From Users to Choosers: Central IT and the Challenge of Consumer Choice
© 2010 Ronald Yanosky. The text of this article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License (http://creativecommons.org/licenses/by-nc-nd/3.0/).
EDUCAUSE Review, vol. 45, no. 6 (November/December 2010)
Is the era of personal computing ending, or is it only just beginning? Certainly, cyberlife seems to have become more intensely personal over the last few years, partly because it has also become so much more social. We tend our social networking sites like quirky little gardens and turn pocket phones into personal fetishes. We assign ratings and attach comments to pretty much everything, from a math professor's lecture to a movie star's latest look. And though we don't care to think about it much, just navigating around the digital universe creates a remarkably detailed portrait of our personal tastes and habits.
But if by personal computing we mean a set of activities defined by the classic personal computer, we can safely say that its day has passed. We're well on the way into the much-anticipated age of ubiquitous computing, when smart resources don't just sit on our desktops but, rather, surround us. New devices, faster networks, and new modes of service delivery are freeing us from stationary machines and are allowing us to create personal information environments whose virtual components might physically reside (for all we know) next door, across an ocean, or (to coin a phrase) up in the clouds.
The rise of this new consumer-oriented ubiquitous computing will reshape—and reduce—users' reliance on that other major computing domain: enterprise IT. Much of the IT capability that colleges and universities now maintain will devolve to external services, with some remaining under institutional control but with others becoming independent. As the people institutions are accustomed to thinking of as users refashion themselves into choosers, colleges and universities will have to devise new ways of supporting constituents and looking out for institutional interests.
The decline of enterprise computing has been announced before, of course—first from prophets of the minicomputer and the personal computer and, more recently, in the famous argument that "IT doesn't matter."1 But like "Moore's Law" and English weights and measures, enterprise computing has a way of defying predictions of its demise, and for well over half a century, the steady trend has instead been toward bigger enterprise IT units with ever-expanding service portfolios. My view is that we are about to enter a period when the quality of IT leadership will take precedence over the quantity of IT services provided.
The Rise of Enterprise Authority
How will the emerging ubiquitous computing environment take us in this direction? Let's first look at how we got where we are.
Computing began in an atmosphere of scarcity. The digital computers born in the World War II era immediately attracted far more demand than they could meet, and the researchers who operated them became gatekeepers, allocating not only machine time but also their own rare skills. Commercial computers helped routinize computing in the 1950s, but for many years, computing took place in highly structured environments. In the classic mainframe era introduced by IBM's System/360, business computing was conceived of as data processing—a segregated activity that collected data from day-to-day business operations, processed it, and sent the processed data back to the business.
But even data processing was not so very segregated. IT professionals soon found that they had to develop new skills beyond the care and feeding of the technology: understanding the requirements of users who often could not articulate their own technical needs, determining priorities, and crucially, arbitrating among departments that competed for IT resources but didn't communicate with each other. A near-monopoly on programming skills gave IT units growing influence over business and academic operations, and because they had to make different applications work together, IT professionals often came to understand cross-departmental issues better than the functional departments did themselves. This de facto ability to speak for the enterprise steadily grew as computing spread to more and more operations; it also sparked a backlash among frustrated users who resented the power of the new class of IT bureaucrats.
Partly for these reasons, personal computing and its less anarchic cousin distributed computing were hailed not just as technical advances but as ideologies of liberation. Of course, the PC made a colossus of Microsoft, but conceptually, personal computing drew also from far less establishmentarian sources, including the counterculture-flavored libertarianism of post-1960s hackers, hobbyists, and maverick entrepreneurs. Magazines like Byte and Dr. Dobb's Journal promoted the desktop computer as the triumph of individuality over bureaucracy, and as computing power spread outward, a boisterous user-group culture began to articulate the needs and ambitions of a mass PC user community.
But curiously, neither personal computing nor distributed computing starved the central IT beast. By the late 1980s, colleges and universities supported every mode and level of computing in a complex mix of administrative, academic, and personal contexts. Central IT had lost its monopoly on cycles and skills, and the mainframe was in decline, yet in many ways the need for an enterprise view of computing—one serving the interests of the institution as a whole—had just begun to be recognized. Even while enjoying their independence, distributed units and PC users quickly realized that they couldn't effectively use their systems unless they could share files and other resources. They also confronted technical problems that they could not address on their own. Administrative applications built for individual departments likewise needed to share data and to address multi-departmental problems. Thanks to these emerging issues of sharing, support, and integration, central IT entered its great period of expansion and influence after the personal computer invaded offices and homes.
At the core of IT's post-PC rise were the network and enterprise applications. As cross-platform network technologies like Ethernet appeared, the network backbone took the place of the mainframe as the indispensible central IT asset, reinvigorating central IT's role as gatekeeper, rule enforcer, and magician-in-chief. Large-scale campus networks bridged the gap between center and edge and effected a radical shift in emphasis from computation to information access. Before consumer high-speed connectivity became affordable at the end of the 1990s, many constituents relied exclusively on their campus connections for broadband and on their campus dialup connection for home access to networked resources. For these users, the institution was the network.
The promise of managing business in real time added still new layers of enterprise authority. Whether the Y2K era's expensive ERP investments truly paid for themselves remains controversial, but they certainly worked a revolution in customer service, increased the visibility of information systems, and caused huge sums of money to flow through central IT units. Through its roles in strategic process redesign and system implementation, central IT promoted itself as an agent of institutional transformation and increasingly claimed the proverbial seat at the cabinet table.
The Internet and the World Wide Web replayed this history at higher speed. As had happened with distributed and personal computing, innovations that at first seemed likely to reduce central IT power actually fed it. Institutions turned to their IT units to build websites, web-enable applications, and sort out the strange new policy issues that grew from community-wide participation in networks. Central IT leaders negotiated the contracts and maintained the infrastructure that connected the institution to the Internet, and they helped found the larger regional and national networks that kept higher education at the cutting-edge of network operations. And as soon as institutions committed themselves wholeheartedly to the Internet, it became painfully evident that the new technology was riddled with security risks. IT's portfolio, already bulging with support and transformation projects, expanded still further with a mission of institutional protection.
Today this complicated mix of capabilities and dependencies has shaped the user-IT relations within higher education into a roughly "federal" model—with a "citizen" layer of individual users, a "state" layer of department and school IT units, and a "national" layer of central IT and the CIO's office. Central IT shares power, but it serves as a sort of first among equals. It typically retains control over key assets including the campus backbone, Internet connectivity, central user support, and major data centers, as well as playing a crucial coordinating role in IT governance. These factors give central IT a set of carrots and sticks that no other technology unit enjoys. The central unit's enterprise authority—its ability to define computing norms that protect the interests of the institution and, thus, the interests of the user community as a whole—flows from them.
The Consumer Challenge to Enterprise Authority
Given a little more historical distance, we may eventually conclude that the higher education IT "empire" peaked sometime around the turn of the millennium, when the institution was still the default provider of almost every aspect of the technology environment, trying to be all things to all users. On the other hand, we may decide that the present moment, with its increasingly complex regulation and politicization of IT and its new frontiers in mobility and social networking, constitutes the peak. Or perhaps enterprise IT's trajectory will continue to rise for some time to come. Regardless, we should not assume that because IT has always grown, it will continue to be the same universal, broad-based provider that it has been for the last three decades.
Signs of a change in direction are evident. Few non-resident constituents still rely exclusively on their institutions for basic connectivity. Increasingly, data-centric mobile devices are blurring the line between personal and institutional resources. The web, once mainly a mechanism for connecting people to information hubs—a model that kept the institution at the center—has morphed into a means for dispersed peer-to-peer communication. Facebook has reached such gargantuan scale that it operates as a sort of parallel, socially aware web, complete with a 500-million-person identity system. Institutions have moved their student e-mail systems to Google or similar cloud-based providers, and consumer options for similarly transitioning office-productivity tools and business applications are proliferating.
These new technologies, unlike the PC, do not rely on an institutional infrastructure for their full realization. Assuming a direct relationship between vendor and customer, they displace technology intermediaries, tossing them aside like jilted lovers. Cloud-based services make an increasingly wide spectrum of resources—from raw computing power to sophisticated business applications and rich collaborative environments—available to anybody with an Internet connection. Furthermore, new consumer services often rely on proprietary technology stacks and closed business processes, making them peculiarly difficult for institutions to influence or manage. The millions of consumers buying hot new devices like the Apple iPhone and iPad and the Amazon Kindle seem not to have gotten the memo telling them that the world is headed toward open, standards-based platforms. Even though colleges and universities can certainly enhance the value of the new devices through apps development and support, they are less able to define the parameters of use than they were with technologies like Ethernet, Wi-Fi, and the PC. Often they don't even know who is doing institutional work through these new resources.
In short, the ability of central IT to exercise enterprise authority through its control over the network, contracts, and major applications is eroding, and power is likely to flow further "downward" in the IT federal hierarchy. Cloud-empowered business and academic units will gain new power, winning not only IT independence but possibly budget dollars reallocated when central IT-delivered services become contracted business services. At the consumer level, students and faculty are likely to be increasingly autonomous and to have less sense of dependence on central IT. Yet the concerns of the enterprise, from system and data security to process efficiency and appropriate use, will be as critical as ever. How can administrators who now have less ability to build those concerns into the IT plumbing continue to assert them?
One could imagine institutions bowing to the logic of consumer choice and adopting a purely laissez-faire attitude, neither regulating what constituents do nor providing support if they get into trouble. But it's hard to imagine that this approach would succeed. IT professionals know that smart devices get tangled up in institutional business, and cloud services that displace institutional applications will inevitably generate irresistible demands for support. The nightmare scenario for central IT arises when groups of users who have independently drawn cloud service providers into institutional business plead, after the fact, for help in sorting out multiparty, multiplatform support issues.
To some extent, the user community itself could fill the resulting vacuums in support and enterprise authority. Consumers freed from dependence on the IT bureaucracy may be more conscious of their mutual interests and their ability to self-organize, and the same grassroots self-help impulses that one now sees in open-source and crowd-sourced communities could become generalized. Virtualization and commoditization could also reduce the technical idiosyncrasies that users have to grapple with, making it easier for functional user communities to rely on internal support competencies. Nor should we dismiss the possibility that users may develop a more sophisticated and effective sense of enterprise responsibility as they venture into new environments.
Yet every shift in computing paradigms has brought its disappointed utopian hopes, and the emerging environment will likely be no exception. Computing may indeed look simpler to users in a future, mature consumer environment than it does to users in today's messy world—where desktop, departmental, enterprise, and Internet resources constantly clash. But this messy world is the devil that institutions know. Besides exposing themselves (and the institution) to the unknown reliability and viability of cloud service providers, users are bound to discover more subtle limits on the integratability of external resources, especially as they begin to mix and match them to support complex processes. These issues will often arise from specific local needs whose unique and possibly confidential nature works against the open-source premise that "given enough eyeballs, all bugs are shallow." More broadly, we need to consider the fact that decades of deploring and fighting institutional stovepiping has resulted in only modest progress toward true enterprise information systems. The centrifugal forces that have made enterprise sensibility a constant struggle aren't going to go away.
Nor is there much chance of locking down the institutional environment. Restrictive policies might prevent complete anarchy, but few IT administrators will relish the job of building a policy wall (or, worse, a technology wall) between users and the resources those users want to access, and at any rate, it isn't clear that restraining constituents from using powerful new services advances the institution's best interests.
Central IT will need to adapt to this changing balance of power by discriminating between different aspects of its current roles and responsibilities. The era of full-spectrum, site-based IT services is most probably coming to an end; neither technological nor economic realities suggest that it is sustainable. At the same time, I do not agree with Nicholas Carr that enterprise IT is headed toward oblivion, its place taken by generic cloud-based computing utilities. Though the utility metaphor may apply to some aspects of computing, it is a poor fit with others; computing involves processes and information regimes that cannot be reduced to the simplicity and fungibility of, say, electrical power.
Responding to a New Services Portfolio
In fact, the ability of institutional IT organizations to deal with the complexity of the emerging environment will define their continuing relevance. IT administrators are already familiar with the challenges of shaping behavior through moral suasion, politics, and policy rather than technological supremacy. They are almost certainly headed for more such challenges, centering on the problems of making users better choosers and encouraging them to be more sophisticated and participatory members of the technology community.
Educating constituents about their options and actively identifying well-designed resources will be a key role for the consumer-oriented IT organization. To borrow a line from pedagogy, central IT might manage as "the guide by the user's side" rather than as "the sage on the IT stage," shaping users' choice by promoting guidelines that tell them how to be good services consumers. Cloud resources could be certified on the basis of good security and enterprise practices such as use of open standards, robust identity management, encryption and other data-management protections, auditability, and business continuity practices. Likewise, certification could address contractual issues such as indemnification, liability, and code escrow in the event of vendor failure. Users would be encouraged to choose certified resources, would be warned of the dangers of uncertified resources, and would be held accountable if they got into trouble when straying into uncertified territory.
Presumably, certification would be a collaborative process involving multiple concentric rings of participation. At the core, a basic set of enterprise certification guidelines could specify institution-wide practices, drawing on input from surrounding rings of school, departmental, and user-group entities and deferring to them on matters of local scope. Encircling these would be additional rings representing external communities of practice, standards bodies, product user groups, and other entities with relevant expertise. IT units both central and local could help users assess vendor claims and sort out the institutional implications of what might be a confusing tangle of competing products and standards. Influence of this kind could substantially reduce institutional exposure and improve the consumer computing experience for everyone.
It is hard to imagine any way of implementing this role that doesn't make new demands on one of the key existing instruments of enterprise authority: IT governance. Injecting institutional interests into the decision-making of empowered users is an inherently politicizing requirement that will feed demands on governance, because it means that enterprise policies once implicitly embedded in institutional service delivery will have to be negotiated (or mandated) explicitly. No one has the experience that central IT does in dealing with such enterprise IT politics. As a 2008 ECAR study of IT governance found, responsibility for IT governance is overwhelmingly in the hands of CIOs, and they tend to run inclusive and, by their assessment, effective governance structures.2 IT leaders who wearily describe their role as "herding cats" may well be identifying just the sort of experience and skill that will keep central IT strategic in the age of consumer choice. Already commonly used for prioritizing projects and guiding stakeholders toward consensus, IT governance will also have to become an instrument for learning how the community uses its new tools, articulating and transmitting institutional norms, and building a culture of informed and responsible technology consumption.
A more direct way to shape users' behavior, and one more in keeping with IT's hands-on technology heritage, will be to offer services that combine the characteristics of the commercial consumer environment—scale, elasticity, on-demand convenience, and "mass customization"—with the interests and ethics of higher education. Of course, colleges and universities aren't going to build their own sexy new consumer devices. But as Brad Wheeler and Shelton Waggener argue, higher education can define a layer of "above-campus services" by harnessing cloud technologies for their own purposes.3 Blessed with both robust high-speed networks and a culture of collaboration, colleges and universities are in an unusually strong position to aggregate demand, govern collectively, and flexibly exploit cloud technologies in consortial or multilateral arrangements. These services might directly compete with commercial offerings, as they already do in such areas as learning management systems and grants management, or they might provide specialized capabilities that are beyond the means of individual institutions but are too narrowly focused to attract commercial investment.
The crucial point about consortial sourcing is that it adapts to the logic of user choice and departs from the model of the all-providing institution. Consortial services will ultimately compete on their ability to better meet the demands of empowered users, and to do so, these services will rely on many of the same mechanisms—for example, identifying good enterprise (and multi-enterprise) practices, encouraging responsible consumer decisions, and using agile governance to represent all stakeholders fairly—that come into play when institutions address a consumer-oriented technology environment. Consortial services could instantiate community norms in strategically vital areas, and consortia would make a natural venue for the sort of commercial/consumer service certification mentioned above. But even the most successful consortia will not change the fact that the spectrum of choice is expanding enormously.
Hard Assets and Soft Power
The hard assets of IT are simultaneously proliferating and dissipating—moving up into the clouds and down into pockets and purses. Higher education IT units still manage plenty of assets, of course, and it's likely they always will. In absolute terms, the institutional ecosystem may even continue to grow. But as enablers of all the things people aspire to do, institutional assets and services are faced with relative decline as they become an increasingly smaller fraction of constituents' information environment.
This does not mean that the IT unit is losing relevance. On the contrary, some of the most vital functions of good IT administration will become increasingly important as their de facto expression in IT-managed assets gives way to a complex, consumer-driven environment in which institutional interests and community norms must be explicitly articulated and governed in the open. To continue to play its vital role in this process, central IT will need to better master the arts of "soft power." The common thread in its future role will be the need to meet enterprise responsibilities through influence, negotiation, and informed risk management rather than through official, hard-wired enterprise authority.
An earlier version of this article appeared as “From Users to Choosers: The Cloud and the Changing Shape of Enterprise Authority,” in Richard N. Katz, ed., The Tower and the Cloud: Higher Education in the Age of Cloud Computing (Boulder, Colo.: EDUCAUSE, 2008), <http://www.educause.edu/thetowerandthecloud>.
1. Nicholas G. Carr first raised his provocative thesis about enterprise IT in "IT Doesn't Matter," Harvard Business Review, May 1, 2003, pp. 41–49. For responses to Carr from higher education, see Jack McCredie, "Does IT Matter to Higher Education?" and Edward L. Ayers and Charles M. Grisham, "Why IT Has Not Paid Off As We Hoped (Yet)," both in EDUCAUSE Review, vol. 38, no. 6 (November/December 2003), <http://www.educause.edu/library/ERM036w>. Carr subsequently pursued his theme in the books Does IT Matter? Information Technology and the Corrosion of Competitive Advantage (Boston: Harvard Business School Press, 2004) and The Big Switch: Rewiring the World, from Edison to Google (New York: W. W. Norton & Co., 2008).
2. Ronald Yanosky with Jack McCredie, Process and Politics: IT Governance in Higher Education, EDUCAUSE Center for Applied Research (ECAR) Research Study 5 (July 21, 2008), <http://www.educause.edu/ECAR/ProcessandPoliticsITGovernance/163112>.
3. Brad Wheeler and Shelton Waggener, "Above-Campus Services: Shaping the Promise of Cloud Computing for Higher Education," EDUCAUSE Review, vol. 44, no. 6 (November/December 2009), pp. 52–66, <http://www.educause.edu/library/ERM0963>.