By Khalil Yazdi, Consulting CIO and Principal, Yazdi and Associates, LLC
For Research and Education (R&E) institutions, the role of technology has traditionally been about enabling student success and facilitating faculty research and scholarship – and of course, effective and efficient operational management of our campuses. In a moment of frank reflection, I think that many of my CIO colleagues would admit that the major investments in now legacy, but at the time, transformative IT deployments over the past two or three decades are now boat-anchors that impede our ability to move with agility to new, better and more cost-effective solutions.
“CIO is responsible for developing a balanced portfolio of technology assets that optimize value towards the institution's teaching and research mission”
HiED is unique in that of necessity, campuses include many forms of services directly to students and faculty and spawn the use of numerous diverse technologies that speak to both individual ‘consumer’ uses as well as enterprise level roll-up and deployment.
The proliferation of cloud services is forcing the CIO and central/enterprise IT into a role of IT asset management—where the CIO is responsible for developing a balanced portfolio of technology assets that optimize value towards the institution's teaching and research mission, reduce institution's the overall risk (legal, business and security) while juggling the total budgetary impact of IT spend. In attempting to optimize their institutionally focused portfolio of technology assets, higher education CIOs must find ways to extract value from legacy investments in both technology and the prevailing culture of technology use. Different from most commercial enterprises, the campus CIO does not have the ability to prescriptively deploy services and is highly dependent on the widely varying expectations and desires of campus constituencies–particularly students and faculty.
In attempting to better position themselves, CIOs from the HiED community came together in 2010 to establish and express to cloud service providers a consistent set of expectations around business, legal, and security terms as well as providing guidance on commonly acceptable technical integration requirements, particularly on identity management and to leverage community assets such as the Internet2 R&E Network and community developed middleware. This initiative represents a sea-change in how decisions around technology acquisition are approached and describes a new pathway for the R&E community to engage with service providers at scale.
Whether for on premise or external cloud services, data security keeps all of us up at night. a CIO's professional career can be significantly and adversely impacted on by any form of security failure. The challenge of course is the relative immaturity of our collective understanding of how best to balance the distribution of responsibility for security failures and how far is far enough when it comes to investments in and payments for security protections. In particular, R&E institutions have to strike a rather delicate balance between a protecting institutional constituencies and maintaining a healthy creative and academically open environment for discovery and learning–areas where risk tolerances and failure rates are often high.
The financial sustainability of legacy technology offerings is another major area of concern. We likely passed the sustainability threshold at the beginning of this decade. We are keeping the lights on, but as the spread between cost-effective cloud solutions and legacy on-premise solutions continues to grow, the increasing opportunity cost of continuing inefficient solutions makes CIOs appear insensitive and apologists for technology stacks that out of date. With successive budget cuts to HiED over the past two-three decades, further exaggerated during the global recession, there is simply not enough money available to fund continuing operations of legacy systems–and even funding the transition to new technologies is increasingly out of reach. I have often heard the counter that ‘… we don’t need to fix what is not broken…’, but that ignores the reality that no one would seriously consider implementing legacy technologies if the slate were wiped clean.
The 'high-anxiety' nightmare scenario for HiED CIOs is the political and budgetary battle over retaining the legacy mindset of highly customized solutions in the face of multi-tenant, shared services and the associated requirement for standardization. CIOs are being asked to make the argument that decades of painfully arrived at idiosyncratic processes and practices have no describable value in improving educational outcomes, that there is no research or business value in differentiation based on how an IT service is provisioned, and that the inefficiencies and distractions such empty differentiation cause are damaging to our institutions.
To meaningfully migrate ourselves out of confluence of concerns over security and the politics of change, it is essential to cultivate and foster greater collaboration between and among institutions and service providers. We simply cannot afford the financial costs of bad outcomes–and simply put, neither side of the market can afford to work without the benefit of the other party's ability to mitigate against unknown (and unanticipated) risk. Service providers to HiED need to hear consistent messages from our community and that means the research and education sector needs to develop a more consistent and coherent voice. The consequences of failing to do so effectively and at the right scale are frankly quite concerning.