The essence of strategy is choosing what not to do, according to Michael Porter, professor and director of the Institute for Strategy and Competitiveness at Harvard Business School. Once considered good advice, Porter’s maxim may be an essential guideline in today’s environment. In the world of higher education information technology, what choices do CIOs have? What can they choose not to do?
The choice not to duplicate what is done well elsewhere. Sometimes the greatest expertise exists outside our institutions. The University of Virginia, for example, chose to pursue a partnership with a commercial provider rather than continue to staff help desk support internally. As Michael R. McPherson explains in this issue of EDUCAUSE Review: “Our purpose was to leverage the expertise of a company whose only business is call centers, to achieve 24/7 coverage without a dramatic increase in costs, and to free up the time of some of our best technical and communications staff to work on projects of higher strategic importance.”
Students, staff, and faculty have their own laptops, smartphones, and favorite cloud applications. Providing this infrastructure may no longer be strategic. As Theresa Rowe observes: “Consumerization means that many technology solution decisions will start with end users.” Perhaps the strategic decisions are about how to develop mobile applications, for example. Should each institution develop its own suite of mobile applications, or is there a more efficient way to address mobile needs?
The choice not to operate below scale. As Michael A. Corn observes, cloud computing is an opportunity to benefit from scale. There are also other ways that institutions can profit from economies of scale. CIOs can aggregate demand and encourage price and feature competition among prospective providers, for example, leveraging the scale and influence of the higher education community.
However, big may not be synonymous with at scale. “Even the largest campus data centers are too small to fully exploit economies of scale,” according to Greg Jackson. And of course, scale becomes complicated by control. Jackson continues: “In terms of efficiency, consolidated data centers are clearly good. But by definition, someone else’s infrastructure is less controlled than one’s own.”
The choice not to control but, rather, to collaborate. Although it may be the nature of organizations to try to maintain control, many IT advances —the cloud infrastructure, the growth of wireless services, the expansion of broadband to the home—make control more elusive. Indeed, “controlling” faculty and students may never have been more than an illusion. As the writers in this issue advise, we should focus on how to enable our stakeholders, not control them. Collaboration often trumps control. The Claremont Colleges use a “lead college model,” in which one of the seven colleges acts as the central provider of a service to the others. The colleges collaborate to support each other.
At its core, collaboration requires a shared sense of goals, possibilities, and strategies—and the ability to understand others’ points of view. As Jackson advises, CIOs “must learn to inform and persuade rather than defend and dictate.”
The choice not to assume that providing a service in-house is lower risk than other options. The assumption that outsourcing involves greater risk is being tested with cloud computing. As Corn observes, “I spent years arguing that these cloud services were putting us at risk and that people were just throwing our data into them. Yet, though there are plenty of providers that do a poor job—and this goes to cloud and any sort of outsourcing—the big players have the resources to do it right. We have a really good data center and a really good data center staff, and we have all sorts of security controls in place, but they pale in comparison to what these big providers can do. Because where we may have a dozen people, they may have five hundred.”
Michael P. Pickett reminds us that providers may also have the most at stake: “Extended outages are potentially company-ending events.” Managing risk may mean having the appropriate standards and policies in place. McPherson describes how the University of Virginia has rewritten data-protection standards, shifting focus from where the data are to what the data are and providing clear guidelines for data decision-making and for the protection of highly sensitive data.
The choice not to spread scarce resources too thin. Staff time is a chronically scarce resource. Sourcing strategies may allow institutions to focus that resource on mission-critical activities rather than on generic services. As McPherson suggests, we must ask what those areas are that are “so central to our core teaching and research mission that we prefer to shape the services directly and maintain significant control over our destinies.” Controlling our own destinies may not mean each institution going it alone, however. Many institutions are choosing to work together to leverage expertise, resources, and scale in areas such as learning management, repositories, and research.
Porter’s lesson about choice is an essential one for higher education and information technology. John Bielec summarizes it well: “The CIO’s role must shift to become the institution’s Chief Information Strategist.” The essence of strategy is choosing what not to do. What choices must we make?