education, the issues of Funding IT, Administrative/ ERP Information Systems, and Security are closely aligned with internal and external perceptions of an IT organization's overall efficiency and effectiveness.

Funding IT has appeared consistently not only as a strategic issue but also as an issue with the potential to become more significant and as an issue demanding a large amount of the IT leader's time. In 2004, 2005, and 2006, Funding IT also showed up as an issue that demanded the most expenditure of institutional resources. But Administrative/ERP Information Systems has been even more ubiquitous in the survey. In every year except 2000, this issue has been in the top ten for all four questions, and it has been the #1 issue every year in terms of expenditure of institutional resources. Although Security did not make the top-ten list in the first Current Issues Survey, by 2001 Security Management was ranked #3 in the list of issues with the potential to become more significant. It has remained as one of the top-two issues on that list ever since.

Issues related to teaching and learning have always occupied a high place in the survey. In the first survey, issues related to teaching and learning held three of the top-ten slots for issues of strategic importance: Faculty Development, Support, and Training was #2; Distance Education was #3; and E-Learning Environments was #4. The same three issues appeared in the top ten for issues with potential to become more significant, and the first two were also on the lists for demanding the IT leader's time and expenditure of institutional resources. Distance Education and E-Learning Environments went through several name changes and gradually morphed into Teaching and Learning with Technology by 2009. By whatever name, this category has shown up regularly not only as a strategic issue but also as an issue with the potential to become more significant and as an issue that demands expenditure of institutional resources.

Meanwhile, Faculty Development and Training continued to appear in the top-ten strategic issues list through the 2007 survey. Although Faculty Development, Support, and Training remained as a separate issue in the 2009 survey, many of the subissues were subsumed into the new Teaching and Learning with Technology category, which may explain why Faculty Development, Support, and Training did not show up as a top-ten strategic issue on its own. Finally, ever since Electronic Classrooms and Technology Buildings was added to the survey in 2001 (changed to Technology-Enhanced Classrooms and Other Learning Spaces in 2009), it has ranked in the top ten in terms of demand for institutional resources. Since 2003, Instructional/Course Management Systems (changed to Learning Management Systems in 2009) has joined it there. Clearly, the increasing influence of teaching and learning as a key element of the IT organization's mission and as an expanding function of the profession is reflected in the rise of the Teaching and Learning with Technology issue from #9 in strategic importance in 2008 to #5 in 2009 and to the reappearance of the enterprise-focused Learning Management Systems at #10 in strategic importance.

Infrastructure is another category that has consistently placed in the top-ten list of issues of strategic importance, although the definition has morphed somewhat over the decade. In 2000, this issue was called Advanced Networking Challenges (#9). The following year, Building and Maintaining Network and IT Infrastructure was #9, and by 2002, both Maintaining Network Infrastructure (#9) and Emerging Network Technologies (#10) were in the top ten. Infrastructure Management has consistently shown up as a top-ten issue for demanding the IT leader's time and for expenditure of institutional resources. In 2009, these infrastructure concerns were expressed in the Infrastructure/Cyberinfrastructure category, which ranked #4 in strategic importance. The persistence of this issue indicates that faculty and research computing issues and support continue to demand considerable attention from IT leaders.

Strategic Planning held a place in the top-ten list of strategic issues until 2008, when, interestingly, Change Management made its first appearance on the list. For 2009, the Current Issues Committee recast the Change Management issue as Agility, Adaptability, and Responsiveness, and it again appeared in the list of top issues for strategic success. Although Strategic Planning continues to hold a top place as an issue that demands the IT leader's time, more focus is being placed on Agility, Adaptability, and Responsiveness and on Governance, Organization and Leadership — #9 and #7, respectively, in the 2009 list of issues of strategic importance. Institutional funding challenges may be forcing campus IT leaders to quickly adapt and alter long-term plans to align with new institutional imperatives.

The EDUCAUSE Current Issues Surveys continue to provide insight into how IT leaders perceive their major challenges and opportunities. Over the past decade, the surveys have reflected the evolution and maturation of higher education information technology as a whole. As IT organizations have become a critical component of the business of the institution, organizational issues surrounding governance, alignment, accountability, and nimbleness have increased in strategic importance. As interest in integrating technology into instruction has spread, issues focused on teaching and learning with technology have likewise emerged as key to institutional success. And through it all, the traditional top-three issues — Funding IT, Administrative/ERP Information Systems, and Security — have remained the same. By ranking these issues high in strategic importance and by giving them the attention needed, IT leaders have provided a solid foundation on which to build new services.

In their book Reframing Organizations, Lee Bolman and Terrence Deal state: "Like surfers, leaders must always ride the waves of change. If they get too far ahead, they will be crushed. If they fall behind, they will become irrelevant."¹² By examining the relevant issues of yesterday, today, and tomorrow, IT leaders will find the knowledge, patience, and balance necessary to successfully ride the waves of present-day events.

1. Of the 1,955 EDUCAUSE primary member representatives who received an e-mail invitation to complete the survey, 554 (28%) responded.
2. Complete details of the 2009 Current Issues Survey are being published online, on the EDUCAUSE 2009 Current Issues website <http://www.educause.edu/2009IssuesResources/>.
3. Revolutionizing Science and Engineering through Cyberinfrastructure: Report of the National Science Foundation Blue-Ribbon Advisory Panel on Cyberinfrastructure, January 2003, p. 5, <http://www.nsf.gov/od/oci/reports/CH1.pdf>.
4. See American Council of Learned Societies Commission on Cyberinfrastructure for the Humanities and Social Sciences, Our Cultural Commonwealth (2006), <http://www.acls.org/uploadedfiles/publications/programs/our_cultural_commonwealth>.
5. See Brian L. Hawkins and Julia A. Rudy, EDUCAUSE Core Data Service: Fiscal Year 2007 Summary Report (Boulder, Colo.: EDUCAUSE, 2008), <http://net.educause.edu/apps/coredata/reports/2007/>.
6. Ibid., p. 33.
7. Kenneth C. Green, Campus Computing 2008: The 19th National Survey of Computing and Information Technology in American Higher Education (Encino, Calif.: The Campus Computing Project, 2008), p. 9, <http://www.campuscomputing.net>.
8. Ibid., pp. 9-10.
9. Brian Stewart, Rodger Graham, and Tim Terry, "Content Management for the Enterprise: CMS Definition and Selection," EDUCAUSE Center for Applied Research (ECAR) Research Bulletin, no. 22 (October 28, 2008), <http://connect.educause.edu/Library/Abstract/ContentManagementfortheEn/47540>.
10. Niall Sclater, "Web 2.0, Personal Learning Environments, and the Future of Learning Management Systems," EDUCAUSE Center for Applied Research (ECAR) Research Bulletin, no. 13 (June 24, 2008), <http://connect.educause.edu/Library/Abstract/Web20PersonalLearningEnvi/46952>.
11. Ining Tracy Chao, "Moving to Moodle: Reflections Two Years Later," EQ (EDUCAUSE Quarterly), vol. 31, no. 3 (2008), pp. 46-52.
12. Lee G. Bolman and Terrence E. Deal, Reframing Organizations: Artistry, Choice, and Leadership, 2d ed. (San Francisco: Jossey-Bass Publishers, 199

Bookmark/Search this page with: