Top-Ten IT Issues, 2006

© 2006 Barbara I. Dewey, Peter B. DeBlois, and the 2006 EDUCAUSE Current Issues Committee

EDUCAUSE Review, vol. 41, no. 3 (May/June 2006): 58–79.

Is the issue of IT funding still the top concern for technology leaders in higher education today? Are security and identity management requirements continuing to rise in importance? Or were CIOs distracted by and preoccupied with the natural disasters of 2005? The seventh annual EDUCAUSE Current Issues Survey has the answers. Administered by the EDUCAUSE Current Issues Committee, whose members review and recommend the set of IT issues to be presented each year, the Web-based survey was conducted in December 2005. Survey participants—the primary representatives, typically CIOs, of EDUCAUSE member institutions—were asked to check up to five of thirty-one IT issues in each of four areas: (1) issues that are critical for strategic success; (2) issues that are expected to increase in significance; (3) issues that demand the greatest amount of the campus IT leader’s time; and (4) issues that require the largest expenditures of human and fiscal resources.¹

Complete details and an in-depth analysis of the 2006 Current Issues Survey are published in the Spring 2006 issue of EQ, the EDUCAUSE quarterly journal for IT practitioners. The EQ article presents detailed demographic breakdowns, offers a 2005/2006 comparison of the top-ten issues in all four areas, and places the responses in the context of other organizations’ annual surveys and reports on IT-related trends in higher education.²

This EDUCAUSE Review article focuses on the first area: the top-ten issues that IT leaders identified as the most important for their institutions to resolve for strategic success. For each issue, we offer a definition and a set of questions. The questions are not meant to be exhaustive; they are intended to stimulate thinking and discussion.

But first, how do these results compare to last year’s?³ Three overall findings from this year’s survey are especially notable.

• For the first time ever, Security and Identity Management has topped Funding IT as the number-one IT-related issue in terms of its strategic importance to the institution. Funding IT occupied the top position from 2003 to 2005, but since 2002, the year following the terrorist attacks in the United States, Security and Identity Management has risen steadily in perceived importance: fourth in 2002, third in 2003 and 2004, second in 2005, and now first.
• The devastating hurricane seasons of 2004 and 2005, culminating in Hurricane Katrina in August 2005, prompted nationwide attention in the higher education community to the issue of Disaster Recovery/Business Continuity. This issue was number four in strategic importance this year, after appearing only once before in the top ten (number ten in 2004). Having closely watched what happened at colleges and universities in New Orleans and other devastated areas, and having participated in the hurricane relief efforts mounted by ACE, EDUCAUSE, and other organizations, IT leaders at all kinds and sizes of institutions have come to appreciate the astonishing complexity of trying to maintain or reestablish information and communications services after a disaster. CIOs and their staffs are now scrutinizing their own disaster recovery plans for sufficient depth and detail of readiness. Out of the shared experiences of IT leaders in the hurricane-affected areas, IT leaders throughout higher education have learned new aspects of data and hardware backup, rapid infrastructure rebuilding, alternative Web site hosting, inter-institutional collaboration, application continuity contracts, and on-the-fly project management.
• Enterprise-Level Portals dropped off the list of top-ten IT issues of strategic importance to the institution. This change most likely points to two intersecting dynamics: (1) more vendor-supplied ERP (enterprise resource planning) systems have incorporated a portal solution/module into their products; and (2) whether homegrown or vendor-supplied, information portals for students, faculty, and staff have been implemented at numerous institutions of all types and sizes, with some portals in third- and fourth-generation iterations. Thus this phenomenon has evolved into a service that is being maintained and refined, and CIOs no longer perceive enterprise-level portals to be compelling enough to be listed among the top-ten IT issues.

With most issues either holding their rankings or moving up or down by only one position from 2005 to 2006, the top-ten issues have remained fairly stable. Nonetheless, their natures and dimensions of urgency are constantly in flux, meriting a fresh look with each year’s survey results. Below, the members of the 2006 EDUCAUSE Current Issues Committee describe the top-ten issues that IT leaders say are the most important for their institution to resolve for strategic success.

Current Issue #1: Security and Identity Management

Institutions face a tenuous balance between the need to expand information access and the requirements to protect information assets from unauthorized and inappropriate use. The increased use of electronic information at higher education institutions has resulted in an expanding number of accounts, passwords, and other mechanisms to permit and limit access to these resources. Managing access to this expanding set of resources has itself created overhead and increased the likelihood that access to some of these resources may not be appropriate. At the same time, institutions are witnessing an expanding threat matrix—including viruses, spyware, phishing, rootkits, and deliberate electronic break-ins and data theft—along with intense media scrutiny of security breaches amid an evolving legal and regulatory landscape. Antivirus and other security software will always play an important role in security, but there is no such thing as software that can make an institution secure. In response to these demands, colleges and universities must establish and maintain comprehensive security policies and procedures and enforce these with technologies that support the efficient authentication, authorization, and auditing of information access.

Critical questions for Security and Identity Management include the following:

• How will the institution balance the need for security with the tradition of open networking? Will a more secure environment be viewed as intrusive or controlling?
• Are policies up-to-date and enforceable? Do they reflect institutional priorities and strategies, legal regulations, and best practices? Does the institution maintain an information-security incident-response plan? An organization with a strong security infrastructure supported by policies may be the most secure.
• Do leaders recognize their roles as information stewards? Has the institution developed methods and procedures for classifying, handling, and disseminating information resources? Has the institution assessed its information, data, and services and classified these materials (for example, as public, confidential, or critical)?
• Does the institution have a strategy for managing digital identities? Does the existing system use a centralized repository, synchronization technologies, best practices, and/or open or pre-standard technologies? Does the institution intend to incorporate developing standards? How will it handle noncompliant systems? Has the institution reviewed/changed practices to minimize the risk of identity management problems caused by the inadequate communication of personnel changes?
• Has the institution developed policies and identified or implemented appropriate technologies or partners to support electronic information exchange with external parties? What authentication, authorization, and transmission methods will be used? How will the institution incorporate pending and new standards? Has it engaged all stakeholders in planning and decision-making?
• Is the institution properly responding to regulatory issues such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act? Has the institution taken sufficient measures to comply with these acts and other laws?
• Does the institution maintain a separate funding mechanism for information security? Have the number of security incidents and remedial costs during the past year led to increased funding for staffing and tools? Have these incidents highlighted the risks of underinvesting in security?
• Does the institution have trained staff to undertake the job of security? Is there a chief information security officer or the equivalent to provide the leadership for and a focus on security? If so, do other campus units recognize this role?
• Is the institution actively managing the risk of identity theft and other privacy issues and risks? Has it planned or completed an IT risk assessment to identify and prioritize vulnerable areas and ways to mitigate potential risks? Has the institution assessed and limited the use of Social Security numbers and other identifying data? Has it taken a position on the ownership of identifying data maintained in its systems?
• Are physical security and information security maintained independently? Are security and privacy maintained independently? Is the institution examining the alignment of these functions?
• Does the institution have an information security awareness and training program? Are institutional users aware of and implementing security measures (such as patches, firewalls, and tools or techniques for combating viruses, spyware, and phishing) to protect their systems, data, and identity?
• Does the infrastructure facilitate measures to improve security? Is the institution providing funding to facilitate and support such measures on a campus-wide basis?
• Does the institution have the systems, procedures, and policies in place to automatically push or quickly apply critical updates and patches?
• Has the institution employed multifactor authentication methods? Has it assessed the value and cost of multifactor authentication with respect to individual systems and critical data?
• Does the institution continually review its security policies as if it had not yet developed those policies?

Current Issue #2: Funding IT

For four of the past seven years, respondents to the Current Issues Survey ranked Funding IT as the number-one issue to resolve for the strategic success of their IT organizations and institutions. For the other three years, including this year, the issue was ranked number two. Although state spending on higher education increased during the current fiscal year,⁴ this next year will be a year of "treading water" for most colleges and universities simply because non-IT demands on the budgets of higher education institutions (e.g., substantial increases for utilities) will increase.⁵

What can IT leaders do during times of flat or diminishing higher education budgets when the annual costs for IT resources and services are increasing and there are competing demands for resources? Philip J. Goldstein and Judith Borreson Caruso found that the following four practices facilitate successful IT funding efforts:

• Aligning funding and institutional priorities
• Creating fiscal flexibility to support innovation
• Constructing and facilitating a structured and transparent IT budget process
• Making the CIO a member of the institution's cabinet and budget committee⁶

IT executives who are active and constructive participants in institutional planning and budgeting processes are probably more successful because they have frequent opportunities to discuss the strategic value of IT and realistic ways to fund high-priority IT needs. However, even if an IT executive is not a member of his or her institution's senior leadership team, the IT person can create other opportunities (e.g., an IT steering committee) to interact with stakeholders about the ability of the institution to achieve its strategic goals and objectives through technology.

Being realistic about IT funding when costs are increasing (and budgets are not) means pursuing ways to reduce costs and reallocate savings. Eliminating, reducing, or consolidating services may help. Creating collaborations among colleges and universities for shared services such as disaster recovery is another potentially helpful strategy. A January 2006 article in the Chronicle of Higher Education cited examples of other cost-cutting actions in response to the budget realities of today.⁷ Finally, the EDUCAUSE “IT Funding” Resource Center Web page (http://www.educause.edu/Browse/645?PARENT_ID=132) provides additional advice and insights about dealing with the challenge of funding IT.

Current Issue #3: Administrative/ERP/Information Systems

Nearly 70 percent of all institutions responding to the most recent EDUCAUSE Core Data Service survey reported having implemented or being in the process of implementing an enterprise resource planning (ERP) system.⁸ In addition, the survey shows substantial institutional commitment to other information systems that are not necessarily part of an ERP package, such as Web portals and course management systems.

For the past six years, ERP implementation has remained the top issue in another area covered by the Current Issues Survey: those IT issues requiring the largest expenditures of human and fiscal resources. Projects of this scope might last three years or more and demand large and sustainable investment and commitment by institutional and IT leadership, both throughout and after implementation.

As institutions of higher education increase their focus on systematic approaches to excellence in performance, and as accreditation organizations adopt a continuous quality-improvement philosophy, the effective deployment of ERP systems will remain a strategic priority. The most recent EDUCAUSE Core Data Service survey shows an increase in completed ERP implementations, to nearly 44 percent.⁹ Current and future integration of ERPs and other administrative and management systems will facilitate new trends in knowledge-based decision-making and collaboration among institutions and their constituents.

Critical questions for Administrative/ERP/Information Systems include the following:

• What are the mission-critical factors driving the institution’s position on enterprise systems? What service and process improvements are expected for successful implementation? Are there viable alternatives, such as enhancing existing systems?
• If a decision has been made to implement a new system, could the institution develop one in-house, or should it buy one off the shelf? Given the complexity and maintenance challenges of integrated administrative systems, does “building in-house” remain a viable option, even for large IT divisions? If the institution is purchasing a commercial product, would the IT division customize the product? If the institution is considering a software package of integrated systems, will the functionality of the package expand to accommodate integration of course management systems, portals, smart cards, and so forth?
• Is the institutional leadership committed to the decision and implementation? Will the decision survive changes in leadership and management? Will the implementation include participation by stakeholders from both technical and functional areas? How will their expectations be managed? Does the institution have a solid implementation plan? Does the implementation plan include a communication process to keep all constituencies informed and committed?
• Has the institution resolved data-ownership issues? Has it considered converting and/or archiving years of legacy data? Will the institution need a data warehousing system too?
• Does the new system fit the institution’s technical strategy at the back-end and network levels? Does the system align with preferred data-handling strategies, such as authentication, security, and privacy?
• Will the campus adapt its business processes to the best practices or effective practices configured in the enterprise solution to minimize or avoid customization? Has it identified and documented current processes and desired process improvements? Are the new functional and system requirements realistic? Will the institutional leadership support needed business process changes?
• Has the institution analyzed personnel needs, both in terms of staffing levels and in terms of available technical expertise, for adequate support before, during, and after implementation?
• Does the implementation partner have sufficient higher education experience, seasoned staff, and a proven track record? Has the institution considered or discussed knowledge transfer? Is the partner a leader in addressing the challenges of higher education?
• Does the support plan identify the roles and responsibilities of technical, functional, and user groups? Does it include adequate training for system users before, during, and after implementation?
• Is the institution ready for the upgrades and changes that will occur during the implementation? Does the institution have sustainable resources to improve the system and maintain users’ productivity in the new environment?
• If the implementation is complete, does the institution get more timely and intuitive access to information, especially for strategic planning and decision-making? Have reengineered processes improved operations and increased efficiency? Has the system improved services for students, faculty, staff, and administrators?

Current Issue #4: Disaster Recovery/Business Continuity

For the first time in the history of the EDUCAUSE Current Issues Survey, Disaster Recovery/Business Continuity has been rated as one of the top-five issues facing higher education CIOs. In the aftermath of Hurricanes Katrina and Rita, there is renewed emphasis on business continuity and disaster recovery services for institutional voice, data, and Internet systems. The CIO’s role is to mitigate the risks to the institution’s critical systems by ensuring that an IT disaster recovery and business continuity plan is documented, distributed, and readily available.

The cornerstones to any complete IT disaster recovery and business continuity plan are technology, people, and communications. A comprehensive plan must define the time-critical activities necessary during an emergency response and crisis coordination, as well as the longer-term protocols for business continuity and institutional resumption. This plan is an institutional insurance policy that can require substantial (and ongoing) financial and staffing commitment.

Critical questions for Disaster Recovery/Business Continuity include the following:

• Has the institution conducted a risk-evaluation and business-impact analysis? Has it defined and prioritized mission-critical systems? What must be recovered immediately (within twenty-four hours)? What can wait (and how long)? What work-arounds or alternative processes are acceptable in the near term?
• Has the institution identified a backup or recovery site? Several national vendors provide offsite storage for mission-critical backup tapes and offer remote data centers and temporary office locations. Also, has the institution considered co-sourcing or reciprocal agreements with other regional higher education institutions or nonprofits for facility and equipment use? Finally, has it developed a plan with key hardware vendors to rapidly replace any damaged hardware or communications systems?
• Does the institution have a communications and contact plan? The Internet can be a crucial external communications tool. Has the institution designated and equipped a central command and communications center? Who is the primary spokesperson to respond to questions, and how will information be disseminated externally (openings, closings, temporary locations)?
• Is the institution relying too heavily on wireless? Cellular circuits can quickly become overloaded and unavailable during a regional or national incident. A variety of communication links (Web, cellular, fax, landline, radio, and sticky-note bulletin boards) should be used at the centralized command and communications center. Even when cell phones stop communicating, pencils still work!
• Does the institution have a tracking or check-in system to locate staff, faculty, and students? Who is on the IT Emergency Response Team? How will the institution communicate with them? Are temporary offices, classrooms, or housing facilities needed?
• Finally, has the disaster recovery and business continuity plan been documented and distributed (including hard copies for home and office)? Has it been tested, evaluated, fixed (if needed), and retested? This should be done at least annually, as well as after major system or infrastructure upgrades.

Current Issue #5: Faculty Development, Support, and Training

This year’s survey results indicate the strategic importance of Faculty Development, Support, and Training—which ranked number five, up from number six last year. From 2000 to 2005, this issue was among the top-five strategic concerns for small, medium, and private schools but not for large or public institutions.¹⁰ This year’s survey results were similar except that the issue of faculty development ranked fifth for public institutions as well as private.

The Horizon Report: 2006 Edition identifies several key trends that are influencing the teaching and learning environment, including the pace of change in the development of collaboration tools, interest in individualized computing experiences such as “personal broadcasting,” and the impact of mobile computing technology on potential delivery methods. Additionally, properly addressing intellectual property continues to be a challenge in the instructional technology arena. Among the critical issues identified in the report are the ongoing challenges of managing intellectual property, digital rights, and the digital assets themselves.¹¹

With the new technology offerings and the changes in students’ expectations, IT organizations will undoubtedly continue to face the strategic challenge of making the technologies available, usable, and scalable for faculty and of providing comprehensive faculty support and training.

Critical questions for Faculty Development, Support, and Training include the following:

• How might the institution use newer delivery methods, such as podcasts and wikis, to provide faculty with information that has historically been delivered in more traditional ways?
• Can the institution provide a “digital asset repository” that can be contributed to and shared by faculty?
• How does the institution measure the success of its IT service offerings?
• Can the institution manage its IT organizational units in a way that creates a culture of flexibility in services so that IT can respond effectively and quickly to new opportunities?
• What is the role of the IT organization regarding the integration of new technologies into teaching: driver, supporter, or somewhere in between?
• How does the institution identify the academic programs that are most likely to benefit from particular new technologies?

Current Issue #6: Infrastructure

Managing IT infrastructure in today’s higher education environment requires a careful balancing of cost, manageability, flexibility, stability, security, and performance. Institutions constantly strive to improve communications and services for students, faculty, alumni, staff, friends, and prospective members of the community. Expectations are high, and project delivery schedules become increasingly shorter at the same time that integration and security requirements become more complex. Service-level agreements are a useful tool for establishing expectations and for understanding the requirements of internal customers.

Institutions continue to view technologies as a competitive opportunity requiring the ability to adopt and adapt quickly. IT units must deploy the right combination of hardware, software, and services in a workable information architecture to facilitate access to and organization, storage, and maintenance of strategic information services and resources. As open-source software and tools become better developed and as community support becomes more solid, institutions must evaluate and monitor these applications to determine if and when to consider adoption.

Critical questions for Infrastructure include the following:

• Does the institution have and implement a replacement plan for servers, appliances, network devices, and other hardware? Does it negotiate prepaid or long-term maintenance agreements for hardware where appropriate? Has the institution carefully evaluated both lease and purchase options?
• Does the institution have good monitoring and benchmarking practices? Do network and systems administrators have the tools and training to automate problem detection and notification? Does the institution have end-to-end component and service-level monitoring agents or tools in place? Is it monitoring and managing its network and Internet bandwidth requirements effectively? Does the institution perform trend analyses to assist with capacity and upgrade planning?
• Does the institution have built-in redundancy for the network and critical applications servers? Does it have the necessary test environments for upgrading hardware and software?
• Is the institution effectively managing the explosive requirement for systems and storage to support its growing information architecture? Does it have a plan to deal with the development and growth of more and larger data warehouses, institutional repositories, and digital collections?
• Does the institution have adequate planning, support, and funding to meet the requirements of the research computing environment?
• Does infrastructure planning account for the dynamic pace of policy/security compliance required by laws and projects such as the Communications Assistance for Law Enforcement Act (CALEA) and the VISA Cardholder Information Security Program (CISP)?
• Is the institution effectively meeting the current demand for both wired and wireless connectivity and infrastructure? If VoIP is in its immediate future, does the institution have adequate power and backup power sources in its data closets?
• Is the institution planning and budgeting for “environmental” upgrades? Has it specified the power, generator, UPS, air conditioning, floor space, and fire-suppression requirements for the next three years or other appropriate planning horizon?
• Does the institution have a tested disaster recovery and business continuity plan in place for critical applications? How does the institution determine an acceptable level of risk and the right level of investment?

Current Issue #7: Strategic Planning

Respondents to this year’s Current Issues Survey ranked Strategic Planning below such high-visibility issues as Security and Identity Management and Disaster Recovery/Business Continuity but above Governance, Organization, and Leadership. Strategic planning is a core responsibility of the IT organization. Planning informs and builds confidence in the IT unit’s ability to deliver services and programs to the institution. For most CIOs, strategic planning helps the IT organization forecast needs and look to the future.

A well-articulated and practiced planning process is critical to the success of all major IT projects in the long term. Without a focus on the path to enabling collaboration, communication, and project management, strategic planning efforts will result in faded artifacts stored in a binder on the shelf next to Scott Adams’s The Dilbert Principle. Important questions and issues about the process are used to establish a viable strategic plan and to guide the management of the IT enterprise. Strategic plans must be flexible and vetted to inform campus leaders about the near- and long-term value of IT-type services (e.g., process analysis, change management, or project management). Planning is a critical tool for all CIOs who will be asked to “drive the costs out of IT” while students continue to raise expectations for new services.

Critical questions for Strategic Planning include the following:

• What process models will the IT organization use to develop and vet its strategic planning process?
• Will the IT organization hire consultants, or will it insource strategic planning?
• If consultants will be hired, will the organization use their methods to maintain strategic planning after they leave?
• How will strategic planning inform decision-making: at the cabinet/executive level or at the operational/tactical levels?
• What approaches will the organization use to articulate service or program success (e.g., benchmarks, metrics, service-level agreements)?
• How will a focus on strategic planning be maintained in an organization with varying planning cultures?
• What methods or approaches will IT leaders use to align future-oriented programs and services across the entire organization?

Current Issue #8: Governance, Organization, and Leadership

The issue of Governance, Organization, and Leadership plays a critical role in successfully managing the other nine IT issues. Without strong leadership and a visible role in the institution, the IT organization may end up watching from the sidelines until there is a reason—such as a disaster—for its involvement.

Critical questions for Governance, Organization, and Leadership include the following:

• The question of having “a seat at the table” inevitably occurs as part of the discussion of IT and institutional structure and relationships. Regardless of where the CIO reports, she or he should be an important player in the institution. Does the CIO regularly communicate with academic and administrative leaders? Does the CIO periodically meet with the provost and academic deans or attend department chair or faculty meetings? Does the CIO interact with the faculty or academic senate by attending meetings to discuss current projects and direction? What is the relationship between the CIO and upper- and mid-level managers of the institution? Building strong relationships and good communication across the institution builds both visibility and credibility.
• As the president of one university is fond of saying, “You have to make the main thing, the main thing.” This advice is particularly important for the role of IT in the institution. Can the CIO succinctly articulate the institution’s vision, mission, and goals? Is every member of the IT staff aware of these institutional foci? Was the IT strategic plan engineered to support the goals of the institutional plan? How can the CIO ensure that all IT staff will understand their roles in the accomplishment of institutional priorities?
• Measuring the effectiveness of IT functions is a critical role of the CIO. Has the IT organization developed benchmarks? Do the IT benchmarks reflect expected outcomes for meeting key goals of the IT strategic plan? Do the IT benchmarks include both immediate and longer-term performance expectations? Are they realistic and reachable?
• IT advisory structures are designed to achieve synergies among interested constituent groups. How well does the IT advisory structure work? Is there sufficient faculty involvement? Is the charge of each subcommittee well-defined? Do central IT staff and those from other units collaborate for the good of the institution?
• The development of future IT leaders must be done with a purpose, not left to chance. Is there a mechanism for identifying talented staff as potential leaders, mentoring them, and providing them with opportunities to grow?
• As technology continues to evolve, new generations of students and faculty will have growing expectations for the delivery of anytime, anywhere, always-on, and—oh, by the way—secure services. How can the IT organization be structured so that it is nimble enough to anticipate and respond to these changing needs? Traditional IT organizations tend to be dedicated to either academic or administrative computing activities. Although this distinction may still exist in some organizations, those lines are blurring, and a number of broad service areas now span all users of technology. In particular, telecommunications and security provide the underpinnings for the entire information environment. Is the institution rethinking legacy organizational structures in favor of structures that will function better in the emerging world of collaboration, integration, and digitization?

Current Issue #9: E-Learning/Distributed Teaching and Learning

Increasing numbers of postsecondary schools are taking advantage of the wide range of computing and communications technologies that provide learning opportunities far beyond the time and place constraints of the traditional classroom. E-learning has emerged from its beginnings as an add-on to traditional education and has now become a mission-critical component of the educational environment.

Critical questions for E-Learning/Distributed Teaching and Learning include the following:

• How will the changing demographics of college and university students affect the delivery of education? How will e-learning respond to the integration of higher education, training, and work? Where will e-learning fit in the institution’s attempt to expand its outreach to new populations?
• How does the e-learning environment influence learning? What changes in the delivery of e-learning must be made to address science lab courses? How can the institution ensure that students learn through e-learning simulations the same material they have traditionally learned in laboratories?
• How can the institution use e-learning courses to address different learning styles? What new or different ways of learning can e-learning provide that are fundamentally unlike traditional methods? How can the institution ensure that online courses integrate accessible technology into their designs?
• How can e-learning be used to improve the quality of student learning, and how can the institution measure the effectiveness of e-learning? How can the institution build an assessment model for a variety of e-learning experiences, including on and off campus, fully online, and blended courses? How can it ensure that students remain engaged in an e-learning environment?
• What is the impact on attendance in hybrid courses when faculty post downloadable course materials on the Internet?
• What support services are needed to assist faculty in identifying or developing high-quality materials for an e-learning environment? How can the institution help faculty determine when and how to integrate new technologies into the educational experience? How should it reward faculty for the additional time and effort needed to develop e-learning experiences? Should faculty be required to change their teaching styles based on how students want to learn? How should the institution address the diverse technical competencies of faculty?
• What impact does e-learning have on the cost of education to both the institution and the individual, and how can institutions leverage e-learning to reduce the rising cost of education in spite of the rising cost of technology? How does the institution promote and coordinate e-learning environments?

Current Issue #10: Web Systems and Services

A Web service is “a software system designed to support interoperable machine-to-machine interaction over a network.”¹² Web services are a specific type of Service-Oriented Architecture (SOA), using one or more of the standards-based technologies—for example, SOAP (Simple Object Access Protocol), WSDL (Web Services Description Language), or UDDI (Universal Description, Discovery, and Integration). Web services represent a second-generation use of the Web, automatically linking applications to applications. The ultimate vision is faster implementation and reduced maintenance costs through the use of reusable components from multiple providers, plus improved convenience and satisfaction for the end-user.

The Web services most commonly implemented today include integration with established internal applications and with existing external partners, security, Web content management, personalization, payment and billing, and order fulfillment.¹³ Access to silo data is a driving need. Amazon.com's shopping-cart system, eBay's bidding system, Google Maps, and the FedEx tracking system are exemplary examples of Web services. Most important, they demonstrate organizational agility evidenced by fast response to customers’ needs and expectations. These businesses are directly driving the personal and academic expectations of students, faculty, and staff. The higher education sector, trailing the commercial sector in Web services implementation,¹⁴ is being challenged to meet these expectations.

Critical questions for Web Systems and Services include the following:

• What is the impact on IT planning of the increasingly blurred lines between infrastructure and applications? What does the resulting fusion of business and IT strategies mean for strategic planning, IT management, IT governance, and institutional effectiveness?
• Which new Web services and technologies will have significant impact in the higher education environment?
• Which small-scale, low-risk projects could serve as a proving and training ground, especially relevant in light of Gartner's prediction that Web services for administrative applications in higher education are heading toward the "Trough of Disillusionment"?¹⁵ (The "Trough of Disillusionment" follows problems with early implementations in the midst of overinflated expectations.)
• What impact will a large inventory of Web services have on the campus infrastructure?
• Will Web services facilitate a shift from “leading with technology” to “leading with business processes”? How will IT develop business process integration skills among staff?
• Where can Web services best encourage business process changes that will be transformative for the institution? What is the role of the CIO in institutional transformation?
• What implications does "software-as-a-service" have for higher education?
• Where can Web services provide new value to students, faculty, and staff, moving beyond wrapping legacy applications?
• What governance mechanisms need to be in place to guide and manage Web services implementation, foster reuse, and avoid duplication of services? What governance processes will facilitate a higher level of IT and client collaboration?
• Amazon.com's "shopping cart" and eBay's "provider-consumer matching" models may have applicability beyond commercial retail channels. Which commercial Web services models are applicable to higher education?
• Which security defenses will be effective in protecting Web services?
• Which technologies are needed to allow for the provision and consumption of Web services? For example, which technologies are required for RSS feeds?

Summary

The most dramatic trend in the Current Issues Survey since last year is the emergence of Disaster Recovery/Business Continuity. The question that next year’s survey will help answer is whether the appearance and elevation of Disaster Recovery/Business Continuity in 2006 is a one-year “wonder.” If the issue drops down or entirely out of the top-ten list for 2007, we might broadly infer that institutions have been able to tighten disaster plans and to establish collaborative/contractual business continuity relationships. Of course, the issue may well remain a major concern for institutions whose disaster recovery will continue for years after the public attention fades.

The elevation of Security and Identity Management to the number-one spot among the top-ten IT issues caps a steady four-year rise. Whether it retains this ranking will depend on its perceived importance relative to Funding IT and Administrative/ERP/Information Systems, which have dominated the top-two positions in the last six years. A related challenge that the Current Issues Committee has wrestled with in the past two years is whether Security and Identity Management should be split into two distinct issues. The EDUCAUSE Identity Management Services Program (http://www.educause.edu/imsp), launched in 2005, is just one measure of the complexity and attention that this aspect of the issue has engendered.¹⁶

Hopefully, the 2006 Current Issues Survey will contribute to a better understanding of the broad context of IT-related issues and will foster college and university leaders’ recognition that these issues are challenges not just for individual campuses but for higher education as a whole and as a community.

1. Of the 1,708 EDUCAUSE primary member representatives who received an e-mail invitation to complete the 2005 Web-based Current Issues Survey, 628 (37%) responded.

2. Barbara I. Dewey, Peter B. DeBlois, and the 2006 EDUCAUSE Current Issues Committee, “Current IT Issues Survey Report, 2006,” EQ: EDUCAUSE Quarterly, vol. 29, no. 2 (2006), http://www.educause.edu/eq/eqm06/eqm0622.asp. Links to the six previous Current Issues Survey articles and related resources can be found at http://www.educause.edu/CurrentIssues/875.

3. See Leslie Maltz, Peter B. DeBlois, and the 2005 EDUCAUSE Current Issues Committee, “Top-Ten IT Issues, 2005,” EDUCAUSE Review, vol. 40, no. 3 (May/June 2005): 14–28, http://www.educause.edu/er/erm05/erm0530.asp.

4. Karin Fischer, “State Spending on Colleges Bounces Back,” Chronicle of Higher Education, January 13, 2006.

5. Peter Schmidt, “A Year of Treading Water?” Chronicle of Higher Education, January 6, 2006.

6. Philip J. Goldstein and Judith Borreson Caruso, “Roadmap: Information Technology Funding in Higher Education,” EDUCAUSE Center for Applied Research (ECAR), December 2004, http://www.educause.edu/ir/library/pdf/ecar_so/ers/ers0407/ECM0407.pdf.

7. Ben Gose, “Colleges Rely on Consortia, Contractors, and Ingenuity to Cut Costs,” Chronicle of Higher Education, January 27, 2006.

8. Brian L. Hawkins, Julia A. Rudy, and Robert Nicolich, EDUCAUSE Core Data Service: Fiscal Year 2004 Summary Report (Boulder, Colo.: EDUCAUSE, 2005), p. 49, http://www.educause.edu/ir/library/pdf/pub8002g.pdf.

9. Ibid.

10. Leslie Maltz, Peter B. DeBlois, and the EDUCAUSE Current Issues Committee, “Trends in Current Issues, Y2K–2005,” EQ: EDUCAUSE Quarterly, vol. 28, no. 2 (2005): 7, http://www.educause.edu/eq/eqm05/eqm0521.asp.

11. The New Media Consortium and the EDUCAUSE Learning Initiative, The Horizon Report: 2006 Edition (Austin, Tex.: New Media Consortium, 2006), http://www.educause.edu/ir/library/pdf/CSD4387.pdf.

12. World Wide Web Consortium (W3C), Glossary/Dictionary, http://www.w3.org/2003/glossary/keyword/All/?keywords=web+service.

13. Laurie F. Wurster, Fabrizio Biscotti, and Michele Cantara, “Web Services User Survey for the U.S. and Europe, 2005,” Gartner Research Paper, December 7, 2005.

14. Kenneth C. Green, "Tracking the Progress of Portals and Web-Based Services," EDUCAUSE Center for Applied Research (ECAR) Research Bulletin, vol. 2003, no. 8 (April 15, 2003), http://www.educause.edu/ir/library/pdf/ERB0308.pdf.

15. Michael Zastrocky and Marti Harris, “Hype Cycle for Higher Education, 2005,” Gartner Research Paper, September 1, 2005.

16. The EDUCAUSE Identity Management Services Program (IMSP) was launched in August 2005 as a response to the higher education community’s need to make smart choices and to better manage the costs of this critical element of network infrastructure. The IMSP allows EDUCAUSE institutional members to take advantage of discounted pricing and customized purchasing arrangements for vendor-provided identity management products and services.