Making Central and Departmental IT Work Together
Utah State wanted it all--both central systems for delivering shared services and the cooperation of departmental IT. Here's how it managed the challenge.
- By Dian Schaffhauser
- 07/19/12
The age-old tension between centralized and departmental IT on campus plays out at Utah State University, but CIO Eric Hawley has a philosophy about it that minimizes the struggles and exploits the advantages: He considers the staff in departmental IT "free labor."
Between 2006 and 2008, the university undertook a major IT reorganization, a topic Hawley reported on extensively in his doctorate dissertation. The retrenching was desperately needed at this institution with 32,000 students and faculty spread across 28 campus sites.
Prior to the reorg, IT was viewed with a great deal of dissatisfaction. "IT was a mess," is how one dean at the university expressed it. Every department and many faculty were making their own IT decisions, primarily as a result "of what I view as a very inept IT department that absolutely no one had any confidence or trust in," the dean reported.
Technologies were dated. Bandwidth was minimal. Staffing and infrastructure was inadequate. Decentralized or unit-based operations provided most of the overall IT support services, and as a result service levels were uneven. At one point, the institution even had more than 150 independently operated e-mail domains. Protection of sensitive information "was unknown," since it was shared across multiple systems managed by a multitude of technicians, each relying on personal preference for methods and platforms.
As Hawley wrote, "competition and distrust" drove wedges between staff, which resulted in "service duplication, lack of communication, and an inability to set and meet institutional IT-related policies, standards, best practices, goals, and objectives."
In 2006, Hawley took over as associate vice president for information technology, knowing he had a lot of work to do to unify Utah State's IT operations. (He was promoted to CIO in 2011.)
That restructuring encompassed a top-to-bottom assessment of IT employees and their skills, budgeting, processes, and practices; a major overhaul of core services, from e-mail, to directory management, to storage and wireless; expansion of externally provided services; and introduction of formal project management practices and service level agreement processes.
Yet, in the midst of the restructuring, the university didn't want to lose the positive aspects of having those departmental IT staffs. After all, they're the ones who tend to have the best understanding of a given department's unique needs. Plus, each department can fund the work that's needed to meet its individual goals, without having to worry about other institutional priorities taking precedence.
So the overhaul faced a challenge: How to keep the good aspects of departmental IT staffing and the goodwill of those staff members while still eliminating the bad--the duplication, the waste, the inefficiencies.
Bringing Unit IT in on Decisions
While the university IT leadership was intent on putting in place common central systems, its philosophy has been to engage with unit IT people at multiple levels. That started with the selection process for identifying, evaluating, and choosing the gear and software that would make up the central systems for delivering shared services. The thinking: By participating up front with major decisions, unit IT people were more likely to buy into the final choices.
Second, Hawley has found success in getting centralized and departmental IT to work together, by treating all IT people as if they're part of the same organization. That means giving them access to systems and distributing control. For example, at Utah State, those departmental IT people get access into Active Directory, the learning management system, device registration, Exchange, and other systems in order to handle administration work, such as bulk uploads and expirations of accounts for users in their departments. "We provide them the tools to do that, and then they're funding the labor," he explained. "We still get the benefit of the centralized system by distributing the trust."
That's an important point, he noted. "Most humans, if you put trust in them, will show trust back," he said. "If you give them access, they won't rebel and do their own thing, which is what we try to avoid, because that's where the duplication and the insecurity comes in."
Third, central IT doesn't force choices on departments. "You will lose that battle because there will be somebody outside your reporting line who doesn't have to deal with the CIO and will say, 'So what? We're going to do it on our way.'" When that happens, Hawley said, the institution will start seeing duplicated cost "and all those nightmares."
Ensuring a Level of Compliance
The result isn't a free-for-all, Hawley insisted. The expectation is that members of that external staff "have to behave responsively."
To maintain a measure of structure, the university has constructed tightly controlled security zones through access control lists and limiting scope: Administrators only have control over what they truly need access to. As Hawley pointed out, the use of "good security and security zones applies much as the central group as it does to decentralized groups." Even a central IT system administrator with root access doesn't use that for administrative work. "They use a different account where they only manage their team or their areas," he said.
Also, IT holds regular coordination meetings on upgrades to software and hardware. "If you get access, you have an obligation to participate in the growth, feature development, and management of the system," Hawley said. "And therefore you are required to attend and participate in the development groups." If someone doesn't show up to team meetings or specific system meeting discussions regularly, then his access to manage his own users expires, Hawley added.
If central IT hasn't seen a departmental person in a quarter, "we're knocking on your door and finding out why," he said.
Although management of administration duties is currently a manual process that relies on "human and social means," the central IT department is considering use of a product such as ServiceNow to help with change management. That in turn would enable the automation of certain processes, such as allocation of administrative controls.
Why Wouldn't You Use Shared Services?
By allowing participatory management, making departmental use of the central IT systems free or "cheap," and providing the same kind of access and control to unit IT people as they would have if they were running a given system separately, Utah State has virtually eliminated the potential pain points of centralized IT. Reception among departments has been positive: "You don't have the hardware and software expense and [IT] can support people instead of servers and wires--and isn't this fabulous? There's no reason why somebody shouldn't do that." Hawley compares the shared services mentality to the free storage service Dropbox: "Hey, it's free! Why wouldn't you use Dropbox?"
Since implementing centralized services that truly are shared with departmental staff, central IT has seen the ranks of decentralized staff shrink. Currently, there are about 20 people in that role, but many previous unit IT staff members have moved to central IT by mutual agreement. "As we move to the cloud, there's plenty to do in IT," Hawley observed.
Users, the customers of those IT services, have been won over too--including that dean who called IT on campus "a mess." After the dust from the restructuring had settled, the dean told Hawley, "I have never seen a change so great or so effective in the short amount of time it took to reorganize central IT. I'm a believer and a supporter."