Improving information security is the top priority for higher education IT in 2016, followed by optimizing the use of educational technology in classrooms, according to the latest EDUCAUSE Top 10 IT issues list.
The organization, which released its annual list in January, says the top 10 IT issues for the new year fall under three common themes: divest, reinvest and differentiate.
According to EDUCAUSE, universities are divesting from inefficient or outdated approaches to technology and choosing to improve business processes and services through better data management and integrating enterprise applications. Efforts include migrating from internal infrastructure and applications to the cloud.
Campus IT leaders also are reinvesting in people and technology to add value to their colleges. That includes investing in IT information security, the workforce, organizational development and revamping funding models.
Finally, to differentiate themselves and gain a competitive advantage, universities are improving their use of educational technology and embracing student success technologies, business intelligence and analytics, and e-learning and online education.
In a recent interview with EdTech: Focus on Higher Education magazine, four university IT experts shared their insights on how they are tackling the major issues facing their campuses in 2016.
We spoke to: Gerard Au, associate vice president for technology operations and customer support at California State University, San Bernardino; Tina Thorstenson, assistant vice president and chief information security officer at Arizona State University; Craig Fowler, chief information officer at Western Carolina University in North Carolina; and Brandon Bernier, director of user services at the University of Wisconsin-Madison.
EDTECH: Security rose from near the bottom of the top 10 list last year to No. 1 this year. What changed?
Gerard Au: It became No. 1 because of all the recent data breaches. A lot of institutions are moving systems, whether it’s enterprise resource planning (ERP), email or storage, into the cloud, so securing information in those places is more important. None of the institutions want to take risks and have information breached.
Tina Thorstenson: I’m glad it’s risen to No. 1 this year. That means we in higher education understand its growing importance. What we are talking about is moving the security conversation to a risk conversation.
Many organizations, if they had a security team years ago, were frequently the “Department of No.” Hopefully, it’s less true today. The new model is to be a “Department of Yes.” We absolutely want to help you implement that new service or solution that serves the mission of the university, but in the most secure way possible.
Rather than have one tiny group absorb all the risk, we are identifying the risks, and having stakeholders such as the provost weigh in to accept those greater risks, given all the factors at play.
EDTECH: What are you doing to bolster security?
Au: We educate our users often. We also are talking to security vendors to audit our cloud drives to see what is being stored there and to keep that data safe. On the email side, we are seeing more phishing attacks.
We recently partnered with a security vendor to utilize its advanced threat protection, so that all the phishing links are rewritten before they hit our email boxes. That way, computers aren’t vulnerable when people click on those links. We’re taking more of an active role in security rather than being reactive.
Craig Fowler: We also see a lot of phishing attempts. One thing we’ve done the past several years is annual security awareness training. We also are ramping up identity management and putting additional items in place with respect to how we are handling identities and verifications. It enhances security.
Thorstenson: ASU is investing in three areas. First, we use business analytics and correlation solutions as they relate to security. That means bringing in a technology solution to quickly identify the high-risk areas. In our case, we extended what most organizations call a SIEM — a security information and event management alerting system.
Second, we are looking to use the Internet of Things to improve services and security. People are bringing multiple devices on campus — notebooks, phones, tablets, Fitbits and more. Some devices can enable us to improve services, and potentially reduce security risks.
And third, we are connecting threat detection and prevention systems, to mitigate device vulnerabilities. We are enhancing systems to be increasingly proactive.
EDTECH: What are your top IT challenges on campus?
Fowler: Higher education as a whole is focused on student success. We are trying to improve retention and graduation rates by using business intelligence and analytics and becoming more data driven. Workforce hiring and retention and IT funding models are certainly issues we are facing. We’re also looking at how educational technology enhances education.
Au: We’ve been migrating our critical systems into the cloud and ensuring the availability and business continuity of the entire organization. It’s something we’ve worked on the past two years. We are finally where we need to be with the majority of our systems fully in the cloud.
We also are integrating our enterprise applications and optimizing educational technology. We launched a campus portal where faculty, staff and students can access all the campus systems, such as email, ERP, the student information system and the learning management system (LMS). There are additional systems that we will integrate and will make single sign-on, but the goal is to create a seamless experience and to automate tasks that used to be manual; for example, allowing grades to be exported from the LMS to the student information system.
Brandon Bernier: There are three that stand out: IT workforce, funding models and organizational development. We are spending quite a bit of time developing strategies in our department, and these are impacting our operation right now.
EDTECH: How are you attracting and retaining employees?
Bernier: Recently, we’ve worked on increasing diversity in our recruitment process, especially in engaging women in IT. The other big initiative is 40 percent of our department’s staff started as student workers. We are looking for ways to make that pipeline stronger. We are creating internships and providing additional training, so when we have openings, our students can compete and get hired.
Thorstenson: Hiring and retention are a challenge because of the growth in security. Frequently, we hire people with experience but not necessarily security-specific experience.
We look for people who understand the university’s mission and culture and are passionate about it. It’s such an important quality. We are willing to train you if you come in with the right attitude.
EDTECH: How do you sustain services, support innovation and facilitate growth on a tight budget?
Bernier: Budget cuts have required us to be innovative, do things smarter and collaborate more. That will require folks to not get 100 percent of what they want, but perhaps 80 percent is good enough. That applies to not just working across our campus, but also to multiple campuses working together.
A lot of our needs are similar enough. For example, our campus recently moved to Microsoft Office 365 instead of using many separate email systems. We are trying to create partnerships throughout campus, so we can have conversations about other areas we can work together on and drive more innovation.
EDTECH: What about IT organizational development?
Au: It’s a lingering problem. Because technology has changed so drastically, we have to keep our staff well trained and their skill sets up to date. As we move to the cloud, employees are worried that their jobs are at risk.
It’s important to reinvest in the staff and make sure they get enough training to learn about new technologies and be more productive in offering other value-added services to the campus.
EDTECH: Is it just professional development, or is it more than that?
Bernier: It is professional development and potentially more. We are working hard to provide hands-on learning experiences. When people return from conferences, we want to let them try out their ideas.
We also just launched a management mentoring initiative for central IT to have qualified internal staff compete for management positions. We kicked off our first cohort at the end of January.
As part of our performance review process in our department, we talk to staff about their career goals, so we can help them achieve those goals.
EDTECH: Optimizing educational technology is No. 2 on the list. What are you doing in that area?
Au: We are launching active learning spaces to provide a more interactive group classroom environment. We have two that launched this past fall, and we will have more to come.
Bernier: We are working with faculty to integrate more technology into their curriculum. We’re connecting them to different types of technology and recently hosted events where we brought in national experts to discuss how to use tablets or apps in the classroom.
EDTECH: How do business intelligence and analytics benefit universities?
Au: Analytics are about being proactive in looking at past data. We’ve partnered with a company that takes anonymized data and identifies early warning signs, the students who could potentially be at risk for dropping out, so we can intervene and provide mentoring, tutoring or advising in order to improve student success and graduation rates.
Fowler: We are investing in this area, mostly in descriptive analytics, with some work on predictive. We are using ERP and student information system data to provide faculty members and deans visibility on trends, so they can see what’s happening in classes and what the drop rates and fail rates are.
From a student perspective, we have implemented a student support system that provides us early warning alerts on student progress and makes interacting with advising and tutoring easier and more proactive, enhancing student success.
EDTECH: Are you tackling anything else that we have not discussed?
Fowler: We want to look at improving our business processes. This is something the executive team is continuously spending time on. Are there things we should be doing differently with ERP and processes that may have worked 10 years ago? What systems do we need to integrate? We are trying to become more efficient and productive.
EDTECH: Do you have any advice, lessons learned or best practices you’d like to share?
Thorstenson: Again, make sure your security department is a “Department of Yes.” We will help you do that project, but have some recommendations on reducing risk. The security department should understand the mission of the university and support it. Take a risk-based approach.
Bernier: Spend the time and be purposeful about investing in the people side of our business.
Through partnerships across our campus and other campuses, that’s where we will be successful. It’s about developing and investing in our staff. If that’s not where it needs to be, adjust it.