Top 10 IT Issues, 2019: The Student Genome Project

"Three profoundly destabilizing scientific ideas ricochet through the twentieth century, trisecting it into three unequal parts: the atom, the byte, the gene. . . . Each begins its life as a rather abstract scientific concept but grows to invade multiple human discourses—thereby transforming culture, society, politics, and language. But the most crucial parallel between the three ideas, by far, is conceptual: each represents the irreducible unit—the building block, the basic organizational unit—of a larger whole: the atom, of matter; the byte (or "bit"), of digitized information; the gene, of heredity and biological information. . . . Matter, information, and biology are inherently hierarchically organized: understanding that smallest part is crucial to understanding the whole."

—Siddhartha Mukherjee, The Gene: An Intimate History (2016)

Reflect, for a moment, on the early days of genomics. In 2003, the Human Genome Project was officially completed, having sequenced approximately 3 billion base pairs of DNA across 20,500 genes in the 23 human chromosomes 13 years after it began. An international consortium of scientists from 20 universities and research centers participated.¹ The project's immediate contribution to science was descriptive: it cataloged the informational basis of heredity. What started out as a mapping expedition has today taken on broad and deep dimensions hardly realized in the early years. Its ultimate impact on science, medicine, culture, society, and politics is still unfolding and accelerating. At least 15 million people have paid consumer-based genetic services such as 23andMe and Ancestry to learn their personal genome.² Precision medicine, an emergent discipline, is combining genetic data with environmental and lifestyle data to prevent and treat diseases. Scientists are exploring, and the public is eagerly learning about, the genetic basis not only of appearance and diseases but also of behavioral and even what we once considered attitudinal characteristics. Even our political propensities may have genetic determinants.³ With tools like CRISPR, scientists have moved beyond prediction to manipulation, editing genes with the hope of preventing diseases and disorders. Our ability to use genetics is outpacing our ability to understand the ethical issues of knowing, using, and manipulating genes, let alone establish controls to safeguard individuals.

Now consider technology, analytics, artificial intelligence (AI), and their impact on higher education. In 2019, after a decade of preparing, colleges and universities stand on a threshold, eager to enter a new era of using technology to unlock our ability to apply data to advancing our missions. That threshold is similar to the one that science faced in the late 20th century: eager to begin using technology to put genetic information to use. New and continually increasing computational power has given us innovative, though initially blunt, tools. We have a growing belief in the value and power of data to understand root causes and improve advice, decisions, and outcomes. We are eager and impatient to use student data to improve students' experiences and outcomes and to use institutional data to make education affordable and our institutions sustainable. Yet our sector faces a daunting preliminary task: we must understand the component parts (find the data, clean it, standardize it, safeguard it); integrate and manage those parts; and find the right tools for these tasks. Just as the big challenge facing genetics in the 1990s was foundational, so is the big challenge that confronts higher education and technology today. After almost a decade of attention and effort, we find ourselves still at the beginning of the data journey—needing to, in effect, "sequence" the data before we can apply it with any reliability or precision.

Thus it is perhaps not surprising that almost all of the EDUCAUSE 2019 Top 10 IT Issues⁴ address the data challenges confronting our institutions. In higher education as in science, understanding the "smallest part" is critical so that we can achieve our larger mission. In 2019 we are focused on organizing, standardizing, and safeguarding data so that we can use it to address our most pressing priority: student success. And so, we have dubbed the 2019 Top 10 IT Issues the "Student Genome Project."

These ten issues cluster into three themes:

• Empowered Students: In the drive to improve student outcomes, institutional leaders are increasingly focused on individual students: their life circumstances and their entire academic journey. Leaders are relying on analytics and technology to make progress in retention, persistence, and other student outcomes.
• Trusted Data: This is the foundational work of the Student Genome Project, where the "sequencing" is taking place. Institutional leaders are collecting, securing, integrating, organizing, standardizing, and safeguarding data and preparing the institution to use data meaningfully and ethically.
• 21st-Century Business Strategies: Institutional leaders are addressing today's funding challenges and preparing for tomorrow's more competitive ecosystem. With technology embedded into teaching and learning, research, and business operations, it must be embedded into the overall institutional strategy and business model as well.

Empowered Students

Two issues directly reference the applications of technology to students' outcomes and experiences:

#2. Student Success: Serving as a trusted partner with other campus units to drive and achieve student success initiatives

#4. Student-Centered Institution: Understanding and advancing technology's role in optimizing the student experience (from applicants to alumni)

As institutions embrace their responsibility for student success, they are powering up to better address that responsibility and are also empowering students to control their own educational journeys. Institutions are looking closely at the drivers of retention, persistence, and completion. This is leading to a focus on the student as a person rather than a persona, as well as to a focus on all the areas and services that touch students. Student success is not only about learning success; it is also about degree planning success, registration success, financial aid success, transportation success, childcare success, and more.

Technology has many contributions to make, predominantly in applying data to understand challenges and issues and to foster action based on that understanding. Analytics initiatives focused on student success abound. As institutions gain experience, they are simultaneously developing exciting new insights, encountering the hard limits of a data-centric approach, and moving on to tackle more difficult challenges and more ambitious targets.

Institutions are also using technology to improve the entire student experience. Work is now focused on reengineering processes to be more efficient, redesigning services to be more intuitive and effective for students, and revitalizing technology to meet students' expectations. Almost every part of the institution may be involved.

Throughout this exciting work, institutions are recognizing an enduring truth: technology may be necessary, but it is not sufficient to achieve desired outcomes. Technology generates change, and change requires at least as much attention as technology if an initiative is to succeed. As institutions become more student-centered, technology initiatives are prioritizing not only institutional functionality and outcomes but also students' experiences with institutional services and students' outcomes.

Trusted Data

Half of the Top 10 IT Issues directly involve data, along with the many challenges and opportunities it affords:

#1. Information Security Strategy: Developing a risk-based security strategy that effectively detects, responds to, and prevents security threats and challenges

#3. Privacy: Safeguarding institutional constituents' privacy rights and maintaining accountability for protecting all types of restricted data

#5. Digital Integrations: Ensuring system interoperability, scalability, and extensibility, as well as data integrity, security, standards, and governance, across multiple applications and platforms

#6. Data-Enabled Institution: Taking a service-based approach to data and analytics to reskill, retool, and reshape a culture to be adept at data-enabled decision-making

#8. Data Management and Governance: Implementing effective institutional data-governance practices and organizational structures

We must map the student genome. We must trust and understand our data to apply it, for without data, we are blind.

Some of the work is tactical and technical. Projects are under way to develop shared, consistent data definitions and sources and to integrate those sources across many systems and, often, across competing versions. Much of the work is strategic and political. Technical silos are easier to bridge than organizational silos. Stakeholders must agree on data definitions and definitive, trusted sources. They must acknowledge the precedence of the institution over the department if the goal is to become a data-enabled institution.

The most difficult work is cultural. Cultures are social constructs that link, transcend, and outlast individuals. People are difficult to change, cultures even more so. Applying data to decision-making requires entirely new ways of making decisions, of working, of thinking. Doing so requires culture change, and that calls for leadership, a coalition, empathy, and grit.

Data privacy is newly on the list, and no wonder. Institutions are scrambling to interpret and comply with the European Union's General Data Protection Regulation (GDPR), which contains new requirements for data collection, processing, and use. The state of California quickly followed with its California Consumer Privacy Act (CCPA), and support for a comprehensive US federal privacy law appears to be gaining traction. Millions of people have been appalled by revelations of exactly how much end-user data Facebook collects, how it has used this data to manipulate online experiences, and how it has exposed this data to third parties. This type of data use is not new, but it is newly salient. Privacy vulnerability is the dark side of collecting and using the increasing types and amounts of student data.

And then there is the issue of security. Again. Still. For several years, security has been not just on the EDUCAUSE Top 10 IT Issues list but has topped the list. Data can be trusted only if it is secured. Security threats adapt to and overcome existing protections, requiring continual monitoring and ongoing investments. Security is a risk that will never be fully prevented, but it can be managed.

21st-Century Business Strategies

Three of this year's Top 10 issues relate to the role of technology in institutional funding and strategy:

#7. Sustainable Funding: Developing funding models that can maintain quality and accommodate both new needs and the growing use of IT services in an era of increasing budget constraints

#9. Integrative CIO: Repositioning or reinforcing the role of IT leadership as an integral strategic partner of institutional leadership in supporting institutional missions

#10. Higher Education Affordability: Aligning IT organizations' priorities and resources with institutional priorities and resources to achieve a sustainable future

No organization can survive without a viable business model, and no business model can thrive in the 21st century without technology. The effective and cost-efficient use of technology solutions is a critical success factor in achieving institutional goals and objectives and is a major source of costs and value. Institutions that sideline IT leadership or that silo funding are implicitly choosing to emphasize costs at the expense of value.

The emphasis here is on alignment between the IT and institutional missions and areas. Alignment needs to be bidirectional. IT leaders can no longer set priorities without understanding institutional priorities and timelines. Similarly, academic or administrative leaders should avoid independently setting technology-dependent priorities and investments. Even department-level choices ripple throughout the institution now, as data and systems are increasingly integrated and entangled. An integrative CIO who is a respected and engaged partner can make all the difference in helping institutional areas use technology effectively and embrace collaboration.

IT funding models have also evolved during this century. Savvy CIOs and CBOs are revising IT funding models to accommodate continuing shifts to the cloud, other outsourced IT options, and shared services. They are also adopting increasingly mature IT financial management practices that recognize the need to invest in IT innovation and growth to best serve the institution.

Next Steps

Taken alone, the Top 10 IT Issues are a set of challenges and tactics. There is so much to do, but where do we start?

Step back, discern the themes, and see the big picture, the big challenge. Through the Student Genome Project, higher education can empower students, can understand data well enough to harness it and use technology to the greatest effect, and can adopt the business strategies that a 21st-century enterprise needs to succeed.

Issue #1: Information Security Strategy

Developing a risk-based security strategy that effectively detects, responds to, and prevents security threats and challenges

Mark Askren, Tammy Clark, Joel Cooper, and Cheryl Washington

Securing our institutional data and systems is an extremely high priority. Threats are escalating. We need to accelerate our efforts to integrate security into all aspects of our IT strategy and operations. An effective information security strategy will employ a risk-focused, multilayered strategy to secure the institution. This takes a village—everyone needs to be involved. It is not the job of only the IT organization or the chief information security officer (CISO). If each of us does our part, we will be able to make much more progress securing our institutions.

Risk is the key word. These are not minor risks. Information security is often ranked in the upper-right quadrant on institutional risk maps. A major breach can significantly damage the institution's reputation and financial health.

Who Outside the IT Department Should Care Most About This Issue?

• The president, legal counsel, boards, CFO, and others who will be in the line of sight. When the cameras show up, the people in charge will care. They also have the wherewithal to mitigate risks before bad things happen.
• Data stewards, who are responsible for collecting, maintaining, and reporting in regard to the personal information of staff, faculty, or students, who need to be concerned about any risks to the information they collect, and who take concrete measures to work with information security teams to preserve and protect it

The Misconceptions

• Technology solutions are sufficient to address security risks and threats. (When institutions look to technical solutions to address risks and threats, the key roles that people and business processes play may be underestimated. Any individual can cause a major breach, and that means information security is everyone's business.)
• For IT staff, security is an add-on to their real work. (Security needs to be embedded in ongoing IT planning and operations.)
• Security is expensive and time-consuming only when an institution is breached. (Every dollar and hour spent on security comes at the expense of making progress in other areas. Spending money for ongoing overhead is still the better choice, because it costs a lot more to deal with a breach than to incorporate best practices.)

The Pitfalls

• Lack of active leadership support for information security initiatives will slow efforts to enlist the attention of the entire institution. As key influencers on the campus, presidents, provosts, vice presidents, and deans must be willing to advocate for information security program investments, standards, requirements, and guidelines.
• An institution can feel that its information security is good enough because it hasn't seen any problems lately. That can be a really false impression. The absence of major incidents doesn't mean the institution can stop, slow, or disinvest in its information security programs. In fact, since some breaches may go undetected for years, almost the opposite should be done: intensifying and investing more in these programs.

The Opportunity

Institutions that can most successfully maintain an effective risk-based security strategy will avoid significant damages to their finances, funding, and reputation. They are more trustworthy. That trust yields benefits with alumni and donors, parents and students, and granting agencies. These institutions are at a competitive advantage for research grant funding in this area or for grants where security is extremely important due to the nature of the data involved. Resources not spent on breaches will have been put to better use.

Advice

To get started:

• Join higher education's security communities of practice, most notably the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) and EDUCAUSE's Cybersecurity Program, led by the Higher Education Information Security Council (HEISC). Various consortia also have smaller, more targeted communities of practice. Although higher education and other industries are combatting many similar security problems, higher education practitioners are more often willing to share information, including the details of our most sensitive incidents, so each of us can learn from the other.
• Make information security someone's responsibility to ensure accountability, even if that is a part-time role. If you are that person, partner with another institution and/or CISO to learn and leverage effective best practices. Forge a partnership with someone whom you can call for help and advice when you're struggling. It is more effective than trying to figure things out on your own. These problems get really big, really fast.

To develop further:

• Form partnerships with key individuals, stakeholders, and decision makers who are outside of security and outside of the IT organization and can help you advance your strategy. The institution as a whole has to recognize the importance of information security. Part of the growth of the IT security program involves getting the message out.
• Evaluate whether there are better or more efficient practices or systems, based on the current state-of-the-art. Turn to HEISC resources to assess your progress and determine where your gaps are, so that you can put attention in the right areas to develop a comprehensive and risk-based approach in building your information security program.
• Adopt industry frameworks that outline requirements and best practices to help with compliance (e.g., PCI, HIPAA, Red Flags Rule, GLBA, FERPA).

To optimize:

• Get a third-party audit or assessment at least annually to evaluate controls and help determine if there are any gaps. Consider a peer review if that's an option.
• Use your established network. Don't limit the view. Don't focus only on what is happening in higher education; we can learn a lot from the corporate sector and other areas.
• Give back to the community. Tell your story, and tell it often.

Ecosystem Opportunities

The role of higher education consortia in advancing information security strategies has been invaluable and needs to continue to expand and evolve to support the changing landscape. HEISC, REN-ISAC, OmniSOC, and other groups bring everyone's best thinking and leading practices to the security challenges. Higher education will benefit most from these groups when we prioritize risk and address the most pressing issues first. We are too big, diverse, and complex to solve all of our security challenges.

Higher education is investing in cloud technologies, requiring strong partnerships between vendors and technology staff at institutions, as well as careful evaluations of controls in place to protect data. The Higher Education Cloud Vendor Assessment Tool is helpful here. Another good step is enlisting consortia and security organizations to build expertise and develop guidelines for securely setting up and managing resources in Microsoft Azure, Google, AWS, and other cloud providers.

Issue #2: Student Success

Serving as a trusted partner with other campus units to drive and achieve student success initiatives

John Campbell and Joel Hartman

The topic of student success has become much more prominent in the last few years due to a combination of issues: (a) performance-based funding by state legislators; (b) increased focus from governing boards and parents; (c) national initiatives around student success, including those from foundations and others; and (d) institutions realizing it's the right thing to do and beginning to focus their efforts around increasing students' persistence and graduation rates. The entire process of helping students succeed is mediated by technology, and the IT organization must be a partner in providing solutions to ensure that students progress successfully through the institution.

Student success is what higher education is all about. We are here to teach and prepare our students to be successful in the world. As we look at this issue—whether from the perspective of funding, of technology, or of external forces—ultimately our core mission is preparing our students.

Who Outside the IT Department Should Care Most About This Issue?

• The provost and the president/chancellor or the board, because (a) they need to focus people's attention in a way that gets them working together, cohesively, to accomplish results in a reasonable period of time and (b) this is often how types of institutions across a state are being distinguished from each other
• Departments that focus on student life or student success. Members of these departments certainly care, but if they are held solely responsible, the effort is unlikely to succeed. Student success initiatives generally require those in multiple areas—faculty, advisors, students, course designers, admissions—to act cohesively and move in concert.
• Faculty members, who are on the academic front lines and often in the best position to know when a student needs support and to reach out when a student may be at academic risk

The Misconceptions

• These are initiatives that you start and finish. (These initiatives are social experiments that can run for decades—if not beyond. The challenges are complex and recursive: What data comes from what sources used by what people to make what decisions within what timeframe for what results?)
• Student success is one area's responsibility. (The complexities of these problems require a variety of people's input and efforts to ensure that all stakeholders are rowing in the same direction. Without that input and effort, institutions will not make the type of gains currently expected. This need for convergence provides the opportunity for the IT organization to be the campus integrator.)
• Student success is the student's problem. (Institutions that take a personal approach and help individual students directly—such as by helping students who forgot to fill out their financial aid or register for a class—can advance student success when life or the institution get in the way.)

The Pitfalls

• Bad data drives bad decisions, and this is an area where you do not want to make bad decisions. Data also needs to be unlocked. Too often, progress can be inhibited by those who think it is their job to protect their data from being used by anyone else.
• Institutional leaders need to shift their thinking and focus on individualized and predictive approaches to head off student risk. They must engineer failure out of the system.
• We cannot allow student success projects to turn everything into a number. It is tempting, but dangerous, to assume that the numbers provide sufficient guidance to drive action while we forget the people behind the numbers.
• Privacy and ethics can be endangered. When faculty or advisors are shown some data that identifies a student as high risk, will they redouble their efforts to help the student, or might they dismiss that student as a lost cause? Institutions need to be careful about what they collect, how they use it, who sees it, and what they do with it, and they need to maintain a level of personal privacy.

The Opportunity

Retention of students is critical to the future of the college or university, due to the projected decrease in numbers of high school graduates over the next ten years. Institutions that succeed in graduating their students will be the ones that survive.

An institution that excels in change management undergoes a transformation that opens up other possibilities. These institutions are the ones that can codify success and apply it to other challenges. Institutions that achieve a level of proficiency are also the ones best equipped to conduct a deep analysis on the ROI in terms of loss/gain not only for themselves but also in society.

Finally, institutions that excel with student success can contribute to pure and applied research in this area and perhaps introduce a new branch or field of study.

Advice

To get started:

• Take a first step, and find a piece of the student success process to focus on. Too often, institutions or units are looking for the magic bullet or the ultimate piece of software that will solve all of the institution's ills. But sometimes it is best to start simply with a spreadsheet, with a confined set of issues or problems.
• Remember that every student is a unique individual. Student success is not really one thing: what helps one student succeed may not help another student succeed. A lot of companies sell platforms that absorb the institution's data and provide dashboards to help identify next steps. But institutions that have taken a true case management approach to student success go beyond the data to try to understand each student's problem: no babysitter, no parking, no job, no availability to meet at the class time, etc. Institutions that have excelled at student success have taken a holistic view of students—one not limited to the data or academic factors—and have organized around a "whatever it takes" strategy.

To develop further:

• Be aware that a lot of fascinating projects are taking place at small and large institutions as well as community colleges throughout the country and the world. Engage with individual institutions that have innovative student success initiatives, particularly with those that are looking at more qualitative types of data, rather than just the traditional quantitative data.
• Embrace the understanding that student success initiatives are generation-long initiatives that will never achieve 100 percent. If you're at 60 percent, aim for 70 percent, and if you're at 85 percent, strive for 90 percent. The higher the targets for student success and graduation rates, the harder it will be to get to the next step.

To optimize:

• Focus on sustainability so that the project's momentum isn't hampered if the institution loses a couple of key people. Step back to determine long-term sustainability; invest in people within the organization so that the institution can continue to grow if turnover does occur.
• Continue to communicate with those at your level to learn about the next ideas and breakthroughs. Saddle up for the long term. It is going to take not just years—but sometimes decades and beyond—to get the institution where it needs to be.

Ecosystem Opportunities

There are multiple ecosystems. At the national level is an ecosystem involving funding agencies, research dollars for studies, and projects with institutions and consortia that are doing things and have information to share. Some consortia want institutions to join; others will invite institutions to join; and still others offer benefits from sharing information with them. Corporate solution providers, like EAB and Starfish by Hobsons, have established collaboratives that many institutions find invaluable. Longitudinal consortia are new and promising. The Central Florida Education Ecosystem Database (CFEED) consists of two major K–12 systems, Valencia College, and the University of Central Florida. It is building a cloud-based data lake and analytical tools, with the goal of understanding what enables students to pass seamlessly through these systems to degree attainment.

Issue #3: Privacy

Safeguarding institutional constituents' privacy rights and maintaining accountability for protecting all types of restricted data

Merri Beth Lavagnino and Jerry Slezak

Privacy is about properly handling personally identifiable information that institutions collect, create, store, share, use, and dispose of. Privacy affects everyone. Without sensitive personal information, institutions can't register students, hire staff, conduct research, and complete their organizational missions. Understanding what data is being collected and how and where it is being used is central to discerning the institution's role in safeguarding this information.

Who Outside the IT Department Should Care Most About This Issue?

• The general counsel, who needs to advise on privacy from the legal perspective to ensure constituents are complying with privacy requirements, especially when new laws and regulations are enacted (e.g., GDPR and CCPA)
• Data stewards, who must be integrally involved in the management of the privacy of the data and information under their control
• Departments and individuals who use sensitive, personal information to accomplish their work (e.g., researchers, registrars, financial areas, clinical operations, international services, and human resources), because they need to handle the information correctly
• The library, which has a particular concern and sensitivity about the privacy of its patrons, including both internal and external people who use library resources for sometimes very sensitive topics or personal needs

The Misconceptions

• Privacy and security are the same thing. (People's first thoughts about privacy revolve around protection and security. They think privacy means we need to encrypt something. But there is more to privacy than security. Privacy encompasses respecting individuals' wishes on how they want their data to be used. One example is whether to use "opt in" or "opt out" when communicating to people. Whenever possible, you should allow constituents to choose what communications they want to receive. Just because they provided an email address for one purpose does not mean they agree to its use for another purpose.)
• The reason to care about privacy is to comply with legal regulations. (While legal compliance is important, the way an institution treats its constituents' privacy can influence its reputation. If people think the institution handles their information respectfully, they will be more inclined to interact with the institution and trust it with their personal data.)

The Pitfalls

• Starting too ambitiously or too narrowly can be equally risky. Institutions that try to make progress on many fronts at once can become overwhelmed and unable to move forward at all. On the other hand, focusing on just one thing can blind you to all the other privacy risks to the institution, including the worst risk of all: the breach of a major central system (like the ERP), in which a preponderance of the institution's sensitive data resides.
• The "free" services available to students and faculty to use in their teaching, learning, research, and scholarship, as well as hobby and common-interest sites outside education, can present a big risk to the privacy of institutional data. Free products are not free. Some revenue stream is being generated, and it usually stems from harvesting the data that users provide about themselves, intentionally or inadvertently.
• If research data about people's behavior via the internet, web tools, or social media isn't handled carefully, it can impede researchers' ability to continue doing research in that area. This is something IRBs (institutional review boards) can and generally do watch out for now.

The Opportunity

The institutions that excel will mostly likely be those that have decided to manage their information as an asset, mirroring the attention paid today to equipment asset management. Whose information is it, what is it, and where is it? Institutions that answer those questions will operate more efficiently and securely.

Institutions that excel will have empowered and educated students to make privacy-related decisions about the collection and use of their personal information. This is quite an achievement, since we are trying to produce citizens who participate in their world, government, and communities and who know how to manage their data and their privacy.

Another opportunity for institutions is building privacy into curricula (e.g., law, information security, business, and public policy programs) to produce professional experts who understand privacy and can elevate the stature of privacy within professions.

Advice

To get started:

• Assign a person the role of working on this issue and give them the time to devote to privacy. Ideally, the privacy lead (who may or may not have the title of chief privacy officer) will not be someone whose other responsibilities involve ongoing operational firefighting, because privacy will end up being the last thing on their list.
• Lay the groundwork for a comprehensive program, rather than addressing compliance with individual laws one by one. Develop the resources and pathways for helping the institutional community understand and resolve privacy issues generally, so that one strategy can address most compliance obligations.

To develop further:

• Inventory where you are, using a self-assessment tool or an external expert. Assess your program's maturity in each area of activity. Work with stakeholders throughout the institution to identify and prioritize the gaps, and then begin to address the biggest risks. Current common risk gaps include the recent GDPR and CCPA data-protection laws.
• Involve the entire institution by helping people understand their personal privacy issues. Relate institutional privacy requirements to how employees would want their own data handled. Celebrate the annual Data Privacy Day on January 28. Hold a cryptoparty to generate momentum.⁵

To optimize:

• Elevate responsibility for privacy to leadership levels and broaden it across the institution. Establish an institutional privacy committee or council that includes all the major players involved in the privacy effort.
• Move beyond a focus on compliance. When stakeholders throughout the institution are involved, they will view privacy more broadly and see opportunities to distinguish the institution's privacy management, whether with research, community engagement, human resources, or student data.

Ecosystem Opportunities

EDUCAUSE is taking steps to support the privacy community. The Privacy Community Group is a useful forum for discussion, cooperation, and learning. The EDUCAUSE Security Professionals Conference now has a dedicated privacy track.

Issue #4: Student-Centered Institution

Understanding and advancing technology's role in optimizing the student experience (from applicants to alumni)

Tammy Clark, Carlos Morales, and Jerry Slezak

The student is higher education's raison d'être. That means we have to ensure that the institution is student-ready, rather than expecting students to be college-ready. Processes involving students—including admissions, scheduling, classes, and advising—should prioritize the experience and outcomes of the student, rather than the staff person who is delivering that service. Yet all stakeholders, not only students, benefit from a student-centric approach.

Technology plays a key role throughout the student life cycle. Institutional processes associated with navigating students' requirements are not necessarily intuitive and often require students to understand administrative jargon, navigate an institutional maze, and use a number of technology solutions. Technology can amplify or ameliorate those complexities. If the technologies used to attract, admit, enroll, and retain students are not effective or prove too difficult to access or use, students may select another institution to attend.

Who Outside the IT Department Should Care Most About This Issue?

• Institutional leaders, because when an institution can apply technology to optimize the student experience, it is affordably creating the necessary conditions for students to be successful. Enrollment and retention will improve, and performance-based funding will be easier to maximize.
• Academic affairs, student services, counseling, and marketing staff and alumni, who are the facilitators of a student's desires to attain higher education credentials. Their expertise and commitment are paramount to achieve tracking, progression and completion solutions that keep students—current and past—appraised at all times.

The Misconceptions

• This is an IT-centric issue. (Many campus organizations serve students and manage technology solutions they use.)
• The IT organization is a marginal contributor. (When student-facing areas do not seek to partner with the IT organization, technology solutions may not be easily accessible or user-friendly and may not integrate well with the institution's enterprise systems.)
• Focusing on one element—for example, providing a lot of advising—is the right approach. (Optimizing the student experience should be an integrated strategy that includes advising and counseling students, aligning schedules for progression, engaging faculty through human resources, and more. All units of the institution need to be rowing in the same direction.)

The Pitfalls

• Starting the work without a thoughtful and inclusive planning stage can lead to costly misses. Involve as many people as possible early in the game instead of later on. You will still need to add new stakeholders along the way, switching institutional people and experts in and out to make their contributions as the conversation changes, so you should both plan ahead and retain fluidity as the work progresses.
• If even a single department serving students provides a suboptimal technology experience, that can have an effect on overall enrollment and retention levels. Often the culprit is a legacy on-premises student information system that is not particularly user-friendly and does not provide students with an easy way to track their degree requirements.
• The role of the IT organization is as an advising partner. IT organizations that are unable to effectively collaborate and partner with campus service departments can negatively affect the student experience.

The Opportunity

Institutions that can use technology effectively to optimize the student experience are giving back to the community. Public institutions can provide good return for their taxpayers, and all higher education institutions will benefit society, by increasing completion and progression rates and reducing the skills gap in both local and national workforces.

Taking a life-cycle student-centered approach will develop processes that extend across multiple departments. Breaking down some of the well-constructed departmental silos enables constituents to walk in each other's shoes and leads to cooperation that can generate new improvements and efficiencies. The transformation benefits not only the students but the institutional leaders and campus departments as well.

Advice

To get started:

• Involve as many people from the institution as possible to ensure that your approach is comprehensive and student-ready.
• Partner across the institution to evaluate the technology solutions that are currently in place and to help campus departments modernize their approach to providing students with technology solutions that are easy to access, user-friendly, modern/mobile, and reliable. Many legacy solutions may not allow campus departments to improve the services and features they provide for students or to meet federal technology accessibility requirements.
• Look for root causes for common issues. Simply rewording an email may eliminate a lot of incidents.

To develop further:

• Incorporate the transformation of the student experience into the institution's strategic plan. Be sure the plan includes more than just technology solutions.
• Include multiple goals, and identify champions throughout the institution to focus on achieving those goals. Commission multidisciplinary, institution-wide advisory panels of faculty and staff, and empower them to drive the agenda to deliver and complete the objectives.

To optimize:

• Renew the plan every two, three, or five years to accommodate inevitable shifts in focus.
• Seek help from others, even if you could be considered a leader in the field. There is always someone who knows a little bit more than you do and is one or two steps ahead.
• Collaborate with key constituencies across the institution. Doing so often results in synergies that can have a transforming and positive effect on students. Partnering enables the IT organization leaders to gauge the potential impacts of their decisions in configuring and designing solutions to ensure that they meet the needs of other campus areas as well.

Ecosystem Opportunities

Ongoing initiatives (e.g., Complete College America, Completion by Design, Achieving the Dream, and the AACC Pathways Project) have various strategies for shaping and increasing the focus on the student-centered institution. IT leaders should be aware of these initiatives and study their concepts and approaches to determine whether to pursue one of them.

Issue #5: Digital Integrations

Ensuring system interoperability, scalability, and extensibility, as well as data integrity, security, standards, and governance, across multiple applications and platforms

Michael Gower and Joel Hartman

Many years ago, institutional IT systems were simpler. Colleges and universities would build a monolithic ERP system, pour the data in, and expect everyone to use it. Today, with the proliferation of cloud applications and emerging applications in the research and academic space, many more applications are contending for data, requiring data sharing and data integration across platforms. A monolithic strategy is no longer practical. Digital integration is becoming more prominent in institutions due to the need to securely interconnect systems to avoid data duplication. IT organizations must ensure the integrity, security, and governance of the data in these disparate but interdependent applications.

Who Outside the IT Department Should Care Most About This Issue?

• Senior leadership, because as application acquisition becomes increasingly a departmental rather than centralized function, the risks and costs are understood and tracked less and are potentially higher. Data integration requires a different way of approaching how systems connect securely and how the institution addresses contractual and security issues across different, disparate vendors and repositories.
• The constituents—students, faculty, external parties—because they are contributing their (often highly sensitive) data and depending on us to give them the right kind of information at the right time and place. Digital integration is not just an IT organization issue; it is an institutional responsibility.

The Misconceptions

• It is easy and fast to buy, deploy, and integrate an application. (Vendors may mean well when they assure you that an application can integrate with the institution's ERP or SIS, but institutional buyers should perform due diligence by consulting internally with IT, IR, and other key experts before acting.)
• The IT organization can set the timelines. (IT staff need to adapt to changing expectations by streamlining processes and investing in new integration products to expedite their work.)
• What happens in departments stays in departments. (Even stand-alone applications may require a security review. Applications with data that needs to integrate with institutional applications require more than that. Both types of applications introduce into the enterprise architecture new levels of complexity and risk that are not sufficiently understood.)

The Pitfalls

• Focusing only on the actual system integration work can lead to thinking too narrowly about the problem. Key components include vendor management to leverage contract terms and prices, data flows and architectures, and a process to govern the priorities and policies related to application acquisition.
• Jumping directly into the technology integration without establishing governance, enterprise architecture, and controls in advance can lead to misunderstandings and disagreements among stakeholders.

The Opportunity

Institutions that have established good practices, policies, and processes for digital integrations will have reduced the friction in their departmental and institutional technology investments. That friction adds time and money and detracts from the end product. Lack of coordination and governance also increases the likelihood of "hidden," internally developed, undocumented, and unmaintained applications. The related technical debt adds yet more friction. The more friction is reduced, the better the projects, the outcomes, and the results will be.

Advice

To get started:

• Find institutions that are already managing and integrating their digital assets effectively, learn what they do, and determine whether you can borrow those concepts and practices. User groups and various forums are important sources of advice.
• Learn how many applications throughout your institution maintain and require data in the ERP and other core institutional applications. The problem is likely more complex than you know. It's time to start digging.

To develop further:

• Introduce controls and governance to avoid proliferation of customer-relationship management systems (CRMs) and other tools that are delivering redundant functionality at multiplicative costs and complexity. Similarly, develop core processes for procurement and contracts, information security, and integration tools and techniques.
• Continue to participate in and learn from user groups and consortia. Start to share back with institutions that are just getting started.

To optimize:

• Keep in mind that the tools to do the data integration are becoming more sophisticated and thus are easier to use. The Learning Tools Interoperability (LTI) protocol supports plug-in apps in the learning management system, for example. In the application-integration phase, tools like MuleSoft and SnapLogic are moving to a zero-code interface, using instead a Visio-like interface. These kinds of tools enable lower-level staff to build these interfaces, which previously required higher-paid programmers.
• Make sure that someone is continuing to focus on digital integrations and is optimizing tools, processes, practices, and controls. This challenge will be with us for some time to come. It will require constant attention and ongoing refinement.

Ecosystem Opportunities

The commonalities of applications used across institutions are likely to be greater than might be imagined. Institutions that share common core application architectures (e.g., those using an Oracle financial cloud system) might take collective or coordinated action to facilitate and share practices and solutions.

All the challenges with digital integrations can be helped or addressed through scale because each institution covers the same territory by itself and does the work by itself: buying the tools, conducting the training, and so on. These are things that might benefit from larger-scale activity. For example, consortium-based contracts for products and training and vendor risk-management contractual documents can be shared across institutions. Doing so would take a lot of the grunt work out of this process.

Many institutions have strong partnerships across leadership areas, such as between the IT and the IR departments or between the IT and the finance/administration departments. Those leaders understand the collaboration and shared leadership that needs to occur, and they can influence the entire ecosystem by collectively cultivating partnerships among professional associations (e.g., AIR, AGB, NACUBO, AAU, ACE, and EDUCAUSE). Such partnerships can stimulate the national conversations and collaborations that need to occur and provide visible exemplars to inspire and guide leaders at other institutions.

Issue #6: Data-Enabled Institution

Taking a service-based approach to data and analytics to reskill, retool, and reshape a culture to be adept at data-enabled decision-making

John Campbell, Colleen Carmean, and Chris Gill

As colleges and universities adapt to a rapidly changing future, the ability to make effective decisions may well distinguish those that navigate change successfully from those that don't. We live in a world awash with data, yet many institutional leaders struggle to convert data into decisive and informed action. Without access to timely, accurate, and relevant data at the right time, leaders will not be able to make successful decisions. Applying data more rigorously and expansively to decision-making requires that technology and data professionals possess new skills. Institutions need professionals who are adept at discovery, pattern matching, and searching for the data inside the problem.

Higher education also has a programmatic opportunity. Analytics, AI, and machine learning are creating new jobs and disciplines.⁶ Technology's impact on the needs of the impending workforce means that college and university programs have the potential for dramatic change.

Who Outside the IT Department Should Care Most About This Issue?

• Presidents, provosts, and boards, because they need to have the right data to develop strategies in response to rapid changes in higher education
• Deans and department chairs, particularly those in academic programs that are struggling with curriculum management, scheduling, classroom capacity, low-enrollment courses, and bottleneck courses. Data is at the core of academic programming and student academic success.
• Advising, student success, and retention offices. As the issues around student success become more critical at institutions, units will need to have near-real-time information on student progress and will also need to share the actions they've taken.

The Misconceptions

• To become data-enabled, an institution needs a tool. (A data and analytics mindset needs to be built into the institutional culture. Today's stories must be rooted in data, not anecdote and what didn't work ten to twenty years ago.)
• Institutions should adhere to their long, unchanging traditions. (Many institutions are proud that they still do things the same way they did one hundred years ago. But cultures and traditions must work for today's students, not those who enrolled one hundred or even ten years ago.)
• Institutions need to gather all the data before making a decision. (Institutions will evolve in their use and application of data. Analytics allows us to thin-slice data and move on small insights. We must not enter into a "frozen" moment, where we wait to act until all data is in one place.)

The Pitfalls

• The need to build relationships and trust can be underestimated. Honest interactions will help you avoid bad decisions based on bad interpretations of the data. These interactions will also allow a fuller view of the data.
• Institutions may have data silos and data hoarders. The data in those areas needs to become available for institutional use.
• "Analysis paralysis" can be a very real challenge to effective decision-making. The data-driven institution should remain focused on driving action.

The Opportunity

Many leaders have watched peer institutions close or merge or have seen other institutions dramatically change their business model. The difference between perhaps not surviving at all and thriving rests on the ability to make data-grounded—instead of intuition- or personality-based—decisions. Data is our most important asset; developing our potential to use it must be among our highest priorities.

Advice

To get started:

• Don't reinvent the wheel. Look to the best practices and implementations of your aspirational and most successful peer institutions. Talk with peers to learn new ways of looking at, capturing, and using data and creating a data-aware culture.
• Start by using data to solve real business problems. Pick something contained and achievable. Demonstrate the difference that the use of data made to the outcome.
• Focus on the outcomes, not the technology. Use the tools that are available, but don't hesitate to use tools that make real-time discovery possible, even if doing so means creating new roles for the IT, IR, and student-serving units. Placing the technology before the thought processes will become limiting.

To develop further:

• Ensure that leaders, especially academic leaders, will advocate for instilling data-enabled decision-making into the areas for which they are responsible. Change is hard; deans and directors are unlikely to embrace the use of data unless they are strongly encouraged to do so.
• Include a diversity of people, roles, and thoughts. The different perspectives will provide additional insights.
• Use data to drive action and change. Even targeted changes can have a profound impact on highly political processes, such as requesting new faculty positions.

To optimize:

• Tackle the big, intractable problems. Use the data you have to make changes to systems and processes that don't work or to student populations who aren't doing well with the current systems. Once we know what we need to do, then we have an obligation to do it.
• Begin to think strategically and comprehensively about all your data, wherever it resides. Focus on data integrations to orchestrate the data interrelationships across a variety of systems. Each is a piece of the puzzle that enables us to spot something we couldn't see before.

Ecosystem Opportunities

We should focus on the pitfalls, effective practices, talking points, and/or evidence for plans to move forward successfully. It would be helpful to hold future-facing conversations about how all of us in higher education do this work together. We should provide a safe space to discuss best practices and to share sensitive information about specific problems to which we can apply data (e.g., addressing retention challenges, optimizing program ROI). This could help people visualize what is possible so that they can begin to achieve the same progress others are making.

Issue #7: Sustainable Funding

Developing funding models that can maintain quality and accommodate both new needs and the growing use of IT services in an era of increasing budget constraints

Loretta Early, Michael Gower, and Warren Wilson

In a time of challenges to higher education's economic model, it can seem that IT operations should be a target for funding reductions along with the rest of institutional operations. However, technology serves as the circulatory system that enables innovative, personalized delivery of instruction, advancement in research, data-infused management decision-making, and connections to constituents and stakeholders. The funding model must be efficient, but it must also be adequate and appropriate for that circulatory system to work.

The sooner the CIO and the IT organization can be engaged when the institution is looking at new initiatives and programs, the sooner IT leaders can become a part of informing what funding will be needed to scale and sustain new service offerings.

Who Outside the IT Department Should Care Most About This Issue?

• The president, the provost, and chief business officer (CBO), because making wise investments can help mitigate risks, harvest new revenue sources, advance R&D, and transform the institutional experience. Strategic higher education CIOs know they must bring forward business cases and not just present network diagrams; they use data and analytics to inform executive committees' decisions and recommendations.
• Faculty, researchers, students, and staff, because they should be able to easily access state-of-the-industry data and software and seamless, integrated solutions that help them get their work done
• Alumni, because optimizing operational costs means that institutions can make investments in innovation to prepare students for life after graduation

The Misconceptions

• Technology is simply a cost or overhead. (IT investments can enable revenue generation by optimizing enrollment, improving retention, aiding in successful competition for new research grants, promoting capital campaigns, and much more.)
• Technology budgets shouldn't grow. (Many institutions have chronically underfunded technology, neglecting to designate money for ongoing replacements and upgrades. And technology needs continue to increase as the value of technology grows and deepens.)
• IT costs are "lumpy" and endless. (Experienced CBOs who partner with their CIOs can implement financing techniques and other strategies to smooth out even the capital components of the funding.)
• IT leaders just want the newest and coolest technology. (CIOs draw on many resources when making their decisions: the expertise of IT staff, campus community partners, industry research, and higher education CIO colleagues' experiences and war stories.)

The Pitfalls

• IT Ieaders need to pay careful attention to leadership changes. New leaders may bring different views about the value and strategic importance of technology.
• Major financial setbacks constrict the institution's overall ability to fund initiatives. Because technology investments underpin so many initiatives, endowment or enrollment declines can have surprisingly broad effects on the IT organization's budget and staffing. Of course, the IT organization is both a cost center and a solution center, and cuts in the IT budget may actually worsen the institution's ability to respond to the root causes of financial challenges.

The Opportunity

Institutions with a sustainable IT funding model will be able to maintain operational excellence and service resiliency and, at the same time, make innovative investments. Faculty, researchers, students, and staff will be able to articulate how technology has enabled them to do things they never could do before. Leaders throughout the institution will no longer see the IT organization as a cost center but, rather, as a strategic asset for the institution. The institution's competitive IT capabilities will be featured when the institution is recruiting top researchers and faculty and new donors. The institution's reputation for innovation will grow and will attract vendors and investors who want to partner with innovators.

If the institution can bring its IT accomplishments and capabilities to the table, this success will continue to build—providing additional resource opportunities to the institution through strategic corporate engagements. CIOs can partner with their CFOs to look at current funding models and processes through the lens of campus departments and can see if these models will incentivize desired behaviors (e.g., adopting campus solutions, standards, and licensing; breaking down silos).

Advice

To get started:

• Learn what format and methodology the CFO prefers for developing business cases.
• Become knowledgeable about the solutions, trends, and institutional goals and challenges in recruitment, admissions, advising, alumni engagement, and other key higher education business functions.
• Conduct a detailed analysis of the consequences of lagging IT funding. This may provide evidence to show where the lack of funding is actually costing revenue opportunities. There is a cost to doing nothing.
• Establish some metrics. Without metrics, you won't know if you are doing something better, faster, or cheaper.

To develop further:

• Deepen and expand relationships and partnerships. Help your institutional partners better understand how and why IT investments are structured, so that when funding requests arise, they will have context.
• Adopt an approach of continuous improvement. Look for where IT services could enhance net revenue, and conduct a real opportunity-cost analysis. Study best practices from others.

To optimize:

• Reach out to the business and academic units during budget-planning cycles to learn about their upcoming initiatives and long-term plans. Use those conversations to collaboratively identify the technology needed to support their priorities. This will avoid surprises and funding gaps that could derail an important initiative and damage confidence in the IT organization.
• Be flexible, and become aware of alternatives to the ones you are using. Today's optimal funding model may not work tomorrow or for particular needs and areas.
• Assess your organization's risk tolerance and readiness for change, since both could affect budgets and timelines for delivery of new services and capabilities.

Ecosystem Opportunities

Regional and peer group consortia are both very important. Regional consortia—for example, the Western Interstate Commission for Higher Education (WICHE) and the Midwestern Higher Education Compact (MHEC)—can consolidate and expand the influence of small institutions to negotiate better prices and contractual terms with vendors. Consortia also give CIOs and CBOs opportunities to share best practices and emerging threats or challenges. Professional associations (e.g., NACUBO and EDUCAUSE) can provide articles, professional development, research, and benchmarking to help identify the breakthroughs needed to influence institutional changes in funding models and many other challenges.

Issue #8: Data Management and Governance

Implementing effective institutional data-governance practices and organizational structures

Chris Gill and Joel Hartman

Colleges and universities are information-driven organizations. They create, transmit, and run on the flow of information. Data is the institution's lifeblood. Like any other consequential resource, data has to be properly managed, curated, secured, understood, and optimized to help the institution achieve its mission and goals. Data tends to be invisible because it flows in and out of the business processes. But without the ability to use data to make decisions, institutions are flying blind. Effective data management and governance is the foundation on which decision support and intelligence capabilities are built.

Who Outside the IT Department Should Care Most About This Issue?

• Senior leaders, because they need to understand the value and use of data, as well as the risks of mismanaging or undermanaging data. Senior leaders depend on the availability of timely, accurate data.
• Institutional research leaders, because the IT and IR areas need to collaborate deeply to enable the institution to maximize the value and benefit of its data
• Unit-level data owners and managers, because they are responsible for growing numbers of cloud applications, data sets, and reports. Data is an institutional asset and must be managed for the good of the institution overall rather than in silos.

The Misconceptions

• Data is data, no different from what it's been for decades. (Today's systems have live, real-time, mobile-accessible data. This data is moving and changing with astonishing speed, and stakeholders are interested in access to the most up-to-date data possible. People are thinking in more sophisticated ways about different types and uses of data: descriptive, diagnostic, predictive, prescriptive.)
• If you've managed data well in the past, you don't have to worry about this issue. (More and more, the data that we hold has special meaning and restrictions—for example, for GDPR. Institutions are being called on in different ways to manage and understand the applications, uses, control, and purging of data.)
• Data management is fairly straightforward. (Institutional leaders don't understand the extent to which data is siloed across campus. The problem has been long in the making and reflects the overarching distributed nature of institutional decision-making. Institution-wide data governance is an effort to reweave the data fabric of the institution from what is, essentially, a massive tangle of threads.)

The Pitfalls

• Data governance can't be partitioned as an IR, an IT, or another leader's responsibility. Institutional data requires a holistic approach. The data stakeholders—people who manage or who depend on data—need to convene at the earliest-possible stage to work through all the details involved in managing, maintaining, providing access to, securing, using, and leveraging data in all ways.
• The president, provost, and the board have to be deeply involved. Numerous groups want answers to complex questions. Data governance can be used as a strategic opportunity to stimulate conversations between institutional, IT, and IR leaders to define the most important questions to answer, and the way to use data to do so. These groups are often not accustomed to collaborating with one another.

The Opportunity

An institution can achieve much greater efficiency and effectiveness by having its data house in order and by using that data effectively to plan, make decisions, and allocate resources. Institutions will thus have the ability to generate actionable insight when a question comes up—information on which they can reliably and safely take action. And they will have senior administrators who are prepared to do that. Effective data governance enables an institution to act more nimbly, and it eliminates anecdotes as a basis for action. An institution that can get past all that is one that will have a greater chance of success.

Advice

To get started:

• Start with a solid foundation. The institution's needs and abilities to use data will resemble a pyramid. At the base is the essential data that the institution runs on. To be useful, this data has to be accurate, timely, secured, well understood, and defined consistently across the institution. Without that foundation, any use of the data can be more harmful than beneficial down the road.
• Apply initial efforts at data management and governance to a specific business problem. Don't begin with the big picture.
• Work from the bottom up, and create small wins that you can use to build momentum. Don't start by buying a big product and then figuring out how you'll use it.

To develop further:

• Use this foundation. With a reliable data foundation and governance, institutions can apply data to better understand what is happening with key indicators (e.g., enrollment or persistence).
• Pay attention to algorithms as well as data. Vendor applications use algorithms to support such critical objectives as student success. If those algorithms are proprietary, the institution can't fully understand the basis of analysis and ensuing recommendations. Consider expanding data governance to algorithm governance.

To optimize:

• Designate a knowledgeable employee to be the executive "data whisperer." This is someone who can work at the executive level, can ensure that needed information is available, and can answer, translate, and explain as needed.
• Get your data act together. Move up the stack to predictive and even prescriptive uses of data and analytics. That will likely expand the data and process requirements and introduce new dimensions of ethics, compliance, and privacy into data-governance conversations.

Ecosystem Opportunities

Data governance is still a work in progress at many institutions. Professional associations can deepen their current collaborations to help bridge the gap between IR and IT leaders and staff. They can also help provide senior leaders with information about how to take better advantage of institutional data and data decision-making.

A higher education standardized data model could be of enormous benefit. There is some work going on in Australia and the United Kingdom, but the United States and Canada have lagged in comparison. A standardized data model would make interactions of systems and interchanges of data much more straightforward and potentially cost-effective.

Issue #9: Integrative CIO

Repositioning or reinforcing the role of IT leadership as an integral strategic partner of institutional leadership in supporting institutional missions

Mark Askren and Tammy Clark

Information technology has the potential for truly driving innovation and increased efficiencies. Enrollment management, student success, the research mission, and community service are examples of areas where technology can make positive change possible. This worldview differs from one that sees information technology as a service with the primary goal of driving down costs. The difference is a CIO who has the skills and credibility to provide leadership and who, as part of the senior leadership, addresses the institution's most strategic issues.

Information technology is expensive whether we are using it well or not. Without the effective partnership of the CIO, departments may select solutions that don't integrate or operate with other technologies used. Their choices may be insecure or lack necessary functionality, or the implementation costs may soar.

Who Outside the IT Department Should Care Most About This Issue?

• All areas that are interested in driving significant change, and all academic and administrative leaders. Information technology is everywhere these days.

The Misconceptions

• Campus departments can bypass the IT organization and work directly with vendors of technology solutions. (Leaders of campus departments often desire to select the solutions they use and want to make key decisions regarding implementation and use. Without understanding the roles of the CIO and the project management office, they may perceive that the IT organization is "slowing them down," and they may also believe vendors who tell them that the IT organization and the CIO are not needed to implement a solution. However, not including the CIO can be very problematic, since solutions generally need to be integrated with other systems in order to work properly or they need to include specific requirements for data security, access, and authentication.)
• The institution isn't really benefiting from all that money it is spending on digital technology. (Technology has become an integral strategic, not just tactical, area that will continue to factor into the fulfillment of institutional goals and objectives well into the future. But senior leaders often struggle to measure IT effectiveness on their campuses. CIOs and other IT leaders must be able to explain the value proposition and to translate into plain English what they are doing, why it matters, how it directly benefits various institutional leaders, and how to take advantage of technology-driven opportunities across the institution.)

The Pitfalls

• Institutional history is hard to overcome. If the senior leadership team has been disappointed by the past performance of the CIO, this will be hard to change without adjustments in either the leadership team or the CIO position.
• It is easy to fall into binary thinking about the contributions that the IT organization and, accordingly, the CIO can make. Every institution needs effective and efficient IT services and operations. A good operational CIO might never be thought of as an equally good strategist. Yet the best, and most needed, CIOs are exactly that. CIOs must clearly define their roles as strategic partners and build support from networks of key influencers. A sign of success is when the IT leader is among the cabinet members and leadership groups—supplying a strategic as well as technological perspective—when these groups are considering the most important issues and ideas affecting the future of the institution.

The Opportunity

Institutions at which the CIO is an integral strategic partner of institutional leadership have a competitive advantage with technology, improving their services to students, staff, and faculty across the institution and ensuring that their technology investments are effective and optimized. At those institutions, IT leadership is a valuable part of team initiatives and can change an institution's direction and fortunes. The stakes are very high. The IT organization can help an institution become cost-efficient, think outside the box, implement new student or faculty recruiting strategies, or become more competitive for grants in the research area by understanding how to integrate technology into those initiatives.

Advice

To get started:

• Build networks among academic and administrative leadership and individual influencers among students, staff, and faculty. They can help the CIO learn how to communicate more strategically and can reinforce the CIO's role as an integral member of institutional leadership.
• Consider an assessment from peers or an outside organization on how the IT organization is structured and on the definition, as well as the expectation, of the senior IT leadership position. If the position or the overall organization is not well situated, viewing the CIO as a strategic partner will be much more difficult.

To develop further:

• Make sure the CIO has regular access (ideally a seat on the cabinet) or reporting status to the president and institutional leaders.
• Develop governance and processes to coordinate and manage new departmental and institution-wide digital investments. The CIO, academic affairs, research administration, procurement, and project management areas should all be involved.
• Continue to work with peers to understand where and how CIOs in the community are leveraging technology as a breakthrough resource, particularly in those areas that matter the most for senior leaders. Our commonalities across institutions are greater than our differences.

To optimize:

• Ensure IT leaders' ongoing contributions include partnering with campus departments and vendors to ensure that their original requirements are met and assisting with project management, change management, and communications and training plans. The traditional model, in which the IT organization implements and maintains the solution as the service provider while campus departments simply use the technology, no longer applies when it comes to cloud technology solutions.
• Establish credibility with other cabinet members in terms of being able to deliver both strategic and operational value. Success in the workplace is all about relationships.

Ecosystem Opportunities

Members of the EDUCAUSE community and other networks need to share stories of the CIO as an integral strategic partner with institutional leadership, explaining the conditions that made that possible. Conversely, there are lessons worth learning from places where this partnership is not going well.

We are stronger working together. As a community of colleagues, we can collaboratively define the future of the CIO role and help one another grow into that role.

Issue #10: Higher Education Affordability

Aligning IT organizations' priorities and resources with institutional priorities and resources to achieve a sustainable future

Merri Beth Lavagnino and Michael Berman

IT organizations can make three contributions to higher education's affordability crisis. Most obvious is engineering IT services to ensure they are providing the best-possible value and return on the funds invested. Second, other institutional areas also expect IT professionals to help them understand how to use technology to drive down their costs and, ultimately, the cost of higher education. Finally, many institutions are looking to their IT organizations to generate revenue, for example, by developing partnerships with external service providers or providing services that can potentially create new revenue sources.

The task for IT leaders is to provide evidence of their ability to contain the cost of digital technologies while also increasing their understanding of institutional goals and lines of business. Without a dual grounding in financial management and higher education's missions, IT leaders will struggle.

Who Outside the IT Department Should Care Most About This Issue?

• Presidents, boards, and CFOs, because they need to understand what they can expect of (and gain from) including IT leaders in the affordability conversations and how to measure the results

The Misconceptions

• Financial problems can be solved by focusing on who is to blame. (Stakeholders can spend a lot of time trying to determine the "why" and the "cause" of the financial problem, which can devolve into finger-pointing. Trying to figure out the source of the financial change is an interesting and important exercise, but it shouldn't divide leadership. This is precisely the time that the academic and administrative arms need to come together to work jointly on affordability.)
• The affordability crisis is only a cost crisis. (Growing costs are just one part of the problem. Another issue is the steady reduction in state funding for public institutions—those very institutions that for decades represented the affordable path to a college degree—and the resulting shift of expenses to parents and students.)
• The best way to save money is to cut large administrative cost centers, notably the IT organization. (That strategy can backfire, because it reduces the institution's ability to apply technology-enabled efficiencies.)

The Pitfalls

• Reducing costs requires setting priorities because there isn't enough money to fund everything. Setting priorities entails retiring duplicative or underused services and refraining from new initiatives that provide less value. Retiring services, deferring upgrades, and walking away from cherished initiatives may clash with existing culture and meet resistance from both IT staff and institutional leaders and constituents. The challenge is more than a cost challenge; it's one of change management.
• IT leaders need to collect data and apply methodologies to illustrate technology's value to the campus. Institutions need to avoid the inclination to overengineer the solution. Instead of creating a master cost model with all possible cost data, IT leaders should collect the minimum viable data needed to begin estimating and comparing value. Those experiences will help institutions better understand the additional data they need and how to put it to work.

The Opportunity

Institutions that can successfully align IT organizations' priorities and resources with institutional priorities and resources can indeed achieve a sustainable future that enables them to deliver affordable education. That can make postsecondary credentials more broadly accessible, particularly to underserved populations.

The IT organization and staff will benefit as well. The IT organization will be viewed as a center of excellence and will be a meter on the campus in helping to keep education affordable. IT professionals will have more pride in and understanding of the contributions they make to their institution, enhancing staff recruitment and retention.

Advice

To get started:

• Build awareness. At the very least, ensure IT leadership and ideally the entire IT organization understand your institution's issues around affordability. These issues will differ among small private colleges, state universities, and large research institutions.
• Make affordability an IT organization priority. Invite senior leadership to discuss the institution's affordability goals with IT leadership, or even with the entire IT staff, to help the IT organization incorporate its planning and service delivery into the larger goal.

To develop further:

• Work with institutional partners to improve priority-setting. Introduce or improve at least a lightweight project portfolio management function, and tie that to campus priorities. Consider using risk management weighting tools (e.g., likelihood and severity of impact) to prioritize. And remember: if everything is a priority, then nothing is a priority.
• Find a better and more convincing way to collect data on the impact of information technology. It is extraordinarily hard to provide really good ROI numbers that hold up, but a good beginning is trying to collect data to measure and support the impact of technology across campus.
• Introduce efficiencies. Study the use of IT services to find opportunities to combine, retire, or redesign services.

To optimize:

• Deepen your measurement work to establish good metrics that can demonstrate value and to measure more quickly the impact of different choices. We want to make sure we put our resources in the areas of greatest impact. Use those metrics to report the impact of IT investments to the campus. Do this for things that affect the affordability issue and for a few things that don't.
• Focus on consolidating service offerings. IT professionals may be the first to detect duplicative initiatives, such as separate CRM initiatives for admissions and advancement. Those IT professionals are often also in the best position to understand the underlying needs and potential solutions that could be shared without sacrificing departmental needs. Moving from two or three CRMs to one can reduce costs by consolidating contracts, knowledge, and support and can ensure greater user efficiencies in learning and usage. Recognize employees who identify and/or work on the most effective cost-saving initiatives.
• Communicate about the impact. Ensure information about efficiencies and savings are communicated throughout the college or university community.

Ecosystem Opportunities

Some institutions are experimenting with sharing services nationally—such as OmniSOC, a shared security operations center. The Higher Education Cloud Vendor Assessment Tool (HECVAT) aims to reduce costs in assessing and obtaining cloud tools. This shared service model is nothing new—OCLC was founded in 1967 to share higher education library services and support—but the affordability crisis may expand interest and encourage institutions to adapt their requirements and timing in order to participate in broader, more affordable commodity services.

State systems and regional consortia are helping institutions aggregate purchasing to secure better prices and terms.

EDUCAUSE and NACUBO might collaborate in research to identify the institutional and IT organization characteristics that contribute to affordability, using data and case studies to help people understand and to communicate to presidents and boards about how information technology can be a driver for cost savings.

Reflections and Conclusion

Changes from Last Year

Three issues were similar or identical to issues in last year's Top 10 list: Student-Centered Institution (#4), Digital Integrations (#5), and Information Security Strategy (#1). The first two were new to the list last year, and both were worded identically. Both also moved up a bit in rank: Student-Centered Institution moved up a notch from fifth place last year, and Digital Integrations moved from #8 to #5. While Information Security retained the top position again this year, the panel wanted to modify the issue slightly. By adding "Strategy" to the title, this year's wording emphasizes the nontactical focus of the issue and specifies that a risk-based strategy isn't one that simply "keeps pace with security threats and challenges" (last year) but instead "effectively detects, responds to, and prevents security threats and challenges" (2019).

Three other issues describe evolved challenges. Student Success (#2) focuses this year on the change management aspect of student success initiatives ("serving as a trusted partner with other campus units to drive and achieve student success initiatives") rather than the technical tasks of last year, when it was also #2 ("managing the system implementations and integrations that support multiple student success initiatives"). Data-Enabled Institution (#6) also emphasizes the change aspect of analytics ("taking a service-based approach to data and analytics to reskill, retool, and reshape a culture to be adept at data-enabled decision-making") more than last year, at #4 ("using BI and analytics to inform the broad conversation and answer big questions"). Both were on the Top 10 list for the first time last year. The panel also made a small but meaningful addition to Data Management and Governance (#8 in both years), appending three words to the issue description: "Implementing effective institutional data-governance practices and organizational structures." The rewording of each of these issues suggests progress and a clearer focus on institutional adoption.

Two issues replaced last year's single issue about costs and funding. Last year, Higher Education Affordability (#6) encompassed both prioritization and financial constraints: "Balancing and rightsizing IT priorities and budget to support IT-enabled institutional efficiencies and innovations in the context of institutional funding realities." This year, the panel separated the issues to better develop each. Higher Education Affordability (#10) describes prioritization ("Aligning IT organizations' priorities and resources with institutional priorities and resources to achieve a sustainable future"), while Sustainable Funding (#7)—which was on the 2017 but not the 2018 Top 10 list—focuses on financial constraints ("Developing funding models that can maintain quality and accommodate both new needs and the growing use of IT services in an era of increasing budget constraints"). Note the panel's carefully added emphasis on alignment of IT organizations' priorities and resources with institutional priorities and resources in issue #10. The interdependence of the IT organization and the institution and the need to make trade-offs come through clearly in both issues. Much is possible with technology, but only some of it is affordable. CIOs and institutional leaders must understand the institution's financial constraints and agree on the technology investments that will most benefit the institution.

Two issues—Privacy (#3) and Integrative CIO (#9)—were new to the list for 2019. Integrative CIO ("Repositioning or reinforcing the role of IT leadership as an integral strategic partner of institutional leadership in supporting institutional missions") continues this year's deepened focus on embedding and aligning technology with institutional operations and strategy. Privacy ("Safeguarding institutional constituents' privacy rights and maintaining accountability for protecting all types of restricted data") is salient far beyond higher education but has special implications for colleges and universities. Since 2015, public confidence in higher education has slipped down 9 percentage points, with only 48 percent of US adults expressing "a great deal" or "quite a lot" of confidence in higher education in 2018.⁷ We cannot afford the loss of trust that would follow breaches of student or alumni privacy and/or missteps in using their data.

Seven issues evolving in concept or rank, one revived, two entirely new. Thus we mark progress—or at least change—in higher education.

Alternative Realities

Respondents to the IT Issues survey had 17 issues to choose from. The following are the 7 additional issues, in order of their ranking:

#11: Academic Experience: Understanding and advancing technology's role in optimizing the faculty experience (as teachers, researchers, advisors, and more)

#12: IT Staffing and Organizational Models: Planning for adequate staffing capacity and staff retention in the face of retirements, new sourcing models, growing external competition, rising salaries, and the demands of technology initiatives on both IT and non-IT staff

#13: Change Leadership: Helping institutional constituents (including the IT staff) adapt to the increasing pace of technology change

#14: Institutional Innovation: Advancing the institution through the use of IT as higher education reimagines its future

#15: IT Accessibility: Adopting policies, procedures, remediations, and technologies to ensure current and future IT can be used effectively by everyone, and collaborating across institutions to influence the vendor community to provide compliant solutions

#16: Service Strategy: Balancing the provision of services and systems that a diverse environment requires with the need to consolidate and reduce certain services and systems to be more cost-effective

#17: Diversity, Equity, and Inclusion: Developing an IT organization that reflects and supports institutional commitments to having a staff of diverse individuals who feel welcome and valued

Respondents rated issues differently, of course, meaning that not everyone's Top 10 IT Issues are the same. Some of those differences are associated with institutional differences. As a result, every issue except one made it on the Top 10 list of an institutional subset. (see table 1).

Table 1. Institutional Subsets

Carnegie Type	Included in Top 10	Not in Top 10
Community Colleges	IT Accessibility Service Strategy	Integrative CIO Data-Enabled Institution
Bachelors Colleges	Academic Experience	Data-Enabled Institution
Public Masters	Institutional Innovation Academic Experience	Data Management and Governance Higher Education Affordability
Private Masters	IT Accessibility	Integrative CIO
Public Doctorals	IT Staffing and Organizational Models	Higher Education Affordability
Private Doctorals	Academic Experience IT Staffing and Organizational Models	Sustainable Funding Higher Education Affordability
Non-US Institutions	Change Leadership Academic Experience Institutional Innovation	Data Management and Governance Data-Enabled Institution Higher Education Affordability
Institutional Size	Included in Top 10	Not in Top 10
Less than 2,000	n/a	n/a
2,000–3,999	IT Accessibility	Data Management and Governance
4,000–7,999	n/a	n/a
8,000–14,999	Academic Experience	Higher Education Affordability
15,000+	Institutional Innovation	Higher Education Affordability
Institutional Approach to Technology Adoption	Included in Top 10	Not in Top 10
Early Adopters	Academic Experience	Higher Education Affordability
Mainstream Adopters	Academic Experience	Higher Education Affordability
Late Adopters	Service Strategy Change Leadership	Data-Enabled Institution Data Management and Governance

The most widespread addition to institutions' lists was Academic Experience, appearing on 7 subset Top 10 lists. Academic Experience acknowledges the value technology brings to faculty, in all their roles. Higher Education Affordability was the most common issue to disappear from sublists, falling out of 8 groups' Top 10 lists. The clearest pattern for this omission was within institutional size: Higher Education Affordability dropped off the lists of the largest institutions (those with more than 8,000 students).

Only the very smallest (fewer than 2,000 students) and mid-sized (4,000–7,999) institutions' Top 10 lists contained all the overall Top 10 issues. Non-US institutions differed the most from other institutions, with three issues moving in and three out.

Only one issue was left off every Top 10 list: Diversity, Equity, and Inclusion (DEI). The highest rank DEI achieved was 15 (within bachelors colleges, private masters, and institutions with fewer than 2,000 students). Of course, IT Accessibility is a DEI issue, and it appeared on the lists of community colleges, private masters, and institutions with 2,000–3,999 students. We should not assume that DEI is a marginal issue, however. In the EDUCAUSE 2019 strategic technologies and trends research,⁸ half of institutions reported that DEI is exerting a major influence on, or is already incorporated into, their IT strategy; another one-third note that DEI has at least a minor influence on their emerging IT strategy. Also, within one week of its release on October 22, 2018, the EDUCAUSE "CIO's Commitment on Diversity, Equity, and Inclusion" had been signed by more than 300 CIOs.⁹

For more on DEI and the 2019 Top 10 IT Issues, see D. Christopher Brooks, "Why Isn't DEI in the Top 10?"

Balancing Impact and Ethics

It is one thing to have and understand data. It is another thing to put that data to work. The Human Genome Project map was an important accomplishment, but primarily as a stepping-stone to applying the newfound knowledge to treating and preventing diseases and disorders and optimizing well-being. Turning the corner from knowledge to action is also part of the Student Genome Project. Throughout panel interviews and discussions, leaders stressed that having and sharing the data is not sufficient. They and their institutions are now considering how best to apply the insights the data is providing, and how to quantify the ROI of student success and other analytics investments. Making sure data is resulting in actual progress requires dedicated attention and is its own kind of change initiative.

Of course, not every application of student data is beneficial or benign. Our ability and willingness to collect and apply data often outpaces our recognition of the need to protect our students from future negative consequences of the amount of data our institutions have about them. We are not even fully aware of just how much data we have, let alone what it can be used for. The concept of data retention is giving way to a concept of data destruction.¹⁰ Higher education, with its commitment to creating, disseminating, and preserving knowledge, is perhaps uniquely pained by the thought of destroying knowledge. When we find ourselves thinking, "you never know if this data might be useful someday," we should counter with, "you never know if this data might be harmful someday." The privacy of people whose data we retain must be safeguarded. Higher education has spent a great deal of effort and expense preparing to comply with the new European Union General Data Protection Regulation (GDPR). We may look back on this regulation as a gift that accelerated data privacy initiatives when they were most needed.

Digital Transformation (Dx)

Just as mapping the human genome was a difficult but necessary precursor to transformative applications of genetics, so too will the hard, foundational work of mapping our data and the student genome prepare higher education for our own moment of transformation. And not a moment too soon. The financial pressures and evolving student expectations reflected in this year's Top 10 IT Issues list are among the drivers of a new movement that began in other industries and is spreading to our own: digital transformation or, simply, Dx.

Higher education needs a new value proposition to address not only sustainability concerns but also a growing need for lifelong learning and an expanding range of alternative providers of credible credentials.¹¹ Any new value proposition will depend on technologies, including advances in analytics, AI, the cloud, mobile, consumerization, social networks, and storage capacities. Incorporating these technologies into higher education is the work of digital transformation.¹² That work is clearly under way and must continue.

But the 2019 Top 10 IT Issues list points the way to digital transformation in additional ways. Technology always forces changes in culture and workforce, and Dx technologies are particularly disruptive to both. We see in the Top 10 IT Issues a focus on cultural and organizational change. The emphasis on incorporating technology into institutional practices and strategies reflects a growing readiness for higher education to embrace a digital future.

Clearly, we are in the early stages of a decades-long undertaking. Yet we cannot predict the specific outcomes because so much is changing so fast. What does the future look like? No one can say, but innovative institutions are already experimenting with applications of extended reality technologies in teaching and learning, digital courseware, personalized student services and advising, applications of AI and machine learning to both research and education, new organizational models, partnerships and consortia to scale, and alternative credentialing models and alliances with local K–12 districts and employers. Technologies are the materials; innovations in learning, research, and management are the path; revitalized higher education that continues to lead the world in conducting research and scholarship and in delivering relevant and affordable lifelong learning and credentials is the outcome.

And this all starts here and now, with efforts to map the student genome in order to develop empowered students, trusted data, and 21st-century business strategies. Don't be left behind. Join the effort!

Notes

1. "An Overview of the Human Genome Project," National Human Genome Research Institute (website), May 11, 2016; "Human Genome Project," Wikipedia, accessed December 6, 2018. ↩
2. Antonio Regalado, "2017 Was the Year Consumer DNA Testing Blew Up," MIT Technology Review, February 12, 2018, reported over 12 million consumer DNA tests: 7 million from Ancestry, 3 million from 23andMe, and 2 million from other consumer genetics companies like Habit and Promethease. At the time of this article's writing (October 2018), Ancestry reported 10 million DNA customers, whereas 23andMe had grown to 5 million. ↩
3. Thomas B. Edsall, "How Much Do Our Genes Influence Our Political Beliefs?" New York Times, July 8, 2014. ↩
4. Once a year, members of the EDUCAUSE IT Issues Panel select a slate of 15–20 topics they believe will be the most important IT-related issues facing higher education institutions. EDUCAUSE members receive a survey with those issues and are asked to prioritize them. The 10 issues with the highest-priority scores become the Top 10 IT Issues. This methodology also enables EDUCAUSE to determine the Top 10 IT Issues among various types of institutions. For 2019, 11,397 email invitations to complete the survey were sent to EDUCAUSE members, and 405 (3.6%) completed the survey. Where multiple representatives from a single institution completed the survey, we selected the response from the representative in the highest-ranking position to determine the Top 10 IT Issues. The final Top 10 IT Issues list is thus based on the responses of 297 US-based respondents. ↩
5. Jon Kalish, "Cryptoparties Teach Attendees How to Stay Anonymous Online," NPR All Things Considered, February 6, 2017. ↩
6. The Future of Jobs Report 2018 (Geneva, Switzerland: World Economic Forum, 2018); James Manyika and Kevin Sneader, "AI, Automation, and the Future of Work: Ten Things to Solve For," executive briefing (McKinsey Global Institute, June 2018); "Gartner Says by 2020, Artificial Intelligence Will Create More Jobs Than It Eliminates," press release, December 13, 2017. ↩
7. Jeffrey M. Jones, "Confidence in Higher Education Down since 2015," Gallup Blog, October 9, 2018. ↩
8. EDUCAUSE, "Higher Education's 2019 Top 10 Strategic Technologies and Trends" (forthcoming). ↩
9. "CIO's Commitment on Diversity, Equity, and Inclusion" (EDUCAUSE, October 22, 2018). ↩
10. Jack Suess, Michael Cooney, and Jenny Holmes, "Current Topics in Data Privacy," EACUBO 2018 Annual Meeting, Buffalo, NY, October 24, 2018. ↩
11. Paul Fain, "On-Ramps and Off-Ramps: Alternative Credentials and Emerging Pathways between Education and Work," Inside Higher Ed, special report, September 19, 2018. ↩
12. "7 Things You Should Know About Digital Transformation," EDUCAUSE Learning Initiative (ELI), October 26, 2108. ↩

Acknowledgments

Producing the Top 10 IT Issues is a group effort. And what a talented, interesting, and experienced group! I would like to thank all the IT Issues panelists for their engagement and insights throughout the year they served. We have so much to learn from the wisdom of our community, and this panel represents many of its wisest members.

Many EDUCAUSE staff members contribute to this work as well, and I am grateful for their support. First Joanna Grama and then Jamie Reeves were my partners in administering the panel, thinking through the report and other outputs, and coordinating this project with our colleagues. Ben Shulman did his usual amazingly meticulous job conducting the research that identified the Top 10 IT Issues. Lisa Gesner, our marketing guru, helps us think through, critique, and refine the messaging and stories we tell with our data. D. Christopher Brooks, Malcolm Brown, Betsy Tippens Reinitz, Valerie Vogel, and Karen Wetzel all offered very helpful feedback and support for the project. John O'Brien gave insightful and encouraging comments on the initial draft of the report. And Teddy Diggs is my all-time favorite editor—what a pleasure it is to work with her. If you don't work at EDUCAUSE, you don't know what a special organization it is. I feel honored and energized to work here, and I thank all who helped us realize this project.

 

---

Susan Grajek is Vice President for Communities and Research at EDUCAUSE.