IT Management | Feature
Going Behind IT's Back
In an era of consumer IT, faculty and staff are increasingly deploying their own technology solutions, which is fine--except when it comes to data management.
- By Dian Schaffhauser
Illustration by Dave Cutler
The pendulum of technology control in higher education has swung away from central IT toward the users. It has become easier for individuals and departments to find their own computing solutions via mobile apps, the cloud, BYOD, web services, and other means. As a result, IT can often find itself out of the loop in certain technology decisions.
The consumerization of IT, as this shift has become known, is simply the latest form of "shadow IT." While it adds some new twists, the questions are the same: When people deploy solutions without the knowledge or help of IT, how much should IT get involved in supporting those tech operations? How far should IT go in clamping down on rogue behavior? And, in the face of diminished control over technology decision-making, just what is the role of IT on campus?
IT in the Shadows
At Philadelphia's Temple University (PA), shadow IT typically becomes known only when a problem surfaces, observes Sheri Stahler, associate vice president for academic computing and client services.
On the student side, it might be a dorm resident who plugs an access point or a hub into a port in order to convert a single wired connection into multiple wireless connections (a practice specifically banned by IT). Or it might be students participating in online, multiplayer games who are inundated by denial-of-service attacks from other players. Both scenarios would wreak havoc on the network and be time-consuming to identify and fix.
On the faculty and staff side, instructors might set up their own learning management systems because they can't stand the one preferred by the university--and then they want single sign-on, which requires integration with the campus identity access management system. Or somebody might put up a website built by an off-campus vendor, only to discover that the site's not ADA-compliant. Or a faculty member might download confidential information for the purposes of research, and then lose the laptop--putting the institution into legal jeopardy with a data breach.
At other schools, shadow IT may be a result of decentralization. In those environments, departments and schools build up their own IT operations to pursue their own priorities.
Yet Timothy Chester, who joined the University of Georgia as chief information officer in late 2011, didn't waste his first 16 months "rooting out decentralized systems that were duplicative or redundant." That would be a fool's errand in such a "strongly decentralized culture," he suggests. The approach he prefers: Figure out better ways of doing things and let these solutions sell themselves. "We're having a moderate amount of success bringing people together around some central, shared services," says Chester. He's being modest: His CIO role at UGA was recently elevated to vice president level.
Hired initially to implement new administrative systems, Chester has succeeded in moving forward on additional projects in the areas of security, mobile, web, and research computing--all by reallocating existing resources. These initiatives, he says, will enable IT to be more supportive of users in a bring-your-own/do-your-own environment, which is really what the university's users want right now.
The Need for Data Controls
Supporting users' tech preferences isn't the same as giving them carte blanche to run amok with technology in all forms, however. Where shadow IT becomes especially problematic is in the arena of data management. In many areas, universities need a single authoritative source of data, and that data needs to be protected for the sake of confidentiality, regulatory compliance, business continuity, equipment failure, and disaster recovery.
"When it comes down to administrative information about students, student progress toward degrees, employee information, faculty productivity--things like that--we've absolutely got to have standardized, authoritative information," says Chester.
Problems surface when a unit decides that the central administrative system doesn't meet its business-process needs, so it builds an alternate system. Frequently, the department, school, or college will request data feeds from the central system to use in its own application. What can happen, Chester points out, "is that you then lose control over who actually has the authoritative data." That's when shadow IT "becomes less than helpful."
For example, if a unit builds its own system to track critical information such as student degree completion, that data set becomes a silo that no longer integrates with campuswide systems. "Now, at the university level, we can't develop any type of alerting or dashboarding around a student's progress, and we can't build any approaches toward intervention if that student's progress isn't what it should be," Chester notes. "In a world that's driven by data and analytics, we need authoritative information, and authoritative information is driven by standardization."
To counter the tendency to decentralize data, UGA is embarking on a multiyear, multimillion-dollar, university-wide project to replace its aging legacy systems and databases. In their place will be a technology platform that integrates new Banner software to support numerous administrative functions, including admissions, registration, financial aid, student accounts, and academic records. ConnectUGA, as the initiative is named, provides the interface to that single trusted version of student records.
ConnectUGA wouldn't succeed if shadow systems maintained control over their respective slices of user data. So UGA is bringing them into the fold with some shared governance. The university is running several cross-functional working groups to develop data standards and other matters of policy. At the same time, a shared-project charter--not the IT organization--has laid out "pretty critically that we're moving away from departmental-level shadow systems," says Chester. "That's tougher to do than say sometimes," he acknowledges. "It can be a day-to-day negotiation as the team helps offices think about new ways they can conduct their business."
Data is also a category where IT and its users may be able to find "common ground" and learn to work together, says Temple's Stahler, if only because the cooperation will be mandated by outside forces. Many is the time Stahler has discovered that "big-time researchers, very protective of the research," are keeping their data on no-name drives stashed under their desks where it gets kicked, "or they'll have it in a closet that overheats." They've outfitted themselves with storage on the cheap, because it gives them the illusion of keeping down equipment expenses that have to come out of their grants.
To prevent this tendency on the part of some researchers, the National Science Foundation, the National Institutes of Health, and other funders are forcing their grant recipients to create and follow a data-management plan as part of the requirements. "You need to say how you're protecting the data," Stahler explains. Working with the libraries, which are "expert in anything to do with storage, curation, and data," IT can become a partner in helping researchers make smarter data-management decisions.
The Power of Influence
In spite of the obvious problems that surface with shadow IT, Stahler recognizes that it's "how people solve problems." As an example, she cites the use of crowdsourcing and mobile apps: "Faculty will go to sites where they feel comfortable. They find out from their peers if there's a solution or something they can use--the same with bring-your-own-device. People don't think, 'Is that going to be a problem, or is that a secure device?'"
Stahler is mostly fine with that. "I don't want faculty, staff, or students to be dependent on IT," she declares. "A lot of IT folks don't think that way [because] they're so used to fixing things. And then if somebody needs something again, [IT will] wait for the person to ask them again. I want to have it so IT is transparent."
That transparency needs to take the form of coordination, not control, advises Daryl Plummer, a managing vice president at Gartner. "That means you have to guide people by giving them the right information before they make the decision, to be ready to support them without taking over what they do."
As an IT organization matures and shifts from a provider of transaction services to a more strategic role in the institution, users will be less likely to work in the shadows and more likely to use IT in an advisory capacity. IT becomes influential.
That's not the same as wielding ultimate authority, suggests Chester. "Credibility drives your ability to have that kind of influence. That credibility isn't driven by title or offices or reporting relationships. It comes from the type of impacts and the types of relationships you have day to day. It's not easy. Many times, it's more difficult than you would like it to be. There's an awful lot of give and take. But, at the same time, it's the right way to go about it. It really is relationship management."
5 Ways to Bring IT Out of the Shadows
1) Talk to your users. "Find out what your users are doing," advises Timothy Chester, VP for IT at the University of Georgia. "Find out about the day-in-the-life of your average 19-year-old. Talk to a lot of them. Watch a lot of them. Then, from that knowledge, develop a sense of how they value services as opposed to what you think works best for them. Once you get a good sense of that, you're in a much better position to think about where you might add value."
2) Learn how to ask the right questions. "The end users will probably have very good solutions," says Sheri Stahler, associate vice president for academic computing and client services at Temple University (PA). "They may be reluctant to tell you because they're not technical." The key is to ask questions about what users envision without bringing technology into the conversation at all. Because users know their business, "a lot of times what they suggest is the right thing."
3) Choose your superpowers. Sometimes IT's perception of its service-delivery strengths doesn't match up with user views. Stepping up delivery at UGA, notes Chester, "required us to make some choices about where we were actually going to focus." The rest of the work can be farmed out. Such decisions should lead to service improvements and "delivering value in a way that is actually pretty consistent with the way your end users define value."
4) Add value as a broker. IT can maintain its involvement in departmental operations by being a "broker," says Daryl Plummer, a managing vice president at Gartner. In consultant-speak, that's the role that handles aggregation, integration, governance, service billing, and pricing. For example, notes Plummer, IT might market its services by saying: "We can do all these things across a lot of services that you can't do as a single business user." Instead of clamping down on a department's independent efforts, he adds, "think about coordinating how they do what they want to do."
5) Take on the role of liaison. Noting how common silos are in higher ed, Stahler points out that IT can bring individual schools, colleges, and departments together to share their experiences and spark new ideas. "Somebody might be doing something really interesting with iPads or mobile devices in recreational therapy that somebody in the business school would not even think would apply to him." She believes it's IT's responsibility to act as a liaison to share cool ideas across disciplines. "Then they'll really learn."