This year marks the seventh annual EDUCAUSE Current Issues Survey to identify what campus information technology leaders see as their most critical IT challenges.1 Thirty-seven percent (628) of the 1,708 EDUCAUSE primary member representatives responded to an e-mail invitation to complete the Web-based survey in December 2005. Table 1 shows the institutional demographics of respondents. Survey participants were asked to check up to five of 31 issues in response to each of four questions (see Tables 2 and 3).
Click image for larger view.
Click image for larger view.
Click image for larger view.
In preparing the survey each year, the Current Issues Committee tries to strike a balance between preserving issue choices across time and introducing (a) new issues that arise as a consequence of emerging technologies and new solutions, and (b) changes in the evolving IT nomenclature. For 2006, the Committee introduced the following three issues (and subtopics):
End-to-End Service Assurance
- Managing projects and change collaboratively and holistically
- Testing applications automatically
- Monitoring services end-to-end
- Handling incidents/alerts efficiently
- Establishing/negotiating service level agreements (SLAs)
Outsourcing
- Identifying “what” and the right balance
- Determining whether in-house expertise is sufficient to retain a service/application
- Weighing cost-benefit and in-house knowledge of institutional culture
- Making a business case
- Assessing provider performance
Portfolio Development and Management
- Developing or selecting application
- Prioritizing needs and designing/customizing functionality
- Integrating with enterprise system
- Determining management and update responsibility
- Establishing access rules
- Resolving privacy and official academic record issues
Of these three, Portfolio Development and Management drew the most responses, appearing among the top-ten issues expected to become more significant in the coming year for medium, large, private, and public institutions. End-to-End Service Assurance appeared in one demographic top-ten list: issues critical to resolve for strategic success in large institutions. Outsourcing did not appear at all, though it is surely a phenomenon that has been increasing for a number of IT services in recent years, and it may be understood by some respondents as subsumed under Collaboration/Partnerships, which occupies the time of CIOs at large and doctoral/research institutions
2006 Survey Findings: All Respondents
Three findings for all institutional respondents to this year’s survey are especially notable. First, for the first time ever, Security and Identity Management has topped Funding IT as the number-one IT-related issue in terms of its strategic importance to the institution (Question 1). Funding IT has occupied the top position for three straight years, 2003–2005, but since 2002, the year following the terrorist attacks in the United States, Security and Identity Management has risen steadily in perceived importance: fourth in 2002, third in 2003 and 2004, second in 2005, and now first. In addition, Security and Identity Management is the number-one issue expected to become even more significant next year (Question 2), number five in occupying IT leaders’ time (Question 3), and number four in consuming campus human and financial resources (Question 4).
Second, the devastating hurricane seasons of 2004 and 2005, culminating in Hurricane Katrina in August 2005, prompted nationwide attention in the higher education community to the issue of Disaster Recovery/Business Continuity, reflected by its dramatic appearance as number four in strategic importance after having appeared only once before in the top ten in this category (number 10 in 2004). It is not as though institutions in the rest of the country are now concerned about getting hit by a hurricane but, rather, that by closely watching what happened at colleges and universities in New Orleans and other devastated areas, and by participating in the hurricane relief efforts mounted by ACE, EDUCAUSE, and other organizations, IT leaders of all kinds and sizes of institutions have come to appreciate the astonishing complexity and dependencies of trying to maintain or reestablish information and communications services after a disaster. Moreover, the situation is not that most institutions have no disaster recovery plans but that CIOs and their staffs have had to scrutinize those plans for sufficient depth and detail of readiness. Out of the shared experiences, unexpected expertise, and overnight celebrity of IT leaders in Alabama, Florida, Louisiana, Mississippi, and Texas, all of us have learned new aspects of data and hardware backup, rapid infrastructure rebuilding, alternative Web site hosting, inter-institutional collaboration, application continuity contracts, and on-the-fly project management.
Third, Enterprise-Level Portals dropped off the list of top-ten IT issues of strategic importance to the institution. This change most likely points to two intersecting dynamics: (1) more vendor-supplied enterprise resource planning (ERP) systems have incorporated a portal solution/module into their products; and (2) whether homegrown or vendor-supplied, information portals for students, faculty, and staff have been implemented at numerous institutions of all types and sizes, with some portals in third- and fourth-generation iterations. Thus this phenomenon has evolved into a service that is being maintained and refined, and CIOs no longer perceive enterprise-level portals to be compelling enough to be listed among the top-ten IT issues.
Comparing responses across all questions for all respondents, four issues rank in the top ten in all four areas:
- Administrative/ERP/Information Systems
- Funding IT
- Infrastructure
- Security and Identity Management
Two other issues are on the top-ten lists for three of the four questions (all but Question 4, resource consumption):
- Disaster Recovery/Business Continuity
- Governance, Organization, and Leadership
How do these results compare to last year’s? With most issues either holding their rankings or only moving up or down one position from 2005 to 2006, the top-ten issues for all respondents have remained fairly stable (see Table 4). Several changes, however, are worth noting in this comparison.
Click image for larger view.
Disaster Recovery/Business Continuity not only emerges dramatically as the number-four strategic issue, it rose five positions—to number three—in potential to become more significant this coming year and appears for the first time as a top-ten issue (number nine) that consumes the IT leader’s time. The question that next year’s survey will help answer is whether this issue’s dynamic appearance and elevation in 2005–2006 is a one- or multi-year “wonder” for all institutions. If it slips or drops out of the top-ten entirely in 2006–2007, we might broadly infer that institutions will have been able to tighten disaster plans and to establish collaborative/contractual business continuity relationships that lower its urgency. Of course, the issue may well remain a major concern for individual institutions whose recovery from particular disasters will continue for years after public attention fades.
Governance, Organization, and Leadership ranks seventh among issues with the potential to become more significant in the coming year, whereas it did not appear at all in this category in 2005. This may reflect a number of issues receiving national and statewide public and legislative attention, including increasing calls for outcomes accountability in higher education, challenges to rising tuition levels, and scrutiny of executive compensation, all of which can have direct or indirect impact on IT services to students, faculty, and staff.
Emerging Technologies and Portfolio Development and Management appear for the first time, tied for tenth position, among issues with the potential to become more significant in the coming year. As broken out in the survey, Emerging Technologies includes assessing the impact of emerging technologies on infrastructure strategies; deploying wireless communication technology; evaluating the potential of voice over IP (VoIP) technology; determining the role of handheld and mobile computing; and appropriately supporting blogs, vlogs, wikis, and podcasting. While none of these alone constitutes an issue that would make the top ten for all institutions, collectively they represent a formidable set of challenges for institutions deciding which should be cultivated in a climate of rising expectations that must be aligned with campus missions—or, conversely, realigning missions with technology expectations.
Just as Portals emerged as a top-ten issue several years ago, so has Portfolio Development and Management in 2006.
Each year, the survey results show differences between issues that IT leaders are spending most of their time on and the top issues for the other three questions. With broad responsibility for all elements of the IT organization, including services to many campus constituencies, multi-year planning, resource management, and intersection with institutional goals, CIOs and senior IT administrators typically focus on some challenges that either do not appear at all on the other lists or do not appear as high. In 2006, these are
- Change Management;
- Governance, Organization, and Leadership; and
- Staffing/HR Management/Training.
Except for minor changes of one or two rankings, issues that involve the greatest expenditures of human and/or financial resources were fairly stable in 2006. The top two rankings have remain unchanged since 2001: Administrative/ERP/Information Systems, and Infrastructure. The one notable change this year is the reemergence of Staffing/HR Management/Training, ranked ninth, having appeared in this category only twice before, in 2001 (fifth) and 2003 (tenth).
Context: Other Annual Measures and Indices
Before looking at specific demographic similarities and differences of the EDUCAUSE Current Issues Survey results, it is worth placing the overall responses in the context of other annual reports and digests of higher education trends that focus wholly or partly on IT. To be sure, other organizations’ surveys and predictions pose different questions and apply variable breadth and depth probes for different industry sectors and audiences from college and university IT leaders per se. With this caveat, we can see convergence and divergence of views among the apples and oranges. A table representing the findings from the organizations listed below can be found at the EDUCAUSE 2006 Current Issues Web site (http://www.educause.edu/2006SurveyResources).
The Campus Computing Project
The Campus Computing Project’s 2005 survey2 found “network and data security” to be the most important IT issue for higher education over the next two to three years. In addition, more than half of the respondents reported that their campus networks had experienced hacking attempts and other attacks in the previous year. The top five concerns cited, in descending order, were
- Network and data security
- Helping faculty integrate technology into instruction
- Upgrading/replacing ERP systems
- Providing user support
- Financing the replacement of hardware and software
Campus Technology
In its 2005 end-of-year issue, Campus Technology spotlighted 101 best practices under three major categories that will challenge IT leaders in the immediate and indefinite future: security, mobility, and technology convergence. In addition to giving paragraph-long descriptions of the practices with links, the issue provided indexes by subtopic and institution/organization.3
Chronicle of Higher Education
Among his major predictions for higher education in 2015,4 policy and market researcher Daniel Yankelovich identified the following trends with clear implications for IT services:
- Changing life cycles and learning styles that blend education, work, and flexible time expectations
- An expanding demographic of older students needing new skills and technical competencies
- America’s growing vulnerability in science and technology, requiring better-trained faculty, revamped curricula, and engaged students
CIO Magazine
CIO Magazine’s 2005–2006 annual State of the CIO survey5 of IT leaders in business, finance, government, health care, and manufacturing showed the following sets of top-three foci:
IT Impact on Innovation
- Reduce costs through efficiency/productivity
- Enable/drive business innovation
- Create competitive advantage
Major Outsourced Services/Processes
- Application development, maintenance, or support
- Web, data, or application hosting
- WAN, LAN, or connectivity management
Biggest Barriers to Job Effectiveness
- Backlog of requests and projects
- Inadequate budgets
- Shortage of time for strategic thinking and planning
Top Technology Priorities
- Integrate/enhance systems and processes
- Ensure data security and integrity
- Enable business intelligence.
Computerworld
The 2005 Computerworld Premier 100 IT Leaders and winners of the magazine’s Best Places to Work awards contributed to a report that identified six major opportunities and challenges for CIOs who want to have a transformational impact on their organizations6:
- Alignment = Collaboration: Making sure that IT is at the internal strategy table so that IT spending is connected to business goals
- Governance and Funding: Adopting a governance model that produces timely decisions, responsible actions, and reasonable results
- IT Sourcing: Ensuring that there is an IT sourcing strategy, whether internal or “out,” that is based on realistic assessments of cost, quality, core competencies, and effective control structures
- Performance Measures: Regularly assessing and benchmarking IT unit performance against such measures as cost, value, quality, risk, customer satisfaction, and strategic alignment
- Growing Talent: Cultivating the existing talent pool by aligning work to match staff interests and skills
- Beyond Customer Satisfaction: Managing internal customers’ demands through segmentation, needs assessment, and cost-value measures.
EDUCAUSE Center for Applied Research (ECAR)
One measure of what is significant in any given year is the ECAR research agenda, which results in an array of products to help higher education leaders make better decisions about IT. While the most recent research studies and bulletins are accessible only to subscribers, ECAR key findings and roadmaps are freely available. In addition, nine major ECAR studies, 23 case studies, and 75 research bulletins are publicly available. In late 2005 and in 2006, major studies of practices and trends have been or will be released on the following topics:
- Academic analytics
- Student technology use and skills
- Security
- Identity management
- IT engagement in research
ECAR subscribers also receive three reports per year from the Burton Group on topics such as IT security, identity and access management, service oriented architecture, and others.7
EDUCAUSE Core Data Service
Among other findings accessible only to survey participants in the interactive database, the EDUCAUSE Core Data Service Fiscal Year 2004 Summary Report,8 published in September 2005, noted significant increases in the following:
- Outsourcing one or more IT functions
- Tracking and shaping bandwidth usage
- Deploying firewalls and other security-related practices
- Enabling wireless network access, VoIP, video over IP, enterprise directory, smart card, and Web services technologies
- Student computer ownership
- Launching a campus-negotiated service to provide online music and movies in response to illegal file sharing activities
- Supporting faculty in the use of IT in teaching and learning
- Implementing portals and integrating them with enterprise systems.
Gartner, Inc.
Gartner’s 2005 annual assessment of the “hype cycle” for higher education9 identified the following elevated and elevating phenomena:
On the Rise
- Converged personal device with campus network access
- Google library digitization project
- Automated digital copyright violation interception
- ID and access management
- Peer-to-peer for learning exchange
Climbing the Slope
- IP video for e-learning
- 802.11x on campus
- Enterprise portals
- Course management systems
At the Peak
- Web services for administrative applications
- Open-source e-learning applications
Growing by Degrees: Online Education in the United States, 2005
The third annual report of The Sloan Consortium10 summarized results of a survey of trends and challenges in online education faced by IT and academic leaders at a broad demographic of degree-granting institutions, including:
- Schools overall identifying online education as critical for their institutions’ long-term strategy increasing from 49 percent in 2003 to 56 percent in 2005, the largest increase being reported by associate’s institutions, which went from 58 to 72 percent in two years
- Overall headcount enrollment growth of 18.2 percent to 2.35 million students in online courses (defined as at least 80 percent of content delivered online)
- Chief academic officers (CAOs) generally claiming that it takes more effort to teach online but that it is no more difficult to assess the quality of online than face-to-face courses
- A consistent minority of CAOs believing that their faculty fully accept the value of online education (28 percent in 2003 and 31 percent in 2005)
The Horizon Report
The Horizon Report, an annual collaborative publication of the New Media Consortium and the EDUCAUSE Learning Initiative, identifies and describes emerging technologies likely to have major impacts on teaching, learning, and scholarship. The 2006 edition of the report11 identified six key trends supporting dynamic knowledge creation that is at once individualized, social, and collaborative:
- Social computing
- Personal broadcasting
- Mobile phones
- Educational gaming
- Augmented reality and enhanced visualization
- Context-aware environments and devices
2006 Demographic Similarities and Differences
The most interesting points of similarity and difference in the Current Issues Survey occur among various types and sizes of institutions. The survey tracks responses by control (public versus private); Carnegie classification; and enrollment size: small (fewer than 2,000 students), medium (2,000 to 7,999), medium-large (8,000 to 17,999), and large (18,000+). To simplify analysis we use four groupings based on Carnegie classifications: Doctoral/Research Universities Intensive and Doctoral/Research Universities Extensive are combined into Doctoral/Research; Master’s Colleges and Universities I and Master’s Colleges and Universities II are combined into Master’s; Baccalaureate Colleges–Liberal Arts, Baccalaureate Colleges–General, and Baccalaureate/Associate’s Colleges are combined into Baccalaureate; the fourth category is Associate’s Colleges (essentially community and other two-year colleges); and the fifth represents International (non-U.S.) institutions. Table 5 provides issue rankings by institution size and control and Table 6 by Carnegie and international classification.
Click image for larger view.
Click image for larger view.
Click image for larger view.
Click image for larger view.
Important to Resolve for Strategic Success
This question remains stable across institutions of all sizes, control, and Carnegie class, with five out of the top-ten issues considered important for strategic success appearing in nearly all demographics. The top three are the same for all:
- Administrative/ERP/Information Systems
- Funding IT
- Security and Identity Management
Two other issues appear in the top ten for all but one of the groups:
- Infrastructure (not for large schools)
- Strategic Planning (not for associate’s)
Issues critical for strategic success that appear for the first time or reappear after an absence of some years in particular demographics include Disaster Recovery/Business Continuity (small, public, associate’s, and international); Staffing/HR Management/Training (medium, associates); Research Support (large); Electronic Classrooms/Technology Buildings/Commons Facilities (large); Instructional/Course Management Systems (associate’s); and Distance Education/Virtual Universities (associate’s). One issue new to the survey this year, End-to-End Service Assurance, appears in the top-ten strategic issues for large schools.
Perhaps just as significant as issues appearing for the first time or reappearing in particular response demographics are issues that dropped completely out of the top ten in two or more groups: E-Learning/Distributed Teaching and Learning (small, doctoral/research); Instructional/Course Management Systems (small, large, doctoral/research); Electronic Classrooms/Technology Buildings/Commons Facilities (medium, public); Portals (medium, medium-large, public); and Strategic Planning (baccalaureate, associate’s).
Two demographic trends marked by a new appearance or disappearance from the top-ten strategic issues for certain groups are confirmed by rankings that went up or down by three or more positions in other groups: Disaster Recovery/Business Continuity (medium [+5], medium-large [+4], private [+6], master’s [+5], baccalaureate [+4]); and Strategic Planning (medium [-3], medium-large [-3], doctoral/research [-4], international [-5].
Expected to Increase in Significance
This category predicts the future. Four issues are in the top-ten list of issues expected to become even more significant in the coming year for all sizes, Carnegie classes, and public and private institutions:
- Administrative/ERP/Information Systems
- Disaster Recovery/Business Continuity
- Funding IT
- Security and Identity Management (ranked first for all groups)
Portals made the top-ten list for all of the demographic breakdowns except large and doctoral/research.
New issues expected to become more significant—led by Portfolio Development and Management (seven groups), Digital Records Management (four groups), and E-Learning/Distributed Teaching and Learning (four groups)—include
- Advanced Networking (large)
- Assessment/Benchmarking (small)
- Digital Records Management (medium-large, large, associate’s, international)
- Disaster Recovery/Business Continuity (small, public, master’s)
- E-Learning/Distributed Teaching and Learning (new, medium, public, associate’s)
- Electronic Classrooms/Technology Buildings/Commons Facilities (baccalaureate)
- Instructional/Course Management Systems (medium, medium-large, public)
- Legislative Compliance and Policy Development (private)
- Portfolio Development and Management (medium, large, private, public, doctoral/research, master’s, baccalaureate)
- Staffing/HR Management/Training (medium-large)
Issues that were expected to grow in importance for specific demographic groups in 2005 that do not appear in either this list or in those critical for strategic success in 2006 include
- Assessment/Benchmarking (large, public, master’s)
- Instructional/Course Management Systems (small, master’s)
- Staffing/HR Management/Training (large)
- Strategic Planning (associate’s)
- Support Services/Service Delivery Models (small, public, baccalaureate)
- Web Systems and Services (doctoral/research)
Challenges Demanding IT Administrators’ Time
The top IT leader’s role is fairly stable from one year to another, with Funding IT continuing as the number-one consuming issue at all but international institutions, whose leaders’ top issue is Governance, Organization, and Leadership. Following the top issue in this category, the most frequently cited, in descending order, are
- (tie) Administrative/ERP/Information Systems; Strategic Planning
- (tie) Governance, Organization, and Leadership; Security and Identity Management
- Infrastructure
Not surprisingly, given its dramatic appearance in the top-ten responses to all questions of the survey, the most frequently cited new top-ten issue demanding IT leaders’ time in 2006 is Disaster Recovery/Business Continuity (small, medium, large, private, doctoral/research, master’s, baccalaureate). Other new issues for CIOs in 2006 are
- Collaboration/Partnerships (public)
- E-Learning/Distributed Teaching and Learning (international)
- Electronic Classrooms/Technology Buildings (private)
- Emerging Technologies (medium-large, baccalaureate)
- Faculty Development, Support, and Training (private, associate’s)
- Policy Development and Legislative Compliance (associate’s)
The one issue that has disappeared from the greatest number of particular groups’ IT leaders’ top-ten issues is Legislative Compliance/Policy Development (medium, large, public, doctoral/research, master’s, international). Rather than stretch for or impose a trend on this change, we can see it most likely as a statistical consequence of the frequency of new instances of Disaster Recovery/Business Continuity in the top ten.
Interestingly, the issue of Collaboration/Partnerships—continuing for a second straight year for CIOs of large and doctoral/research institutions, and appearing for the first time for public CIOs—appears only in this category of the survey. This suggests that while it is not yet considered broadly critical for strategic success and does not consume significant resources, it has become important for IT leaders at large, public, research institutions.
Where Institutions Are Spending Their Resources
This category has been predictably stable at the top. From 2001 to 2006, colleges and universities have allocated the most human and financial resources in two areas: Administrative ERP/Information Systems, and Infrastructure. Resource-intensive areas continuing to appear in the top-ten for nearly all groups from last year include
- Electronic Classrooms/Technology Buildings/Commons Facilities
- Instructional/Course Management Systems
- Security and Identity Management
- Student Computing
- Support Services/Service Delivery Models
- Web Systems and Services
While there is a fair amount of stability in the top-ten expenditures across all demographic groups, in 2006 there are variations that reflect the different missions and expectations that IT leaders at certain types of institutions must support. Those areas tied to smaller subsets include
- Advanced Networking (large, doctoral/research)
- Data Administration (large, doctoral/research)
- E-Learning/Distributed Teaching and Learning (large, public, international)
- Faculty Development, Support, and Training (small, baccalaureate)
- Portals (medium-large, doctoral/research)
- Research Support (medium, doctoral/research)
One area that traditionally moves in and out of the resource-intensive top ten is Staffing/HR Management/Training. In 2006, this area is having a resurgence, appearing in nine of the 11 demographic groups, seven of which did not include it in 2005.
2006 Summary Observation
The most dramatic trend in the Current Issues Survey since last year has been the emergence of Disaster Recovery/Business Continuity, either for the first time or after a hiatus of some years, in three of the four categories: strategic importance, expected to become more important, and demanding IT leaders’ attention. Because this issue focuses principally on refining policies and planning, it does not appear among the top ten on the scale of those consuming the most human or financial resources. It is safe to predict that once contingency and backup plans have been tightened nationwide, following the natural disasters that struck southern and southeastern states, this issue will drop out of the top ten for most demographic groups, probably in one or two years.
The elevation of Security and Identity Management to the top spot among those issues critical to resolve for institutions’ strategic success caps a steady four-year rise through the top-five issues following 9/11. Whether it retains this ranking will depend on its relative perceived importance next to Funding IT and Administrative/ERP/Information Systems, which have dominated the top-two positions for the past six years. A related challenge that the Current Issues Committee has wrestled with the past two years is whether Security and Identity Management should be split into two distinct issues. Survey item stability over time is a factor that contends with the myriad policy and technology dimensions of these two concepts. The EDUCAUSE Identity Management Services Program,12 launched in 2005, is just one measure of the complexity and attention this aspect of the issue has engendered.
Hopefully this analysis of the 2006 Current Issues Survey and related resources on the EDUCAUSE 2006 Current Issues Web site (http://www.educause.edu/2006SurveyResources)—including links to the article, recommended readings, PowerPoint slides for campus presentations, and six-year trends tracked by the survey—will contribute to a better understanding of the broad context of IT-related issues and foster a community recognition that these issues are not just challenges for individual campuses but are prevalent throughout higher education.
Top-Ten Current Issues Defined13
What are the top-ten issues for 2006? Below, members of the Current Issues Committee describe the top-ten issues that IT leaders say are the most important for their institutions to resolve for strategic success (Question 1).
No. 1: Security and Identity Management
Institutions face a tenuous balance between the need to expand information access and the requirements to protect information assets from unauthorized and inappropriate use. Increased use of electronic information at higher education institutions has resulted in an expanding number of accounts, passwords, and other mechanisms to permit and limit access to these resources. Managing access to this expanding set of resources has itself created overhead and increases the likelihood that access to some of these resources may not be appropriate. At the same time, institutions are witnessing an expanding threat matrix—including viruses, spyware, phishing exploits, rootkits, and deliberate electronic break-ins and data theft—intense media scrutiny of security breaches, and an evolving legal and regulatory landscape. Antivirus and other security software that we support will always play an important role in security, but there is no such thing as software that makes the school secure. In response to these demands, institutions must establish and maintain comprehensive security policies and procedures and enforce these with technologies that support the efficient authentication, authorization, and auditing of information access. That’s the job of IT.
Institutions need to consider the following issues:
- How will your institution balance the need for security with the tradition of open networking? Will a more secure environment be viewed as intrusive or controlling?
- Are your policies up-to-date and enforceable? Do they reflect institutional priorities and strategies, legal regulations, and best practices? Do you maintain an information-security incident-response plan? An organization with a strong security infrastructure supported by policies may be the most secure.
- Do leaders recognize their roles as information stewards? Has your institution developed methods and procedures for classifying, handling, and disseminating information resources? Has your institution assessed its information, data, and services and classified these materials (for example, as public, confidential, or critical)?
- Do you have a strategy to manage digital identities? Does the existing system use a centralized repository, synchronization technologies, best practices, or open or pre-standard technologies? Do you intend to incorporate developing standards? How will you handle noncompliant systems? Have you reviewed/changed practices to minimize the risk of identity management problems caused by inadequate communication of personnel changes?
- Has your institution developed policies and identified or implemented appropriate technologies or partners to support electronic information exchange with external parties? What authentication, authorization, and transmission methods will be employed? How will you incorporate pending and new standards? Have you engaged all stakeholders in planning and decision making?
- Is your institution properly responding to regulatory issues, such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act? Have you taken sufficient measures to comply with these and other laws?
- Do you maintain a separate funding mechanism for information security? Have the number of security incidents and remedial costs during the past year led to increased funding for staffing and tools? Have these incidents highlighted the risks of under-investing in security?
- Do you have trained staff to undertake the job of security? Is there a chief information security officer or the equivalent to provide the leadership for and a focus on security? If so, do other campus units recognize this role?
- Is your institution actively managing the risk of identity theft and other privacy issues and risks? Have you planned or completed an IT risk assessment to identify and prioritize vulnerable areas and ways to mitigate potential risks? Have you assessed and limited the use of Social Security numbers and other identifying data? Has your institution taken a position on the ownership of identifying data maintained in its systems?
- Are physical and information security maintained independently? Are security and privacy maintained independently? Are you examining the alignment of these functions?
- Do you have an information security awareness and training program? Are institutional users aware of and implementing security measures (such as patches, firewalls, and tools or techniques to combat viruses, spyware, and phishing) to protect their systems, data, and identity?
- Does the infrastructure facilitate measures to improve security? Is your institution providing funding to facilitate and support such measures on a campus-wide basis?
- Does your institution have the systems, procedures, and policies in place to automatically push or quickly apply critical updates and patches?
- Have you employed multifactor authentication methods? Have you assessed the value and cost of multi-factor authentication with respect to individual systems and critical data?
- Do you continually review your security policies as if you haven’t developed those policies yet?
No. 2: Funding IT
For four of the past seven years, respondents to the Current Issues Survey ranked Funding IT as the number-one issue to resolve for the strategic success of their IT organizations and institutions. For the other three years, including this year, the issue was ranked number two, still one of the most challenging to settle. Although state spending on higher education increased during 200514 this year will be a year of “treading water” for most colleges and universities simply because non-IT demands (such as substantial increases for utilities) on the budgets of higher education institutions will increase.15
What can we do during times of flat or diminishing higher education budgets, when the annual costs for IT resources and services are increasing and there are competing demands for resources? Goldstein and Caruso16 found that the following four practices facilitate successful IT funding efforts:
- Aligning funding and institutional priorities
- Creating fiscal flexibility to support innovation
- Constructing and facilitating a structured and transparent IT budget process
- Making the CIO a member of the institution’s cabinet and budget committee
IT executives who are active and constructive participants in institutional planning and budgeting processes probably are more successful because they have frequent opportunities to discuss the strategic value of IT and realistic ways to fund high-priority IT needs. However, even if an IT executive isn’t a member of his or her institution’s senior leadership team, that person can create other opportunities (for example, an IT steering committee) to interact with stakeholders about the ability of the institution to achieve its strategic goals and objectives through technology.
Being realistic about IT funding when costs are increasing and budgets are not means that you will have to pursue ways to reduce costs and reallocate savings. Eliminating, reducing, or consolidating services may help. Creating collaborations among colleges and universities for shared services like disaster recovery is another potentially helpful strategy. A recent article in the Chronicle of Higher Education titled “Colleges Rely on Consortia, Contractors, and Ingenuity to Cut Costs” cited examples of other cost-cutting actions that are responses to the budget realities of today.17 The EDUCAUSE resource site on IT funding18 provides additional advice and insights about dealing with the challenge of funding IT.
No. 3: Administrative/ERP/Information Systems
Nearly 70 percent of all institutions responding to the most recent EDUCAUSE Core Data Service survey reported having implemented or being in the process of implementing an ERP system.19 In addition, the survey shows substantial commitment to other information systems that are not necessarily part of an ERP package, such as Web portals and course management systems.
ERP implementation has remained the top issue in taking the most human and/or financial resources for the past six years. Projects of this scope might take three years or more and demand large and sustainable investment and commitment by institutional and IT leadership, both throughout and after implementation. Some questions that need to be addressed when considering or implementing enterprise systems include the following:
- What are the mission-critical factors driving your institution’s position on enterprise systems? What service and process improvements are expected for successful implementation? Are there viable alternatives, such as enhancing existing systems?
- If a decision has been made to implement a new system, could you develop one in-house, or should you buy off the shelf? Given the complexity and maintenance challenges of integrated administrative systems, does building in-house remain a viable option, even for large IT divisions? If you are purchasing a commercial product, would you customize? If you are considering a software package of integrated systems, will the functionality of the package expand to accommodate integration of course management systems, portals, smart cards, and so forth?
- Is your institutional leadership committed to the decision and implementation? Will the decision survive changes in leadership and management? Will the implementation include participation by stakeholders from both technical and functional areas? How will their expectations be managed? Do you have a solid implementation plan? Does it include a communication plan to keep all constituencies informed and committed?
- Have you resolved data-ownership issues? Have you considered converting and/or archiving years of legacy data? Will you need a data warehousing system too?
- Does the new system fit your institution’s technical strategy at the back-end and network levels? Does the system align with preferred data-handling strategies, such as authentication, security, and privacy?
- Will your campus adapt its business processes to the best or effective practices configured in the enterprise solution to minimize or avoid customization? Have you identified and documented current processes and desired process improvements? Are the new functional and system requirements realistic? Will your institutional leadership support needed business process changes?
- Have you analyzed personnel needs, both in terms of staffing levels and available technical expertise, for adequate support before, during, and after implementation?
- Does your implementation partner have sufficient higher education experience, seasoned staff, and a proven track record? Have you considered or discussed knowledge transfer? Is your partner a leader in addressing challenges of higher education?
- Does your support plan identify the roles and responsibilities of technical, functional, and user groups? Does it include adequate training for system users before, during, and after implementation?
- Is your institution ready for the upgrades and changes that have happened during your implementation? Do you have sustainable resources to improve the system and keep up the users’ productivity in the new environment?
- If you have completed your implementation, does your institution get more timely and intuitive access to information, especially for strategic planning and decision making? Have reengineered processes improved operations and increased efficiency? Has the system improved services for students, faculty, staff, and administrators?
As institutions of higher education increase their focus on systematic approaches to excellence in performance, and as accreditation organizations adopt a continuous quality improvement philosophy, effective deployment of ERP systems will remain a strategic priority. The most recent EDUCAUSE Core Data Service survey shows an increase in completed ERP implementations, to nearly 44 percent. Current and future integration of ERPs and other administrative and management systems will facilitate new trends in knowledge-based decision making and collaboration among institutions and their constituents.
No. 4: Disaster Recovery/Business Continuity
For the first time in the history of the EDUCAUSE Current Issues Survey, Disaster Recovery/Business Continuity has been rated as one of the top five issues facing higher education CIOs. In the aftermath of Hurricanes Katrina and Rita, there is renewed emphasis on business continuity and disaster recovery services for institutional voice, data, and Internet systems. The CIO’s role is to mitigate the risks to the institution’s critical systems by ensuring that an IT disaster recovery and business continuity plan is documented, distributed, and readily available.
The cornerstones to any complete IT disaster recovery and business continuity plan are technology, people, and communications. A comprehensive plan must define the time-critical activities necessary during an emergency response and crisis coordination, as well as the longer-term protocols for business continuity and institutional resumption. It is an institutional insurance policy that can require substantial (and ongoing) financial and staffing commitment. Key items to address include the following:
- Conduct a risk evaluation and business impact analysis. Define and prioritize your mission-critical systems. What must be recovered immediately (within 24 hours)? What can wait (and how long)? What workarounds or alternative processes are acceptable in the near term?
- Identify your backup or recovery site. Several national vendors provide for offsite storage of mission-critical backup tapes, remote data centers, and temporary office locations. Also, consider co-sourcing or reciprocal agreements with other regional higher education institutions or nonprofits for facility and equipment use. Finally, develop a plan with your key hardware vendors to rapidly replace any damaged hardware or communication systems.
- Develop and document a communications and contact plan. The Internet can be a crucial external communications tool. Consider making this one of your first mission-critical systems to restore. Designate and equip a central command and communication center. Make sure you know who will be the primary spokesperson to respond to questions, as well as how information will be disseminated externally (openings, closings, temporary locations).
- Be wary of relying on wireless. Cellular circuits can quickly become overloaded and unavailable during a regional or national incident. At your centralized command and communication center, use a variety of communication links (Web, cellular, fax, landline, radio, and sticky-note bulletin boards). Even when cell phones stop communicating, pencils still work!
- Don’t forget about the people side of your institution. Do you know where your staff, faculty, and students are? Do you have a tracking or check-in system? Who is on your IT Emergency Response Team? How will you communicate with them? Do you need temporary offices, temporary classrooms, or temporary housing?
- Finally, document and distribute your plan (including hard copies for home and office). Test it, evaluate it, fix it, and retest it. Do this at least annually, as well as after major system or infrastructure upgrades.
No. 5: Faculty Development, Support, and Training
This year’s survey results indicate the overall importance of Faculty Development, Support, and Training—which ranked number five, up from number six last year—to institutional strategic success. From 2000–2005, the same issue averaged among the top five strategic concerns for small, medium, and private schools but not for larger and public institutions.20 This year’s Current Issues Survey results were similar when looking at institutional size and control, except that the issue of faculty development ranked fifth for public institutions as well as those in the private sector.
Several key trends identified in The Horizon Report, 2006 Edition impacting the teaching and learning environment include the pace of change in development of collaboration tools, interest in individualized computing experiences such as “personal broadcasting,” and the impact of mobile computing technology on potential delivery methods. Additionally, properly addressing intellectual property continues to be a challenge in the instructional technology arena. Among the critical issues identified in the report are the ongoing challenges to managing intellectual property, digital rights, and the digital assets themselves.21
Along with new technologies and changes in student expectations, what additional issues do IT organizations need to consider in providing comprehensive faculty support and training? Some to consider:
- How might we use newer delivery methods such as podcasts and wikis to provide information to faculty that has historically been delivered in more traditional ways?
- Can we provide a “digital asset repository” that can be contributed to and shared by faculty?
- How do we measure the success of our service offerings?
- Can we manage our organizational units in a way that creates a culture of flexibility in our services so that we can respond effectively and quickly to new opportunities?
- What is the role of the IT organization on this campus regarding integration of new technologies into teaching—driver, supporter, or somewhere in between?
- How do we identify the academic programs that will likely gain advantage by particular new technologies?
As new technology offerings are released and as student expectations increase along with them, it will undoubtedly remain a strategic challenge for our IT organizations to make these technologies available, usable, and scalable for faculty at our institutions.
No. 6: Infrastructure
Managing IT infrastructure in today’s higher education environment requires a careful balancing of cost, manageability, flexibility, stability, security, and performance. Institutions constantly strive to improve communications and services for students, faculty, alumni, staff, friends, and prospective members of the community. Expectations are high, and project delivery schedules become increasingly short at the same time that integration and security requirements become more complex. SLAs are a useful tool for establishing expectations and understanding the requirements of internal customers.
Institutions continue to view technologies as a competitive opportunity requiring the ability to adopt and adapt quickly. IT organizations must deploy the right combination of hardware, software, and services in a workable information architecture to facilitate the organization, storage, access, and maintenance of strategic information services and resources. As open source software and tools become more developed and community support becomes more solid, institutions must evaluate and monitor these applications to determine if and when to consider adoption.
Some things to consider when planning, maintaining, and upgrading your IT infrastructure include:
- Do you have and implement a replacement plan for servers, appliances, network devices, and other hardware? Do you negotiate prepaid or long-term maintenance agreements for hardware where appropriate? Have you carefully evaluated both lease and purchase options?
- Do you have good monitoring and benchmarking practices? Do your network and systems administrators have the tools and training to automate problem detection and notification? Do you have end-to-end component and service-level monitoring agents or tools in place? Are you monitoring and managing your institution’s network and Internet bandwidth requirements effectively? Do you perform trend analysis to assist with capacity and upgrade planning?
- Do you have built-in redundancy for your network and critical applications servers? Do you have the necessary test environments for use when upgrading hardware and software?
- Are you effectively managing the explosive requirement for systems and storage to support your institution’s growing information architecture? Do you have a plan to deal with the development and growth of more and larger data warehouses, institutional repositories, and digital collections?
- Does your institution have adequate planning, support, and funding to support the requirements of the research computing environment?
- Does your infrastructure planning account for the dynamic change and pace of policy/security needs initiated by the Communications Assistance for Law Enforcement Act (CALEA), the Cardholder Information Security Program (CISP), and so forth?
- Are you effectively meeting the current demand for both wired and wireless connectivity and infrastructure? If VoIP is in your immediate future, do you have adequate power and backup power sources in your data closets?
- Are you planning for and budgeting “environmental” upgrades? Do you know your power, generator, UPS, air-conditioning, floor-space, and fire-suppression requirements for the next three years or appropriate planning horizon?
- Do you have a tested disaster recovery and business continuity plan in place for critical applications? How do you determine an acceptable level of risk and the right level of investment?
No. 7: Strategic Planning
Respondents to this year’s Current Issues Survey placed strategic planning below high-visibility issues such as security and identity management, and between infrastructure and governance. Strategic planning is one of IT’s core responsibilities. Planning informs and builds confidence in IT’s ability to deliver services and programs to organizations. For most CIOs, strategic planning helps the organization forecast needs and look to the future. For this reason, strategic planning is one of the essential organizational artifacts of all IT organizations.
The importance of a well-articulated and practiced planning process is critical to the success of all major IT projects in the long term. Without a focus on the path to enabling collaboration, communication, and project management, strategic planning efforts result in faded artifacts stored in a binder on the shelf next to Scott Adams’s The Dilbert Principle. Important questions and issues about the process are used to establish a viable strategic plan and to guide the management of the IT enterprise. Strategic plans must be flexible and vetted to inform campus leaders about the near- and long-term value of IT type services (such as process analysis, change management, or project management). Planning is a critical tool for all CIOs who will be asked to “drive the costs out of IT,” while students continue to raise expectations for new services. Strategic planning issues include:
- What process models will you use to develop and vet your strategic planning process?
- Will you use consultants or in-source strategic planning?
- If you use consultants, will the organization use their methods to maintain planning within the IT culture after they leave?
- How will strategic planning inform decision making? At the cabinet or executive level? At the operational or tactical levels?
- What approaches will your organization use to articulate service or program success (for example, benchmarks, metrics, SLAs)?
- How will you maintain focus on strategic planning in an organization with varying planning cultures?
- What methods or approaches will you use to align future-oriented programs and services across the entire organization?
No. 8: Governance, Organization, and Leadership
Governance, organization, and leadership in IT play a critical role in successfully managing the other nine current issues. Without strong leadership and a visible role in the institution, IT may watch from the sidelines until there is a reason—such as a disaster—for involvement.
Critical questions for Governance, Organization, and Leadership include the following:
- The question of having “a seat at the table” inevitably occurs as part of the discussion of IT and organizational structure and relationships. Regardless of where the CIO reports, she or he should be an important player in the organization. Does the CIO regularly communicate with academic and administrative leadership? Does the CIO periodically meet with the provost and academic deans or attend department chair or faculty meetings? Does the CIO interact with the Faculty or Academic Senate by attending meetings to discuss current projects and direction? What is the relationship between the CIO and upper and mid-level managers of the institution? Building strong relationships and good communication across the institution builds both visibility and credibility.
- As the president of one university is fond of saying, “You have to make the main thing, the main thing.” This advice is particularly important for the role of IT in the organization. Can the CIO succinctly articulate the institution’s vision, mission, and goals? Is every member of the IT staff aware of these institutional foci as well? Was the IT strategic plan engineered to support the goals of the institutional plan? How can the CIO assure that all IT staff will understand their roles in the accomplishment of institutional priorities?
- Measuring effectiveness of IT functions is a critical role of the CIO. Has IT developed benchmarks? Do IT benchmarks reflect expected outcomes in meeting key goals of the IT strategic plan? Do benchmarks include both immediate and longer-term performance expectations? Are they realistic and reachable?
- IT advisory structures are designed to achieve synergies among interested constituent groups. How well does the institution’s advisory structure work? Is there sufficient faculty involvement? Is the charge of each subcommittee well defined? Do central IT staff and those from other units collaborate for the good of the institution?
- Developing IT’s future leaders must be done with purpose, not left to chance. Is there a mechanism to identify talented staff as potential leaders, mentor them, and provide them with opportunities to grow?
- As technology continues to evolve, we are faced with new generations of students and faculty with growing expectations for delivery of anytime, anywhere, always-on—oh, and by the way, secure—services. How do we structure IT organizations to be nimble enough to anticipate and respond to our customers’ changing needs? Traditional IT organizations tend to be dedicated to either academic or administrative computing activities. While there may still be a distinction, those lines are blurring, and a number of broad areas of service now span all users of technology. In particular, telecommunications and security provide the underpinnings for the entire information environment. Is the institution rethinking legacy organizational structures in favor of those more able to function in the emerging world of collaboration, integration, and digitization?
No. 9: E-Learning/Distributed Teaching and Learning
Increasing numbers of postsecondary schools are taking advantage of the wide range of available computing and communications technology capable of providing learning opportunities far beyond the time and place constraints of the traditional classroom. E-learning has emerged from an add-on to traditional education to a mission-critical component of the educational environment. While institutions have begun to address many issues surrounding e-learning, there are still challenges to address, including the following:
- How will the changing demographics of college students affect the delivery of education? How will e-learning respond to the integration of higher education, training, and work? Where will e-learning fit into the institution’s attempt to expand its outreach to new populations?
- How does the e-learning environment affect learning? What changes in the delivery of e-learning must be made to address science lab courses? How do we ensure that students learn what they have traditionally learned in laboratories through simulations provided through e-learning?
- How do we address different learning styles in e-learning courses? What new or different ways of learning can e-learning provide that are fundamentally unlike traditional methods? How do institutions ensure that online courses integrate accessible technology into their designs?
- How can e-learning be used to improve the quality of student learning, and how do we measure the effectiveness of e-learning? How do we build an assessment model for a variety of e-learning experiences, including on- and off-campus, fully online, and blended courses? How do we ensure that students remain engaged in an e-learning environment?
- What is the impact on attendance in hybrid courses as a result of faculty making course materials downloadable from the Internet?
- What support services are needed to assist faculty in identifying or developing high-quality materials for an e-learning environment? How do we prepare faculty in determining when and how to integrate new technologies into the educational experience? How do we reward faculty for the additional time and effort needed to develop e-learning experiences? Should faculty be required to change their teaching styles based on how students want to learn, or mold how they learn? How do we address the diverse technical competencies of our faculty?
- What impact does e-learning have on the cost of education to both the institution and the individual, and how can institutions leverage e-learning to reduce the rising cost of education in spite of the rising cost of technology? How does the institution promote and coordinate e-learning environments?
No. 10: Web Systems and Services
A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.22 Web services are a specific type of service oriented architecture (SOA), employing one or more of the standards-based technologies—SOAP (Simple Object Access Protocol), WSDL (Web Services Description Language), or UDDI (Universal Description Discovery and Integration). Web services represent second-generation use of the Web, automatically linking applications to applications. The ultimate vision is faster implementation and reduced maintenance costs through use of reusable components from multiple providers, plus improved end-user convenience and satisfaction.
Web services most commonly implemented today include integration with established internal applications, security, integration with existing external partners, Web content management, personalization, payment and billing, and order fulfillment.23 Access to silo data is a driving need. Amazon’s shopping cart system, eBay’s bidding system, Google Maps, and the FedEx tracking system are exemplary examples of Web services. Most importantly, they demonstrate organizational agility evidenced by fast response to customer needs and expectations. These businesses are directly driving the personal and academic expectations of students, faculty, and staff. The higher education sector, trailing the commercial sector in Web services implementation,24 is being challenged to meet these expectations.
Critical questions for Web Systems and Services include the following:
- What is the impact on IT planning of the increasingly blurred lines between infrastructure and applications? What does the resulting fusion of business and IT strategies mean for strategic planning, IT management, IT governance, and university effectiveness?
- Which new Web services and technologies will have significant impact in the higher education environment?
- Which small-scale, low-risk projects could serve as a proving and training ground, especially relevant in light of Gartner’s higher education sector prediction that Web services for administrative applications are heading toward the “Trough of Disillusionment”?25 (The “Trough of Disillusionment” follows problems with early implementations in the midst of over-inflated expectations.)
- What impact will a large inventory of Web services have on the infrastructure?
- Will Web services facilitate a shift from “leading with technology” to “leading with business processes”? How will IT grow business process integration skills among staff?
- Where can Web services best encourage business process changes that will be transformative for the institution? What is the role of the CIO in institutional transformation?
- What implications does “software as a service” have for higher education?
- Where can Web services provide new value to students, faculty, and staff, moving beyond wrapping legacy applications?
- What governance mechanisms need to be in place to guide and manage Web services implementation, foster reuse, and avoid duplication of services? What governance processes will facilitate a higher level of IT and client collaboration?
- Amazon’s shopping cart and eBay’s “provider-consumer matching” models may have applicability beyond commercial retail channels. Which commercial Web services models are applicable to higher education?
- Which security defenses will be effective in protecting Web services?
- Which technologies are needed to allow for the provision and consumption of Web services? For example, which technologies are required for RSS feeds?
As in past years, the 2006 Current Issues Survey shows that there are certain stable touchstones that define our most compelling issues over time, just as older issues are being surpassed or replaced by newer ones that now shape the technologies and services of the learning enterprise and figure more centrally in the institutional mission. These are surely signs of a robust and responsive profession.