CSG Fall 2012 – Future of the IT Organization

Ron Kraemer from Notre Dame and Steve Fleagle from Iowa are leading a workshop on the future of the IT organization – what’s changing in IT and how will it affect us?

Steve starts by talking about drivers of change in higher ed. We live at the intersection between higher ed and IT – there are things that happen on each side that will drive our organizations to change.

IT drivers of change include cloud computing, the consumerization of technology, personal cloud (more than just storage, but the glue that links devices, information, people, and services), identity management, migration from the PC as the most common method of accessing IT, widespread availability and value of large data sets,  high demand for skilled IT staff, business-driven IT, the success of disruptive technology (encouraging innovation), the rate of change will continue to increase. Access to click-stream and other data logs and how and whether to share them will also be interesting. Social network tools are increasingly important.

Higher ed challenges include the growing scrutiny and criticism of higher ed, financial pressures, growing enrollments, increased competition for research funding, likely market disruptions, and other challenges including a culture averse to change. Startups don’t have the same constraints, and are starting to receive funding from venture capitalists and some states. Students are flocking to these alternatives and some faculty are starting their own companies in this space. Some universities are responding (e.g. Coursera and edX), but alternatives are gaining traction – StraighterLine, Western Governors University, Excelsior College, Udacity. What happens when universities start accepting transfer credits from StraighterLine or MOOCs, or employers start taking those credits in place of degrees? There are emerging corporate universities that are training employees. Greg notes that higher education isn’t just one sector, it’s multiple sectors – community colleges are different from universities.

Ron Kraemer notes that states are decreasing their funding for higher education, but want their influence to increase. The difference in private institutions is that funds come from the benefactors that support us – they want influence too, but they bring resources along with it.

What Ron thinks about: Am I burning up my staff? Are we as efficient as we can be? Can we maintain quality as we are spread more thinly? Are we taking enough time for professional development? Does the current organization structure meet our needs? – for how long? How can we create a more comprehensive view outside IT? Why do most outside IT think this is easy?

Several folks note that our needed skill sets are changing and we need more skills in procurement, contracts, and business analysis.

One comment is about how computer science departments aren’t training people for our industry – where are the new people going to come from?

Mairead Martin is leading off a series or presentations on organizations. She asks to what extent do our organizational structures allow us to respond to change?  Traditionally stability and job security brought and kept people in our organizations – that’s no longer the case. Process management has become big – project management, ITSM, etc. It still takes us a long time to recruit and hire people. Investing in staff well-being and organizational resilience is important – how do we help our organizations through tough times? Diversity is an issue too. Kitty notes that our younger staff aren’t necessarily seeking security – they’re far more willing to move on if they’re not getting what they’re looking for. There’s some talk about career ladders and Ron notes that perhaps we shouldn’t have traditional ladders but flatter and flatter structures where the technology contributors can have influence on decision making processes. Shel notes that there’s more job stagnation in higher-ed IT than any other IT organization, which leads to people defending old technologies that are no longer the right ones to champion. Ten years with one skill set is no longer a viable skill set in IT.

Shel Waggener from Internet2 now is talking about cloud services and the impact they are having. At the scale of Google, Amazon, or Microsoft the scale changes how we approach our roles. “This is a tsunami… the potential upside is so big its hard for me to imagine any large research university that wouldn’t want to be involved” – Richard Demillo. Education is scaling similarly.

Our constituents don’t care about our organization. What it’s like today to get it: campus identifies a need, contacts IT, makes a case on why it’s needed, begin requirements process, realize project is bigger and more expense, cut scope, scrape more resources, finally see early prototype, start testing, fix bugs, deploy. Takes months or years to do that. What they really want from IT – the magic iPhone app! – Google idea to find app, install on device, start using new app – takes minutes. You can’t download an enterprise app, but what is an enterprise app now? An aggregation of many of those small apps.

We were too slow to adapt individually – we don’t have the time anymore. We have to find ways to work together to influence vendors. Our current organizations aren’t adequate to make this change. We have to find a way to involve our staff in the business changes that are happening in our institutions. In the past you could stop procurements of new waves of technologies – they are going to get steamrolled by the wave.

Major investment is flowing into cloud services for commercial offerings that can be adapted to higher ed use. 70% of higher ed IT spend is on people. The only leverage you get from Moore’s law is on the 30% left.

Shel outlines the Net+ process of aggregating demand for cloud services.

Sharif from Notre Dame is talking about the Cloud Compromise. He uses Box as an example – it doesn’t handle groups well. What kind of compromises are we willing to take to use cloud services? Another example – Notre Dame turned on Google Sites for everyone – started getting errors when people started uploading content into Sites. Found out from Google that there was an undocumented limit to uploads for an enterprise into Sites. Google raised the limit for Notre Dame, but is that good enough? A comment is that we should get used to things not being perfect. Options – Wait and watch and see if the problem recurs or intentionally fill up a site until it hits the limit to make the point or pay Google for better service. Bruce notes that different providers respond to different pressure points – perhaps we can find the way to collectively stuff the ballot box with specific vendors. There’s an observation that we can influence smaller vendors but not the larger ones like Google.


CSG Fall 2012 – Global hiring, staffing, and procurement

Steve Huth from Carnegie Mellon is talking about this topic.

Want to think about the nature of staff you’re sending over. They need to be adaptable. Think “Start Up” rather than a mature organization. Are your staff prepared for that? In one of the locations the guy building out the network and servers also helped put in the automatic gate openers. Some of the best staff had never travelled internationally – don’t want to miss out on a good prospect because they don’t meet your mental model.

Is your organization ready to do this? We deal with a lot of process and constraints built up over a lot of time – in these situations what you might need is a bag of cash in the souk – will drive procurement folks crazy.

Need people who are capable of interacting with the ambassador or the government – a lot of non-technical skills.

Dealing in a global environment offset by a fair amount of time. Even the work week might differ. Maintaining communications takes a lot of flexibility. Technology can help, but nothing takes the place of people going and having the remote people come back. Censorship can be a big deal in some of these countries. If we’re dealing with academic materials, they come in ok, but when you’re dealing with staff their materials may not. Share the good and bad parts.

People need more help than they would on a business trip to navigate in these new societies. Find local people who can help with things like getting health care set up, or if you’re in a car accident. Need to understand the culture when you’re doing business. Odd sorts of situations that won’t resolve in any meaningful way in any meaningful amount of time.

Things happen back home that global staff will have a hard time dealing with. Can be a high personal cost – if something needs to happen quickly you need to be prepared to get people on a plane so they can get home to deal with emergencies.

International assignments provide an unparalleled opportunity for growth and development. CMU worked on an international work assignment program – have people submit ideas for work at international locations. Gets people thinking about the campus globally.

CSG Fall 2012 – Global IT Services & Environments

Bob Johnson from Duke is introducing the Global Networking panel – we’re all faced with the same networking issues. Bandwidth availability, political restrictions, latency, jitter. Asia Pacific activities underway – Duke has a medical school in Singapore, building a million square foot campus in Shanghai, NYU has presence in Shanghai, Chicago has a presence in Singapore and Beijing. NYU is opening a presence in Sidney.

Working on building an International Network Exchange Point and Co-location site.  – provide common point for connection of regional R&E networks. Benefits are cost savings, building on R&E networks instead of leased lines to the US. Co-lo space is just cost sharing. Having a neutral location for data storage, hosting computer services (lower latency).

Where to put this? Reviewed three sites. The best ended up being TATA in Singapore.

Dale from Internet2 goes over the process and the support services required. There will be a telepresence and HD video exchange under the Internet2 Commons. Network Performance monitoring will be available.  Multiple functions for this facility: Co-location (initially capable of 10 racks, which can grow); Layer 3 capability; an instance of an Advance Layer 2 Services exchange – support OpenFlow, SDN, Dynamic Layer 2 circuits; Exchange will operate as a GLIF Open Lightpath Exchange; Essentially policy free – if you can get a circuit in and pay the fees, you’re welcome.

Some sites might bring in their own address space and router, others might use shared space. 1 Gb physical link to commodity Internet. Initially provision 200 meg on 1 gig circuit (with some burst capabilities). 1 Gb link to global switching building for peering – TEIN3, Gloriad (which ends up in Seattle). 1 gig link to Hong Kong light to meet CERNET and CSTnet.

Timelines: Sept 14 Tat agreements to be signed and in place and equipment ordered; Nov 1 – equipment delivered to Singapore; Dec 15- everything in place to beging testing; Jan 1 – fully operational.

Kitty – what’s worked and what hasn’t?

NYU has been testing, focusing on latency and user experience – acceptable, tolerable, or frustrating.

Common issues – network bandwidth, amount and does it match contracted bandwidth? Response times are highly variable, Some apps aren’t tuned for latency. Latencies range from around 80 ms to over 300 ms depending on sites. Focused on two forms of testing/monitoring – latency simulator and actual testing from different locations. Implemented a tool to understand user experience for web-based applications.

Implemented a long distance performance simulatore to create profiles. Implemented a tool call TrueSight that’s a Web App performance tool – allows clear understanding of what happens in a web app. An appliance connected to the F5 Span port – captures all the traffic and analyzes. Performance metrics of http and https web traffic. Able to track usage over time then drill down into specific sessions. Service leads get daily or weekly reports. Anonymized data being moved to data warehouse for trend analysis.

Remediation – optimizing webpages, applications; tuning network; WAN acceleration

It’s hard for app builders and owners to think of applications this way. Network folks haven’t really understood how applications perform on networks. Most app builders assume their users are on the LAN, not across the world.

Aspire to do testing before going live, setting watch points on end-user app tool to watch how performance is doing. Working with cloud vendors on how they test instances before selecting.

[CSG Winter 2011] Higher ed from both sides now

Greg Jackson (Educause)

Collaboration – we don’t do it very well across our organization.
– We sign NDAs for No Benefit
– We let vendors pick us off
– We keep our cake (we hold on to resources we really should be sharing)

Battles – we fight those we can’t win. Prevalence will sometimes win out over quality.
– Google is going to win
– The CFO is going to win
– Verizon/AT&T/Sprint are going to win
– Oracle is going to win – not everything, but everything it cares about
We don’t engage very well if we characterize them as evil

– Being different from peers isn’t the same as being ahead of peers. No competitive advantage to how we use IT at our institutions.
– Being ahead of peers isn’t the same as winning.
– Distinctiveness yields value, but it also consumes it
– It doesn’t matter what computer you use, because standardization has largely been achieved
– When standardization fails, idiosyncrasy accelerates

Tracy notes that we’re different because our environments demand us to be.
Greg – we don’t want to aspire to mediocrity. We shouldn’t innovate in different directions just for the sake of different directions.

– We reject cost accounting
– We prefer tactics to strategies
– We send good money after bad
– We prefer right to timely
– We eat (or alienate) our seed corn
– We mistake users for customers

– We squabble (especially in public)
– We waste too much time on governance
– We spread ourselves too thinly
– We obsess

[CSG Winter 2011] Time to de-localize?

This discussion, led by Sally Jackson (Illinois), was a lot more interesting than is captured here, but I’ll share what I’ve got:

Overall tendency of IT has been to amplify the ability of faculty and students to reach across great distances, socially, politically, and physically. Our support structures have not adjusted to this reality.

de-localize – invites an association with globalization, but that’s not entirely what she had in mind.

Services from different providers, virtual teams, support for people who rely on many people other than just us.

Shel – localization is no longer necessary for personalization – it’s easy to tailor environments that aren’t provided locally.

Most of us have divided support structures – large core at the center, surrounded by a community of IT professionals attached to labs, colleges, centers. At Illinois, about a third of support staff are in the center, two-thirds in the units. That’s true of all the CIC except Indiana.

All of our end users are now wandering horizontally. Every day is a sequence of small but irritating hurdles to jump. We’d like to be able to eliminate those little irritations. Extra credentials are a real problem – at Illinois they need all new credentials to report on conversations with vendors.

Kitty – individual units have sets of services that work great within their silos, but for people who want to engage outside that silo it gets confused.

Barbara – as a faculty member she has control of her desktop, but as a member of the provost’s office she has to use the locked down image.

Bill – there’s a lot of power in the local tribes across the institution. Greg – tribes are no longer geographically defined. Even within local physical communities, people interact with those they choose, not necessarily those that are in physical proximity.

Shel – any given solution will be an aggregation of pieces from multiple providers. “Central” doesn’t mean what it used to – it’s about being dynamic.

Good support gets attached as a node in a personal network. Great support helps to build this unbounded personal network.

Can we build a curriculum for training great support staff? Add a layer of socio-technical competence to the pure tech. competence.
– Treat people equally and involve them no matter what organization they’re part of.
– Collaborative problem based learning infused into all projects and studies.
– Problems requiring virtual teams.
– Network-building activities.
– New professional career tracks focused on connector skills.

Treat each faculty member as the center of an unbounded network of social and technical resources.

Shel – there’s also a product management role, which Sally characterizes as a level of context awareness.

[CSG] Unified Communications Workshop – part 3

Duke Telepresence –

View of the big screens at the front of the Duke Fuqua telepresence classroom
Duke Fuqua telepresence classroom
the view the presenter has in the Duke Fuqua telepresence room
The presenter's view

Fuqua’s (Duke business school) been doing telepresence for over a decade. Challenge was to find a room that would accommodate 90 people. Room opened in 2008, seats 140, and there was some thinking about telepresence as it was designed. About 1/3 of the schools in the room have Cisco telepresence.

They wanted a 3-screen system and everyone in the room to be able to see the remote presenters well. Wanted the local presenter to be able to see the remote participants without turning around.

Camera system in the room – standard is the 3 camera mount under the big screen array – shoots the room in 3rds. On either side are two pan-tilt-zoom cameras. There are 70-something microphones around the room – press and hold to talk. As you speak, camera on your half of the room pans and tilts to show you, and one of the screen shows you. There’s also a camera that shows the local presenter – follows the actions of the person at the front of the room, replacing the image on the center screen.

People are getting used to using the room. Haven’t had any regular classes using the resources, so continuously getting faculty up to speed. People are learning, and will be able to use it themselves.

Harvard has 12 CTS 1200 and 1300 units on campus. Installed a 60-seat classroom in a local high school that’s connected to Harvard. Averaging 25-40 hours a week on the units, with peaks up to 60 hrs. Majority of calls are interop with h.323 conferences. Done mobile interop with Mobi (Tandberg). Added interactive presentation capabilities. Working on FaceTime and Skype tie-ins. Looking at backside integration with WebEx and other collaboration tools.

Duke is creating a smaller version of the three screen room to talk to a remote site for the School of the Environment.

Lots of high schools are adopting this technology. Smithsonian has four units that are now online.

Haven’t done any QOS on network – works ok over the R&E networks across to China.

Harvard has integrated with Exchange. Users can use it with one button, unless they have to do h.323 interop, which requires some intervention.

Eventually you’ll see all the Tandberg gear integrated with Cisco’s call manager.

[CSG Winter 2011] Unified Communications Workshop – part 2

Jim Jolkl – UVA Voice Replacement Project

They’ll supply a phone device for those that ask for them – phones are cheap compared to support calls for softphones.

Need to take on moving academic areas, and hospital and clinics.
~ 20k lines remaining

People tell them that keeping their email working is more important the their telephone.
Budgets are impossibly tight

Call centers, emergency calling, are important. Some parts of universities are very phone-centric (hospitals and clinics among them).

Vendor types:
– Traditional PBX (Avaya, Cisco, Siemens) – don’t save much money, but you get modern services
– Centrex – voice from local phone company. Not low cost
– Carrier products moving to enterprise (Broadsoft, MetaSwitch) – good core services at reasonable cost.
– Open Source efforts (Asterisk, Nortel SCS, sipXecs & Ezuce)
– New entries (Microsoft OCS/Lync)

Talked to Skype, but they’re not interesting in importing current sets of numbers. They don’t want to become a regulated carrier.

Are we at an industry shift point yet?
– Are the more discruptive players “there” yet? (technology, reiliability, features)?
– are they far enough along to influence the type of contract terms we get?

Key RFP focus areas
Cost reduction – Most users do not need 5-9s reliability, but many still do. Be able to implement different levels of reliability at different costs.

Enhance user productivity – end user call control, mobile integration

Provide high-end services where needed

Be open to use of multiple products

RFP: http://www.procurement.virginia.edu/pagerfp
responses are in, presentations being scheduled

Thoughts – where does OCS/Lync server fit in? Soft client support; audio issues, etc; Focus on a shorter planning horizon; cellular coverage, wifi integration

[CSG Winter 2011] Unified Communications Workshop – part 1.

Mike Pickett (Brown)

What is UC?

Multiple devices, platforms, time-span, products
Will affect workflow, ability to integrate with lots of devices
“UC is integration of real-time and non-real-time devices across platforms”
Brown engaged – WTC Consulting – Phil Beilman

Why care? Allows business process integration, to simplify and integrate all forms of communications to optimize business processes, reduce the response time, manage flows.

Survey Results – 2 campuses are on the way to eliminating desktop phones.
Illinois – have about 18 months to go.

Bill Clebsch – at Stanford they’re finding that people think they want the soft phone, but after two or three days of using it they find they don’t.

Iowa – deployed OCS for presence and IM across campus, and people like it. 150 people on OCS voice, paired with unified messaging. UM has been the killer app.

Greg J – 4 dimensions to communications we need to unify – voice, text (becoming one), documents, video. Many-to-many video is a big unsolved problem. We’re not going to control any of these, so moving towards understanding how to move forward with these in ways that allow people to collaborate is important.

Shel asks “can we embrace mediocrity at the institutional level, because the innovation is going to happen around us?”

Tom Barton – thinking about the global use as we extend our campuses is important.

Klara – How far do we go in supporting mobility in the hospitals?

Jim Phelps – thinking about how we migrate the store of rich streams as systems transition is important.

Ken Klingenstein – there’s a level of indirection we can provide in this space, and that is our business.

Two Expert Views:

Vern Elliot – Gartner
– cellular providers don’t take direction from universities, they take it from 16 year olds
– it’s all about the network
– Big driver – things are moving to commodity hw, TCIP-IP
– h.323 is becoming dominant
– communications are becoming integrated with apps
– sonsumerization
– on demand, cloud-based
– desk phone will have a diminishing role for at least 10 years.
– don’t get tied into a single vendor – not a good time to make a big bet if you can avoid it
– need a vision / strategy to resolve organizational issues over 3-5 years.
– cell phones are leading the convergence
– Google doesn’t have an enterprise approach yet
– MS Lync option is getting pretty impressive

WTC – Phillip Beitleman
– Reinvest in wire as you adopt a wireless strategy
– Harden the entire network – most eggs will be in this basket
– carrier neutral distributed antenna systems
– figure out actual costs across all IT services so funding can be mapped
– put together formal, structured plans across technology map and across multiple years – identify future funding strategies
– take longer planning cycles – 10 years for infrastructure
– don’t throw things away
UC doesn’t usually end up saving money in the near term because of complexity.
– rate models need to evolve to include telephony, network, and IT services
– WiMax as lost the battle – LTE will win

Directories are important.

Charlie – we only need phone numbers because of the legacy systems. If we all had SIP systems we’d use our network IDs.

Klara – voice is an immediate mode of communication (just one step down from video), and there will always be a role for it. Different population segments communicate differently, and we will have to support all of them.

Elazar – let’s move the risk of technology changes from us to the carriers.

Shel – if we endorse a solution, then we need to be the advocate for our users with that service.

Andy – people want a number as an enterprise identity. The carriers have ways to have multiple numbers on a single device – UMich is doing this in a pilot, where they put a UMich number on people’s individual cell phones.

Bill – Want some people to reach you by your institutional identity. We have three separate identities now – a network ID, an email address, and a phone number. Can we go to one? Security of research information is very important – how do we protect that? Only we can answer those questions.

Tracy – some of the reasons people don’t want to give up their devices aren’t yet supported in the new models. Where will people forgive convenience for mobility, and where not? When we think about remote locations, we need higher fidelity and bandwidth – will we find mobile ways for that?

Ken – metadata is (as always) important – where’s the metadata that says what was in that videoconference? Where’s integrated search?

Shel – we’re in a purgatory period – most voice mail just says “hi it’s me – call me.”

[CSG Winter 2011] InCommon Silver

InCommon Silver is an Identity Assurance Program. Requires a set of infrastructure requirements around eight assessment areas. Three general categories of requirements:
1. Documentation of policies and procedures and standard operating practices
2. Strength of authentication and authorization

CIC CIOs provide strong exec. sponsorship.
The CIC universities will implement Silver to support LoA 2 by Fall 2011

CIC co-leads – Renee Shuey (Penn State), Tom Barton (Chicago).

Michigan State – goals were to enable collaboration, so needed to build trust with external partners and can facilitate access to services. Initial challenges revolved around interpreting the Bronze/Silver Identity Assurance Profile (IAP) – luckily friends in CIC helped decode it – it’s got very complex ideas. Password policies didn’t map – were too simple. Sorely lacking: documentation, policy. Who to provide this for? Try to pare down scope. What’s the killer app? Has yet to rear its head – most likely to come out of NIH. Argument has been let’s try to be proactive and be prepared before it becomes a requirement.

Approach – work with other institutions, partner with campus stakeholders, identify a subset of users (likely research faculty), leverage ID office (verification process, credentialing). Investigating second credential (certs) through iClass ID Cards – might do that rather than strengthen passwords on first credential.

Mary Dunker – VA Tech

REwind to CSG, Jan 2010
– Developing levels of assurance for personal digital IDs at Tech.
– Developing method for determining LofA.
– Developing tech for authenticating at LofA
– Aware that InCommon Silver was “out there”, but was going down road towards NIST certification.

– Established standard for personal digital identity levels of assurance
– CAS recognizes LoA of authentication credential
– CAS front-ends SHibboleth
– ox-officio member of CIC Sliver Project planning group.

Where they’re going
– achieve InCommon Silver with personal digital certs on a usb token. Later possibilities – VASCO digipass one-time password devices. Soft certs (require infrastructure changes, developments of new UI).

Remaining tasks – Wait for Silver to be finalized, ensure compliance with silver – may require chante to record (and encrypt) DL or passport number. Ensure that CS checks revocation list for certs. Reuest audit. Apply for silver.

Iowa (Chris Pruess)

Silver thinking – Project doesn’t stand in isolation. Identity service served central academic space, but not hospital. Brought hospital into space starting in 2000. Current Authentication Focus – Active Directory Assessment – Can it provide required level of authentication strength to meet Silver? Have strong Project Mgmt discipline in IT org. Leveraging other projects – campus ID card (id proofing improvements – brought hospital badging requirement in also), revision of enterprise password policy (established framework for multiple strength passwords).

Tom notes that while the initial use cases for Silver are for smaller specialized populations (NIH apps, TeraGrid) we should be ready for the larger cases coming – e.g. TIAA/CREF, financial aid, etc. Chicago wants to get to Silver using existing user name/password credentials. Requires a bunch of work on things like how passwords are stored and managed.

RL Bob Morgan – Refining Silver.
We were working on feds E-Auth requirements, but then they phased that out and started ICAM.

Need to change based on feedback – it it’s that hard for Va Tech, that’s a problem. It has to work for everyone. Needs to be as simple to understand and implement as it can be while still dealing with federal requirements. People read every word. Watch out for “must”. Remove most requirements not referenced by ICAM TFPAP. Exception is some other potential Silver consumers such as TeraGrid/IGTF.

Business, Policy, and Operational Factors is the primary section where elements have been removed. Audits and Auditors – Recognize need for shared risk between InCommon and campuses, propose an Assurance Review Board, Role of Auditors: confirm management assertions, not guarantee IA conformance. Reduce number and fequency of audits. Tom notes that they’re working with ACUA (the association of college and university auditors) towards guidelines on how to audit identity management. Matt notes that working with the auditor before setting down this path is a very good idea.

IAM functional model – flesh out enterprise scenario, vs dedicated IdP – et multiple apps, RAs, password stores. Streamline terms. Define terms in context.

Registration and proofing – clarify some concepts – existing relationship, identity information (e.g. meaning of “address of record”).

Kevin Morooney – It’s important – You should care. Two perspectives

Campus CIO –

4 basic principles/observations
– We want more. always
– They said it couldn’t be done, but we did it
– If your best friend jumped off a bridge….
– We are playing our part in an epic battle.

The importance of Trust increases with transactional importance – from affinity cards, through credit cards, driver licenses, passports, social security card, birth certificate.

Principle: OVer time we want to do higher stakes transactions online. True within campus, and off campus, between campuses, etc. Klara’s point – we’ve been doing it all along for quite some time. The value of doing silver is already paying off.

Principle: eduPerson, authentication, authorization. Each of these was a hard effort, but we’ve made a lot of progress. Every step along the way there were naysayers – they weren’t right. But they could have been. NIH is taking this trust fabric idea very seriously.

Principle: Others with whom we do business are heading in the same directions, for incredibly similar reasons.

An epic battle is being waged – Popularity vs. Truth. Our institutions are largely in the business of getting it right – what we’re constantly up again is popular knowledge that hasn’t been vetted. Getting trust right is a part of truth. Changing scholarship models will require making strong assertions about our people.

A late addition – big companies have contacted Kevin about learning how we’ve done identity management – because we’ve been dealing with the chaos that they’re just beginning to experience.

InCommon guy –

Principle – it’s about community. InCommon maturation – size and shape of the org are changing. Lot of dialog about wanting InCommon to play more of a role – community asking it to do things.

Principle- Silver is one of many things that supports the theme of the future – ever increasing trust.

InCommon’s success is dependent on what we do on our campuses.

[CSG Winter 2011] IT Alignment, efficiency, strategy and governance, part 2

Mike Pickett is talking about Governance Audit &
Centralization/Decentralization. Why did they want a governance audit?
They didn’t ask for it – it’s starting to be a buzz topic among audit
departments at universities nationally. Maybe it’s a way to help
thinking about the maturity of the organization – you can treat the
lack of planning and maturity as a risk to the institution.

Audit was conducted June – Sept 2010. Talked to wide range of people
in virtually every part of the university, including the senior

Goals – Assessment of IT governance processes and key IT risks and
controls – spent about an equal amount of time looking at both. Used
COBIT to assess and benchmark quality of processes. Provide detailed
recommendations for improvements; provide a proposed action plan;
Provide estimated investment; provide strategic input

In talking about lack of IT funding as a risk, need to phrase it in
ways that make sense in a setting where nobody has adequate funding.
Probably needs to be communicated in terms of not being funded at an
adequate level to enable the academic goals of Brown.

Opportunity risks – what are the things that would prevent Brown from
being the institution it wants to be? e.g. what infrastructure is
needed to support growth in continuing education?

The report is recommending that the board of trustees have some
oversight of strategic technology investments.

There’s a question about whether we’re doing something wrong by not
persuading institutional leadership that technology is of enough
strategic importance, so that we’re seen as a cost center rather than
a strategic partner. Joel notes that it’s a challenge to have the
conversations about using technology to help research and teaching get
better. Tracy says that in industry oftentimes the CIO has come up
through the ranks within the business, which is less true in our
institutions. Building credibility with faculty and researchers then
becomes critically important.

Recommended reading: IT
Governance, Weill & Ross, 2004 HBS Press

Chuck Powell – Yale has drafted an institutional IT strategic plan. Grew out of a realization that the IT organization was too technical and not aligned with the institution. Had a strategic planning process, gathering input from a wide variety of sources. Created an ITS Relationship Management – like senior client account reps in corporate world. Aligned with strategic clients. Strong alignment with their strategic issues – mainly there to make sure that the latest great idea is captured, understood, and potentially funded. These are full-time roles for senior people, each of whom has a team of between 5-10 people. Sounds to me like they pulled the people who do requirements gathering and project definition and management across the organization and assigned them to work with specific units – like the people who used to do that for the student system are now assigned as relationship managers with academic administration. All projects over $250k must go through the process, and there is architectural and regulatory/compliance checks of smaller projects if they have large impacts.