The Consumerization of IT: Pendulum or Wrecking Ball?

The proliferation of consumer technology on campuses has created new challenges for IT departments. Will the pendulum swing back toward centralized IT, or is consumerization knocking down the old ways forever?


Illustration by Ryan Etter

Smartphones, affordable software, cloud computing, crowdsourcing, social media.... The burgeoning consumer-tech market is creating new challenges for higher education IT departments. As increased expectations of mobility and connectivity have students and faculty looking to consumer technology to meet their academic needs, IT must revamp operations and infrastructure to meet the demand, while keeping security risks and budgets in check.

Is the new consumer IT model here to stay? While some IT administrators hope that the pendulum will eventually swing back to centralized, institutionally controlled IT, experts warn that the drive toward consumerization will fundamentally change IT operations for good. CT spoke with Sheri Stahler, associate vice president for computer services at Temple University (PA); Ronald Danielson, vice provost for information services and CIO at Santa Clara University (CA); and Carol Smith, CIO of DePauw University (IN), to find out how their institutions are tackling the trend.

CAMPUS TECHNOLOGY: Do you see the consumerization of IT as something that needs to be contained and controlled, or as an inevitable evolution of the campus computing environment?

RONALD DANIELSON: We're far beyond the point where use of personally owned devices can be controlled. At SCU, we do try to contain it somewhat. For example, we require that staff accessing administrative systems from home do so from a university-owned computer, to minimize the chances of another user of that computer introducing malware.

CAROL SMITH: I see this as an evolution that we should embrace and that will provide many benefits, but how we take advantage of it will vary across the different areas of IT. Redirecting some of our focus to virtualized applications that students can run directly from their laptops, for example, has the potential to reduce the number of physical computer labs that we must maintain across campus. Understanding students' expectations about how they manage their schedules online, access their files and coursework, pay bills, or check their grades will shape the functionality that we build into our student information systems. By recognizing their needs and finding the most efficient ways to enable students to complete these types of "administrative" activities using their personal, mobile devices, we can help give them more time to focus on their academic lives--which is the core reason why they are on our campuses in the first place.

SHERI STAHLER: There are definitely concerns regarding security, but this trend is going to lead to a lot of innovation. The knowledge is out there, and when people can tap into collective knowledge so easily, that in itself leads to innovation. I've already seen a tremendous amount of creativity in how faculty and students use consumer tools to support their academic work. Plus, when you embrace this trend, you also eliminate silos both between IT and the academic departments, and among the academic departments themselves. When you are crowdsourcing and researching applications that have been used successfully in one discipline to see how they could be used in yours, those silos break down.

Virtual Consumers

Talk to an IT administrator long enough, and the conversation is sure to touch on virtualization and the cloud. And it's no coincidence that virtualization in higher ed has grown apace with the consumerization of campus IT.

"The two trends absolutely go hand in hand," remarks Sheri Stahler, associate vice president for computer services at Temple University (PA). "With virtualization, our users who rely on mobile devices or personal tablets or laptops become truly untethered. They can choose the device that works best for them, and access whatever they need, whenever they need it, as long as they meet the security requirements for the network."

In the consumerized IT environment, virtualization allows campus IT to be more effective in supporting the student academic experience. By establishing a virtual computer lab that students can access from their personal devices, for example, IT can reduce the number of physical computer labs it needs to maintain--and redirect that money and energy toward other projects.

"If students access the virtual computer lab on their own devices," explains Carol Smith, CIO of DePauw University (IN), "we can refocus our funding and staff time on things like managing the specialized applications that students need for their coursework and ensuring that they always have access to solid, reliable tools--tools that they don't need to learn how to manage themselves!"

In fact, virtualization has the potential to level the playing field in the consumerized tech environment. "By creating a virtual desktop that students can access on their personal devices," says Ron Danielson, vice provost for information services and CIO at Santa Clara University (CA), "we can expose students to software that they might not otherwise be able to afford, and provide capabilities that students and faculty need but their consumer devices either don't offer or offer poorly."

Extending virtualization to include internal cloud services creates a secure infrastructure for researchers, students, and faculty looking to utilize consumer web 2.0 tools and web-based applications. Temple University set up its internal cloud to provide a variety of configurations to end users, depending on their needs, reports Stahler.

"Our users can be a member of a greater server where they have access to a number of applications, like the Microsoft Office apps," she explains, "or, if a researcher relies on his own software but needs a way to host a WordPress site internally, we can provide an infrastructure that assures him that his site is secure and backed up. Researchers are very protective of their data, and the internal cloud allows them to use consumer technology in a secure way."

CT:How do you ensure the security of your campus network in a tech environment where users rely on personal devices, social networking software, apps, and other possibly vulnerable consumer IT products?

DANIELSON: IT professionals understand we can't "ensure" the security of our networks. We can only try to make the occurrence of a security problem less likely. We're at a juncture between keeping our current (relatively restrictive) security policies and making a large part of our client population very unhappy. And I think we're going to resolve this by accepting the risk of somewhat less security to make it easier for clients to use newer technologies that help them learn and do scholarship more effectively. We've started talking to our risk management people about what we're willing to let go and what we absolutely have to retain.

STAHLER: But policies, really, are a big component of network security now. We're constantly making sure our policies are up-to-date. Sometimes they're reactive rather than proactive, but when it comes to the use of consumer devices on the campus network, you have to have policies in place. What university information can users store locally? Or what happens if a device is stolen--can you wipe out the device's hard drive? What happens if personal information or sensitive data is leaked?

SMITH: We have a number of measures in place: secure-password policies; a data-encrypted, web-enabled administrative system; secure campus wireless; wired network to all campus offices, classrooms, and student dorm rooms; a secure LAN for shared network storage with encrypted VPN for off-campus access. We also provide antivirus software to all students for their personal laptops. Finally, we work hard to educate our campus clients about healthy and safe computing habits, perhaps most notably through our participation in National Cyber Security Awareness Month each October.

Related Reading

Blurring the Lines of Network Security
The consumerization of IT is blurring the lines of network security on campus. Learn how the University of Rhode Island is balancing network protection with a culture of openness.

CT: What is the role of central IT in this new computing environment?

SMITH: The role of the central IT department is to provide a sound, stable working environment that aligns with the mission of the institution. I'm not sure that our role has really changed because of this new computing environment, but the details and the day-to-day certainly have and continue to evolve. The IT department has to be able to balance solidity with flexibility to be most successful.

At the same time, while the core role may not have changed, some of the guiding principles that shape decision-making definitely have. In particular, the IT department has shifted from being the central entity on campus that provides and manages (i.e., "controls") all things IT to one whose most powerful function is to act as a connector and an enabler.

STAHLER: The key is recognizing this trend and making sure guidelines are put in place for social media use, for personal data, and for any factor that could compromise university assets. Protecting data has to be a university-wide priority.

The walls around our department have become much more permeable. Rather than putting blinders on and pretending that departments aren't setting up their own web servers, creating their own learning management systems, or relying on social networking and mobile apps, we need to know what's going on so we can figure out how best to support it.

At Temple, for example, every department and every researcher felt they needed their own server in front of them. In reality, those servers weren't backed up regularly and they weren't secure. In response, we created an internal cloud, so now there's a better option that's backed up regularly and undergoes routine random security checks. We specifically provided a number of cloud computing arrangements to match a wide variety of needs. We were able to provide the end users with a solution that would pay off for them in the long run. It's really about making the users better choosers.

DANIELSON: I agree. IT needs to be aware of what devices students, faculty, and staff are using on campus, what they're using them for, and what apps and services they're using. Then we need to get our staff using some subset of those devices so we know what benefits and concerns we're dealing with. There's not a lot of time after something gets introduced for us to do that (we had the first iPad network connection failure the morning it was introduced), so we have to be pretty agile.

CT: What effect does the consumerization of IT have on the tech budget?

SMITH: While it's doubtful that the consumerization trend will reduce overall expenses, it will definitely shift how we spend our budgets over time. In the future, for example, we will likely spend less on computer lab hardware and refocus those investments in areas such as virtualization, security, and even off-site cloud services. One key shift that we have already made is our transition from managing an on-site e-mail system to using Google Apps for Education [GAE]. As we were evaluating potential new e-mail systems, a big factor in our decision to adopt GAE was the fact that a large percentage of our students and faculty members were already familiar with Google e-mail through their own personal accounts.

DANIELSON: On our campus it's too soon to be able to say what the financial impact will be. There's the age-old hope that when everyone has mobile devices we won't need computer labs, but I currently see students sitting in our labs using our computers with their laptop open on the desk beside them, so I'm not counting on that.

I think it is clear that the wireless network now becomes much more important, and needs to be much more robust and able to handle many more clients pushing increasing volumes of data, and I suspect that will lead to a decline in the number of wired ports on campus over time. We put one wired port per two seats in the library that we opened over three years ago, and I wouldn't put any in at client seating if we were doing it today. Also, many of the services that people are accessing with these consumer devices are off campus, so the need for commodity internet capacity will go up faster than it otherwise would have.

Focusing on the Core

How does the trend toward consumerization affect IT strategic planning on campus? Carol Smith, CIO of DePauw University (IN), responds:

"We organize our work in the IT department around three main areas: maintaining the infrastructure, or what I call 'the stuff' (the network, devices, the ERP, desktop tools, etc.); supporting campus workflow such as learning, living, teaching, and administrative business processes (what people do with 'the stuff'); and creating points of connection between people and information. Using these broad organizers enables us to keep our focus on the core of what matters, while providing the flexibility to adapt to the changing landscape over time.

"Another thing to consider is the notion of 'core' versus 'critical' in deciding how to make IT investments. A critical system or service is one that the institution absolutely needs to have. If something doesn't make the 'critical' cut, then we probably don't even need to offer it and we set it aside. Once we know if something is critical, we determine whether it is core: If it is something that is unique or culturally specific to our institution--that only we can maintain--then it is core.

"This classification helps us decide how best to provide services. If a system or service is core, then we know that we need to maintain it. But if it is merely critical, then we should consider outsourced or cloud solutions, if they exist and are economically feasible.

"As an example, when evaluating new e-mail systems three years ago, we determined that, while having an institutionally branded e-mail account for each student was critical, hosting our own on-site system was not core. This shaped our decision to transition to Google Apps for Education. I could see this same method being useful in determining how or when to embrace particular 'consumeristic' IT elements that our clients bring to campus."

CT: What is your best piece of advice for campus tech administrators who are facing this challenge?

STAHLER: I was speaking at a conference on this topic recently, and I asked the audience--all higher ed IT people--how many of them think consumerization is just the pendulum swinging, as it does every couple of years, away from centralized IT, and that it would swing back toward centralized IT again. The majority of the people raised their hands. Wow...if you think that, you're going to be scrambling to catch up. I don't think we'll ever return to centralized IT. The network is going to be secure and centralized, but the devices? No. This "pendulum" is a wrecking ball. We need to adapt to it.

SMITH: And we need to listen. As campus technology administrators, we must balance what's important to keep the infrastructure reliable and secure with how much we let people do in order to accomplish their goals. To do that best, we must listen carefully to our constituents--in ways ranging from formal assessment to engagement with campus committees and informal dialogue with individuals across campus--so we can best gauge their needs. Then we can connect what we know about our own faculty and students with information from our external peers/colleagues and other larger studies in the field, to help us to understand where to focus resources.

DANIELSON: Study Zen. Consumerization is here now and will only increase in the future. There'll be some rough experiences, but we'll figure out a balance that's acceptable to everyone involved, and then we can move to the next crisis.

The Consumerization Gap

Do you know how many of your university's employees are using their personal smartphones for work purposes? In a 2011 IDC survey (sponsored by Unisys) of more than 3,000 workers and IT administrators in nine countries, only 34 percent of IT administrators reported that their organization's employees use personal smartphones to conduct business activities. In contrast, 63 percent of employee respondents reported using their personal smartphones for business purposes.

Similarly, while 13 percent of employee respondents reported using a tablet device for work, only 6 percent of IT respondents were aware of the tablet use.

In addition to highlighting the lack of awareness, the survey found a lag in technology adoption among IT organizations. When asked to rate their adoption and use of social networking applications and consumer devices for business purposes, 48 percent of responding IT workers considered their organizations to be "late adopters," while more than 60 percent of employee respondents considered themselves average-to-early adopters.

What's holding IT back? Among IT workers surveyed, the greatest barrier to enabling employees to use their own PCs and devices at work was security concerns, followed by the risk of viruses from social networks and challenges in developing corporate policies to support consumerization.

Featured