EDUCAUSE 2017: Security and Data Top Concerns for IT Leaders
For the third year in a row, information security leads the EDUCAUSE 2018 Top 10 IT Issues list, which the organization announced on Thursday at its annual conference in Philadelphia.
“We need not to think, ‘Will a data breach happen at my institution?’ But ‘When will it happen and how will I be prepared?’” said Susan Grajek, EDUCAUSE’s vice president for communities and research.
Grajek led a panel discussion with committee members who helped to identify this year’s key themes, which organization members then voted on.
“It was amazing — with the different types of campuses, sizes of campuses, how diverse we all were — how much the issues all seemed to be the same,” said Vanessa Kenon, assistant vice provost for IT at the University of Texas at San Antonio.
SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!
This year’s list includes:
Photo from EDUCAUSE
Help Administrators Understand the Threat Landscape
Aside from external threats, one of the biggest challenges IT leaders face is the difficulty of helping institutional leaders understand the realities of today’s risk-intensive environment.
At Rollins College, board members created an enterprise risk committee to engage in high-level conversations and decision-making around funding for security solutions, said CIO Patricia Schoknecht. Although IT and administrative leaders won’t always agree on which risks are acceptable and which solutions are worth investing in, she said, the opportunity to engage in open, honest conversations together is beneficial.
Establishing a regular cadence to revisit risk management planning is also important, she said: “We review this plan annually so we can add new risks, look at new mitigation efforts and change our funding to attack some of those risks.”
Often, institutional leaders who lack an understanding of information security expect that IT can simply fix the problem, said Mark Roman, CIO of Simon Fraser University. By contrast, many information security experts take the view that “when, not if” is a more realistic stance toward a breach.
“You need to help prepare them that ‘This is going to happen. We don’t like it, but we need to be ready,’” Roman said. “You need to treat security as an investment. If you want to get to 99 percent security, it’s insanely expensive. So what risk are you willing to accept?”
Seek Out Diverse Stakeholders in Student Success Systems
When it comes to effectively implementing software platforms designed to support students, the panelists agreed that top-down, bottom-up stakeholder participation is critical. CIOs, academic leaders, student advisors and students themselves all need to be part of the conversation around adoption of new tools, Kenon said.
“Most important is you need to talk to your students,” she said. “They are the people who are your client there. What are their needs?”
Ensuring deep representation of stakeholders also matters, Kenon said: “Have a good group, not just one or two people from different areas. It needs to be very well thought out.”
Richard Sluder, vice provost for student success and dean of University College at Middle Tennessee State University, agreed, emphasizing the importance of the fundamentals. “It’s about having that technical competence from the start all the way through the project,” he said. “We know from the literature and all of our experience that to run these things and bring them up requires multi-level engagement. Everybody has to be on board.”
IT staff can play a role in student success beyond keeping the technology running, panelists said. One strategy that’s both easy to adopt and easy to overlook, said Kenon, is having IT staff engage with students to get their perspectives and input. And yes, that includes programmers, she said.
“Have those people get out from behind their cubicles, get out of the office and really get a chance to go out and talk to students,” she said.
Kenon said she initially thought the student government members on her campus would be too busy to engage with IT, but was pleasantly surprised to learn otherwise. “They bring in amazing ideas — things we never think about,” she said.
IT staff also can work with instructional design and technology professionals to help bridge the gap between faculty and data, Schoknecht said.
“The data that comes out of these pieces of software tells us something about how our faculty are interacting with students and tells us something about the pedagogy our faculty are using,” she said. The next step, she added, is to help faculty use that data to inform and improve their course design.
Learn From Peers in Data Analytics
Data also emerged as a major theme on the list. Grajek called particular attention to No. 4, “Data-enabled institutional culture.”
“How do we use BI and analytics not just to have the data there in the pretty dashboards, but to actually infuse it into the conversations and into the decisions that are made at the institution?” she asked. “How do we develop the institutional capability and capacity to use data to ask the right questions and inform the big, big issues and conversations?”
Institutions that are just starting to explore data and analytics should take the time to learn from those who have already forged ahead, Sluder said. “It’s something that you can’t wait on, and it’s something you can’t just jump in on, either,” he said. “Talk with others who are doing it well … model best practices from other institutions.”
Ahmed El-Haggan is the CIO and vice president for IT at Coppin State University, which has been working with data analytics since 2004. He advised institutions to “start small and get some winnings.”
Once institutions have advanced their data programs, they often encounter situations where departments come up with different sets of data for the same areas, and questions arise about which set is accurate.
“How do we move to a single version of truth?” Grajek asked.
“It’s a major problem on campus,” Roman said. “We see it over and over again. It’s not just about duplication of effort, but about making bad decisions. With bad data, you end up making bad decisions.”
To alleviate the problem, Roman recommends: Create rigorous data governance procedures, ensure that the appropriate people make decisions about data domains, establish a data warehouse so users don’t need to create their own datasets and set clear policies around data access and implemented shared tool kits.
“People often build their own sets of data based on lack of trust,” said Justin Sipher, vice president of libraries and IT at St. Lawrence University, “but when that starts to demonstrate a breakdown because there’s conflicting data, that’s an opportunity to bring it back together.”
IT Must Lead and Manage Change
The final theme on the list reflected concerns around planning and funding. Key among them is the challenge of change management.
“We’re seeing a recognition this year that institutions have realized that this is not change that’s happening in their neighbor’s backyard,” Grajek said. “This is change that’s happening to them. They’re no longer able to keep change as this notion of ‘Our institution is different, and we’re successful, and we can keep on keeping on.’”
When higher education leaders can no longer keep change at a distance, she said, they have to figure out how to lead and manage it. “Everything we’re trying to do now has an element of change,” she said.
For IT leaders, that creates opportunities to shift the way they may be perceived on campus, as less of a “commodity” provider to more of a trusted advisor. In fact, Kenon said, IT’s role on campus has never been more important: “IT is driving just about everything that’s happening on campuses now.”
To stay up to date on all of the news and ideas coming out of EDUCAUSE, follow EdTech's coverage on the EDUCAUSE 2017 conference hub.