Research
Information Security No. 1 IT Issue for 2018
For the third year running, information security is topping the list of IT issues in higher education. The topic took the No. 1 spot in Educause's "Top 10 IT Issues and Strategic Technologies for 2018," announced last week at the organization's annual conference in Philadelphia.
New to the list this year was a focus on student-centeredness and student success; falling off the list were IT funding and next-generation learning environments, said Susan Grajek, Educause's vice president for communities and research. She explained that the list is generated through discussion sessions with two dozen IT leaders from a variety of campus types and sizes, who come up with a list of about 18 possible topics. Then the whole Educause membership is asked to vote on the themes. Here are the top 10 topics identified for 2018:
1) Information security. Developing a risk-based security strategy that keeps pace with security threats and challenges.
2) Student success. Managing the system implementations and integrations that support multiple student success initiatives.
3) Institution-wide IT strategy. Repositioning or reinforcing the role of IT leadership as an integral strategic partner of institutional leadership in achieving institutional missions.
4) Data-enabled institutional culture. Using business intelligence and analytics to inform the broad conversation and answer big questions.
5) Student-centered institution. Understanding and advancing technology's role in defining the student experience on campus (from applicants to alumni).
6) Higher education affordability. Balancing and rightsizing IT priorities and budget to support IT-enabled institutional efficiencies and innovations in the context of institutional funding realities.
7) IT staffing and organizational models. Ensuring adequate staffing capacity and staff retention in the face of retirements, new sourcing models, growing external competition, rising salaries and the demands of tech initiatives on both IT and non-IT staff.
8) (Tie) Data management and governance. Implementing effective institutional data governance practices.
8) (Tie) Digital integrations. Ensuring system interoperability, scalability and extensibility, as well as data integrity standards and governance, across multiple applications and platforms.
10) Change leadership. Helping constituents (including IT staff) adapt to the increasing pace of technology change.
At the Educause conference, a panel of IT leaders helped put the Top 10 list into context. On security issues, panelists were asked how they help their board of directors understand risk management.
Pat Schoknecht, assistant vice president and CIO at Rollins College (FL), said she has been able to have open conversations with the president and board about which risks the college is going to accept because they are too expensive to mitigate. "We review that annually and discuss new mitigation efforts and changes in funding to attack some of those."
She added that there has been less focus on the definition of privacy and why and whether you should collect data in the first place. Security is locking all that data down. "We have not been doing a good job of having that privacy discussion ahead of time," she said. "We've been saying let's collect everything and decide later about parameters."
Mark Roman, CIO at Simon Fraser University in Canada, said one key message to a board is that with data breaches, it is not if, but when it will happen to you. "But there are things we can do. We have to treat security like an investment. What risks are you willing to accept? We have to bring common sense to the equation and look at what is real and practical."
The conversation turned to creating a data-enabled institutional culture. Justin Sipher, vice president of libraries & information technology at St. Lawrence University (NY), said it is important to get one version of the truth shared between both enterprise and distributed IT groups.
"Unless you have a governance structure in place with clear definitions and data stewards, people tend to build their own sets of data because of a lack of trust."
Several panel members stressed the value of an enterprise data warehouse. Sipher noted that it is important to have functional users involved in the design of data repositories, rather than just developing it centrally and delivering it to people.
Simon Fraser's Roman added that he thinks it helps to find new ways to talk about central and distributed IT. "The enterprise IT organization and local IT are two sides of the same coin," he said. "If you change the language you use, you can change behaviors." CIOs should consider putting mechanisms in place for them to work together, and make local IT part of long-term strategic plans and have ways for staff to move between the two groups, he said.
Educause's Grajek asked the executives what steps IT leaders can take to make sure their organization is doing its part in student success initiatives. Vanessa Hammler Kenon, assistant vice provost for information technology at the University of Texas at San Antonio, said she gets IT employees, including programmers, together with students to give them a chance to hear the students' perspective. "We get out of the office and talk to students," she said. "For instance, we meet monthly with the student government association, and they bring amazing ideas."
Rollins' Schoknecht said she has focused on helping faculty work with student success systems. Academic computing or instructional design staffers specialize in helping incorporate technology into teaching, and they can help with student success, too. "Student success needs to be taught to faculty," she said. "The data that comes out of these systems tell us how faculty are interacting with students, and the pedagogy they are using. Instructional designers can help faculty improve course design around student success information."
When the panelists were asked by an audience member if they were surprised by any new items that made the list or any that fell off the list, Hammler Kenon said that despite the diversity in campus types and sizes involved, she was amazed at how much the issues they identified seemed to be the same. Roman noted that the list was focused on policy and management and not on particular technologies. "This is not a technology list. There is no mention of the cloud or MOOCs. You could always argue about one or two, but I think we got the right issues."
