Top-Ten IT Issues, 2008

min read

© 2008 Debra H. Allison, Peter B. DeBlois, and the 2008 EDUCAUSE Current Issues Committee. The text of this article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License (

EDUCAUSE Review, vol. 43, no. 3 (May/June 2008): 36–61

Debra H. Allison is Chair of the 2008 EDUCAUSE Current Issues Committee and Interim Vice President for Information Technology at Miami University. Peter B. DeBlois is Director of Programs and Media Relations for EDUCAUSE and staff liaison to the Current Issues Committee.

Comments on this article can be sent to the authors at [email protected] and [email protected] and/or can be posted to the web via the link at the bottom of this page.

Which IT issue is of top concern to technology leaders in higher education today? Did the number-one issue of 2007—Funding IT—continue to be of prime importance to college and university IT leaders? Did new issues emerge on the top-ten list? Did issues from last year drop off the list this year?

The ninth annual EDUCAUSE Current Issues Survey has the answers. Administered by the EDUCAUSE Current Issues Committee, whose members review and recommend the set of IT issues to be presented each year, the web-based survey was conducted in December 2007. Survey participants—the primary representatives, typically CIOs, of EDUCAUSE member institutions—were asked to check up to five of thirty-one IT issues in each of four areas: (1) issues that are critical for strategic success; (2) issues that are expected to increase in significance; (3) issues that demand the greatest amount of the campus IT leader’s time; and (4) issues that require the largest expenditures of human and fiscal resources.1

2008 EDUCAUSE Current Issues Committee

Debra H. Allison, Committee Chair
Interim Vice President for Information Technology
Miami University

Anne Scrivener Agee
Vice-Provost for Information Technology and CIO
University of Massachusetts, Boston

Shah Ardalan
Chief Information Officer
Lone Star College System

Julie Buehler
Associate Chief Information Officer
University of Rochester

Elaine David
Assistant Vice President, Information Services, and Director, IT Security, Policy,& Quality Assurance
University of Connecticut

Mary M. Doyle
Vice Chancellor for Information Technology
University of California, Santa Cruz

James M. Dutcher
Vice President for Technology
Orange County Community College

James Estrada
Vice President for Information Services and University Librarian
Fairfield University

Gilbert R. Gonzales
Chief Information Officer
California State University, Monterey Bay

Bret L. Ingerman
Vice President for Computing and Information Services
Vassar College

Keiko Pitter
Chief Technology Officer
Whitman College

David Stack
Deputy CIO
University of Wisconsin–Milwaukee

Peter B. DeBlois, Staff Liaison
Director of Programs and Media Relations

Complete details and an in-depth analysis of the 2008 Current Issues Survey are being published in the Spring 2008 issue of EQ, the EDUCAUSE quarterly journal for IT practitioners. The EQ article offers a 2007/2008 comparison of the top-ten issues in all four areas and places the responses in the context of other organizations’ annual surveys and reports on IT-related trends in higher education.2

The 2008 Current Issues website ([]) offers the following resources:

  • Recommended readings for each of the top-ten issues
  • Links to EDUCAUSE Connect resources for each of the top-ten issues
  • Downloadable PowerPoint presentation on the 2008 Current Issues Survey and multiyear trends
  • HTML and PDF links to the EDUCAUSE Review and EQ articles
  • Tables with detailed demographic survey results

This EDUCAUSE Review article focuses on the first of the four areas noted above: the top-ten issues that IT leaders identified as the most important for their institutions to resolve for strategic success. For each issue, we offer a definition and a set of questions. The questions are not meant to be exhaustive; they are intended to stimulate thinking and discussion.

Top-Ten IT Issues, 2008

1. Security

2. Administrative/ERP/Information Systems

3. Funding IT

4. Infrastructure

5. Identity/Access Management

6. Disaster Recovery / Business Continuity

7. Governance, Organization, and Leadership

8. Change Management

9. E-Learning / Distributed Teaching and Learning

10. Staffing / HR Management / Training

But first, how do these results compare to last year’s?3 Five findings are especially notable:

  • Since 2003, the top-three issues in terms of strategic importance to the institution have been, in various ranking order, Administrative / ERP Information Systems, Funding IT, and Security. Funding IT ranked #1 from 2003 through 2005; in 2006, Security and Identity Management (a single issue then) emerged as #1. Funding IT moved back into the top spot in 2007, with Security as #2. This year, Security is #1, Administrative / ERP Information Systems is #2, and Funding IT has dropped to #3. Though it may be tempting, drawing inferences about trends in the profession or higher education generally to account for these shifts would be risky. The salient point is that these three issues collectively continue to be the critical touchstones for IT in higher education. When any one of them falters, whether through major data-integrity breaches, system implementation glitches, or budget cuts, an institution’s or system’s strategic health is threatened.
  • Change Management appears for the first time (#8) in 2008, and Strategic Planning drops off the list. Are these two sides of the same coin, or does one subsume the other? Strategic Planning, which has been one of the more stable issues in the top-ten, focuses on alignment: of IT strategies with institutional missions, of campus stakeholders’ goals with IT planning, of resources with priorities. Change Management has two dimensions, one in the larger sense of fostering culture change and the other in the sense of developing a process for handling IT changes that are made on a regular basis (e.g., patches, upgrades, replacements) and that can be very disruptive if there is no change management process in place. Ultimately, Change Management requires planning for change: defining what the change is; understanding how it will affect existing systems; and communicating, testing, and evaluating the change, once implemented, to make sure it accomplishes the intended purpose. IT leaders still care about and are “doing” strategic planning, but change is now especially on their minds.
  • Another thematic instance of what’s in and what’s out is the disappearance, on the one hand, of both Course/Learning Management Systems and Faculty Development, Support, and Training from the top-ten strategic issues list and the emergence, on the other hand, of E-Learning / Distributed Teaching and Learning (#9). In 2007, Course/Learning Management Systems made the top-ten issues list not so much because of the galvanizing impact of the Blackboard-WebCT merger or the copyright-patent controversy (though that may have been a contributing factor) but because of the evolution of this technology as a mission-critical enterprise system and its accelerating use as a fundamental teaching and learning resource by institutions of all kinds. It may well be that in 2008, Course/Learning Management Systems and Faculty Development, Support, and Training are understood to be aspects of E-Learning / Distributed Teaching and Learning. If so, this may reflect the emerging influence of instructional technology and design both as a key element of the IT organization’s mission and as an expanding niche of the profession.
  • Also notable is the reappearance of Staffing / HR Management / Training as #10 among the issues of strategic importance. This issue last appeared in the top ten in 2001, when it was #4. At that time, IT departments in many institutions were still grappling with the staffing challenges that the Y2K milestone had presented, either for massaging homegrown administrative legacy systems to perform in a new millennium, with increasing demands for web-based services, or for developing among staff new skills to integrate and manage newly purchased ERP systems. Though Staffing / HR Management / Training was never very far out of the top-ten issues lists between 2002 and 2007, its emergence as #10 in 2008 may signal a renewed awareness among higher education CIOs of the challenges of recruiting, remunerating, and retaining a skilled IT staff. Whether they will need to hire people with specialties in such emerging areas as security, identity management, and instructional design/technology or cultivate those skills in existing staff, CIOs face a daunting test to provide a workforce that can meet their institutions’ IT needs in the midst of constrained institutional budgets and increasing competition for experienced professionals.
  • Lastly, the top-ten issues whose relative positions changed the most were (1) Infrastructure, which was up three positions, to #4, and (2) Governance, Organization, and Leadership, which was also up three positions, to #7. But it would be a stretch to say that these two were the most volatile issues for IT leaders in 2008: a swing of three ranking positions, up or down, must be seen in the context of other issues in any given year’s survey. If Infrastructure and Governance, Organization, and Leadership hold these positions or rise further in subsequent years, we can then try and account for the forces that establish a trend.

Below, the members of the 2008 EDUCAUSE Current Issues Committee describe the top-ten issues that IT leaders say are the most important for their institution to resolve for strategic success.

Issue #1: Security

It is no wonder that IT security has again emerged as the top strategic issue for colleges and universities, given the increasing amount of critical data and new services that is available electronically and that needs to be protected. The persistence of security incidents and reported data breaches and the growing number of compliance requirements, including security-related state and federal regulations and contractual obligations, make this a central and acute concern of all IT organizations, no matter their institutions’ sizes and missions. College and university IT personnel have a daunting task to ensure the security of information resources while operating within a culture of openness and decentralization. In addition, the changing nature of the threats continues to challenge IT organizations.

Critical questions for Security include the following:

  • Is the institution aware of the federal, state, and local laws that may govern the data for which it is responsible and that may dictate the appropriate and necessary responses to any breach?
  • Does the institution have privacy and security policies that encompass all of its IT resources and not just the central systems? Are the policies enforced consistently across the enterprise, reviewed regularly, measured for effectiveness, audited for compliance, and updated to reflect changing needs? Do the procedures reflect the goals of the policies?
  • Does the institution have a formal, documented security-incident response plan that includes procedures for detecting, reporting, alerting, escalating decision-making authority, containing, remediating, and returning to service? Does the plan set in motion a notification process when protected data has been potentially compromised? Does the institution have staff trained in computer forensics, or does it have ready access to experts? Are processes in place for dealing with law enforcement agencies?
  • Do senior administrators recognize their roles as information stewards? Has the institution developed clear, consistent policies and procedures for classifying, handling, retaining, and disseminating information and appropriate security controls for protecting critical and confidential resources?
  • Does the institution have an enterprise IT security program to address the changing nature of IT threats and the increasing number of compliance requirements? How does the institution ensure that it remains current with respect to the changing regulatory landscape? How has it addressed the changes in the e-discovery rule with respect to litigations holds?
  • Is IT security viewed as a funding priority? Are there the funds necessary to facilitate and support improved security measures on a campus-wide basis?
  • Does the institution have a chief privacy officer and/or a chief information security officer for striking the balance between privacy and security? If it does not have the resources for such a position, where and/or with whom does the responsibility reside? Are there staff trained and assigned to assess the risks to, and ensure the privacy and security of, the institution’s information resources?
  • Has the institution planned or completed a comprehensive risk assessment to identify and prioritize vulnerable areas and outline ways to mitigate potential risks, including those caused by lost or stolen mobile devices? Does the institution routinely consider privacy and security implications before buying or deploying new systems or technologies?
  • Does the institution provide an awareness and training program in privacy and security? If so, does the program include awareness of the defensive measures appropriate to the institution to protect systems and data? Does the institution regularly communicate information about policies and procedures to constituents?
  • Has the institution built the appropriate infrastructure to improve security? If infrastructure services are outsourced, does the provider have these measures in place? Has the institution implemented a unified threat and vulnerability management system that includes such features as firewalls, VPNs, antivirus, antispyware, antispam and antiphishing, bandwidth management, intrusion prevention and detection, and content filtering? Has it engaged an independent entity to assess the effectiveness of these measures?
  • Do security managers regularly consult the website of the EDUCAUSE/Internet2 Computer and Network Security Task Force (

Issue #2: Administrative/ERP Information Systems

Even though ERP systems have been a familiar part of the IT environment for years, institutions still consistently spend the most resources on them. Also, despite the arrival of new technologies and concepts, the Administrative/ERP Information Systems issue has risen in strategic importance to second place from third last year.

In addition to large initial implementation costs, IT leaders typically find that staff development, user training, business process modifications, regulatory compliance, and a very limited pool of talent are acute challenges and drains on resources. Annual maintenance, licensing, and consulting services are also getting more expensive.

Looking for new markets to penetrate, the major ERP vendors have been busy with acquisitions and product line expansions. Advanced enrollment management, business intelligence, and live key performance indicator dashboards are a few of the new applications that vendors are promoting for improved institutional data analysis and decision-making. Whereas higher education uptake of these ERP add-ons has been modest, rising student expectations and increasing recruiting competition may drive more institutions to invest in ways of getting strategic value out of ERP data—data that is now usually oriented toward purely transactional use.

In general, open-source and best-of-breed systems have been and will continue to be attractive to higher education; however, uncertainties about the total cost of ownership of open source systems continue to leave many institutions wary of these options. The processes of selecting a new ERP system or evaluating an existing one have become so involved and complex that institutions may be tempted to consider letting an independent consulting firm run the assessment and RFP processes. But defining the needs and making the final decision must stay with the institution’s stakeholders and executive leadership.

Critical questions for Administrative/ERP Information Systems include the following:

  • What stakeholder dependencies and expectations must be factored into making sure the institution has the right system?
  • How do the concepts of “empowering strong leadership” and “fostering appropriate governance” relate to ERP system oversight?
  • Does the IT organization have a formal and effective staff-development program to meet the demands of ERP management?
  • Does the institution have a comprehensive and formal user-training program? Does it use faculty and other champions to train others?
  • When and where does it makes good business sense for the institution to outsource system services?
  • What staff members and processes are needed to stay current with patches and upgrades?
  • Has the institution developed and does it enforce a strict policy on customization?
  • Does the institution have a reasoned (and institutionally accepted) approach to decisions about centralizing and decentralizing aspects of system maintenance and application services?
  • Is the institution deploying new and proven technologies, such as virtualization, when and if possible?
  • Has the institution reduced the risk of significant unplanned costs by implementing best practices, such as creating and testing a disaster-recovery plan and implementing a comprehensive security plan?

Issue #3: Funding IT

For the first time since the inception of this survey, Funding IT has fallen out of first or second position. In a recent University Business survey on IT spending, 51 percent of CIOs and IT leader respondents reported an increase in IT budgets over the prior year. The survey found that “despite decreasing technology costs, computer hardware and enterprise software still claimed the biggest portions of most budgets.”4

IT leaders continue to face growing expectations for new and existing IT services that exceed budget capacity, escalating maintenance costs that take up larger percentages of IT budgets, and increased funding pressures at federal, state, and institutional levels. As these challenges continue, approaches to funding IT are evolving. Increasingly, campuses are recognizing the need to involve the CIO in the institution’s highest level of planning and governance. IT leaders are devoting more time to campus communications, multi-year planning, and the presentation of IT opportunities in the context of the institution’s mission (focusing on results versus the underlying technologies). These changes are having a positive impact on funding IT through better-architected results, informed decision-making, and improved expectation management.

Historically, IT organizations have focused their funding efforts on operational priorities (e.g., rates, lines of business, metrics); however, it is becoming increasingly important to balance this focus with strategic and organizational perspectives. EDUCAUSE President Emeritus Brian Hawkins recently noted: “Both operating and capital costs must be clearly understood, and more important, the functions that these expenditures support and how these lead to institutional goals need to be carefully and clearly communicated.” He preceded this statement by noting that IT leaders “need to have a dream . . . a dream that the president and the provost and the financial officer and all the other sectors of the campus community share.”5

IT leaders will continue to be challenged by funding pressures and new service demands; however, if progress continues with shared vision, campus-wide communications, and multi-year IT planning, perhaps Funding IT will eventually be able to drop even lower on this list—if not off the list altogether.

Critical questions for Funding IT include the following:

  • As budgets continue to tighten, are new funding options being considered, rather than just concentrating on cost-cutting? Are changes in the global market allowing for new sources of labor and markets for the institution? Have assessments been completed on how technology can address the most pressing productivity issues on campus?
  • Are IT initiatives presented in the context of competing institution-wide opportunities and issues? Are campus-wide leaders involved in IT governance for investments and for expectation setting? Are peer and vendor relationships leveraged to the institution’s fullest potential? Are nontraditional partnerships investigated (e.g., non-higher-ed partners for data center backups)? Are co-development/joint research collaborations explored?
  • Where IT organizations have been allowed to assess chargebacks, are the rates creating desired incentives for decision making and control? Are multiyear service trends documented and shared to inform the campus about the growth of new service offerings and changes to existing offerings? Are cost-saving options, such as e-mail outsourcing, investigated? Are financial plans presented with benchmarking that is meaningful on the campus? Two essential resources for benchmarking IT funding in higher education are the EDUCAUSE Core Data Service ( and the Campus Computing Project (

Issue #4: Infrastructure

The management of IT infrastructure has been an EDUCAUSE top-ten current issue for the last several years. In 2008, it jumped three positions from 2007, up to number four. The challenge of maintaining and enhancing campus infrastructures has become more acute due to a number of factors: more complex environments that are subject to intrusions and security breaches; more demanding technology users and higher expectations for always-on service; new pressures on sustainability and the environment; and budgets that are never quite sufficient to cover priority investments.

Supporting robust connections to regional and national networks, maintaining, managing, and securing campus backbone networks, and providing robust connections to the desktop all require sound fiscal planning and a commitment to providing for the basic computing and telecommunications needs of the college or university. And that’s just the network! Among the other critical components of the IT infrastructure are voice services, software licensing and lifecycles, storage, and facilities for disaster recovery and business resumption. The IT organization at some institutions is being asked to fund and maintain new infrastructure projects, such as wireless and VPN, while not yet being able to fully fund and support the “traditional” wired infrastructure. Indeed, this issue embraces all the elements of the emerging topic of “cyberinfrastructure,” which has come to mean much more than the NSF’s raised bar for secure information transfer between researchers and the agency.

There is an expectation that IT infrastructure, like electricity and water, is always there when needed. Although infrastructure may not be a showcase item, it is the bedrock for those technology-related activities that promote and enhance the reputation of the institution. Infrastructure is the “silent partner” in teaching and learning, scholarship and research, student services, administrative applications, and outreach and engagement.

Newer and emerging aspects of infrastructure are changing how colleges and universities must manage in the future. The necessary focus on “green computing”—in particular, energy conservation—will have a demonstrable impact on future infrastructure decisions. Shared data facilities, virtual machine technologies, consolidation strategies, and power management are a few of the growing expectations for infrastructure plans and investments.

Critical questions for Infrastructure include the following:

  • Does the institution have a life-cycle funding model that allows for regular and continuous upgrading of IT infrastructure components?
  • Is the institution able to predict an accurate trajectory for bandwidth needs? Is there a plan in place to ensure that those needs are met?
  • Is IT infrastructure addressed in the institution’s strategic plan?
  • Has a “green computing” program been initiated at the institution?
  • Is the technical network staff up-to-date on emerging technologies and standards? Are professional-development opportunities provided to ensure that staff will acquire necessary skills? Do network leaders participate in national or regional networking groups?
  • Does the infrastructure have built-in redundancy to provide continuous service? Have alternate sites for business continuity been arranged in case of an emergency or disaster?
  • Are deans, chairs, faculty, and administrators periodically consulted about the adequacy of the IT infrastructure? Has students’ satisfaction with the IT infrastructure been measured?

Issue #5: Identity/Access Management

On increasing numbers of campuses, awareness of the challenges of Identity/Access Management (I/AM) has grown beyond the provenance of the IT organization to an institution-wide commitment, albeit grudgingly in some quarters, to new network usage and information access protocols. As institutions develop plans and operations relating to each of the major elements of I/AM—identification, authentication, and authorization¬—awareness and action both are maturing.

I/AM was initially associated with Security both in the EDUCAUSE Core Data Service ( and in previous Current Issues Surveys ( Beginning with the separation of Security and Identity Management into two distinct issue choices in the 2007 Current Issues Survey, I/AM gained new importance. This isn’t to suggest that Security is less important but, rather, that I/AM appears to be taking on a broader perspective similar to the evolution of Business Continuity in relation to Disaster Recovery.

There has been a clarion call from IT leaders to educate and inform campus constituencies about the importance of I/AM because so much depends on the risk awareness and active vigilance of individual network users.6 Organizations such as EDUCAUSE, the InCommon Federation, Internet2, and the National Science Foundation are making concerted efforts to develop applications and policies for I/AM. However, these appear to be just the initial steps required to alert the community that more needs to be done. Recently, EDUCAUSE launched a Spotlight Series of web seminars on how IT professionals are addressing specific I/AM challenges on different campuses (

In addition to the questions raised in last year’s Current Issues Survey Report, critical questions for Identity/Access Management include the following:

  • Does the IT organization understand the case statement for alerting campus leaders to the need for a comprehensive approach to I/AM planning? Several cogent arguments for a campuswide effort can be found in two EDUCAUSE publications.7
  • What is the status of the campus plan for addressing I/AM?
  • Has the institution planned or completed an IT risk assessment?
  • Where does the institution stand in relation to the essential policy development that is necessary to support a robust I/AM implementation?
  • Have these policies been shared with campus leaders as part of a business case or communications strategy?
  • Are the IT staff aware of the long-term goals to integrate the systems of identification, authentication, and authorization?
  • In light of staff and institutional resources, has the IT organization considered external expertise to help with planning for I/AM regarding either policy or technical development? (For a list of I/AM software vendors, see [<]).
  • Is the IT organization aware of the growing repository of I/AM information available at the EDUCAUSE website (

Issue #6: Disaster Recovery / Business Continuity

Disaster Recovery / Business Continuity (DR/BC) made it to the top-ten list in four of the last five years. According to an EDUCAUSE Center for Applied Research (ECAR) study published in early 2007, about half of the responding institutions had suffered disruptive events that triggered an emergency response in the previous five years.8 The Campus Computing Project’s 2007 survey noted that about 60 percent of institutions had a strategic plan in place for IT disaster recovery.9

However, in a world where nearly 50 percent of the business functions in education are considered mission-critical10 and where expectations of always-on service are the norm, the classic reactive mode of disaster recovery—involving hours or days of downtime while back-ups are retrieved and data recovered—may not be good enough. Instead, institutions are shifting their focus to more proactive planning for organizational resilience, building their capability to respond rapidly to unforeseen change with service-oriented architectures, data-mirroring, and server virtualization—among other strategies. A few institutions have even gone so far as to create an organizational resilience unit.11

Whatever approach an institution takes to DR/BC planning, some person or office should have specific responsibility for coordinating it. Such planning is a complex, iterative process that requires support from the entire institution, not just IT, particularly when the focus is on resilience. Resilience needs to be introduced into the ordinary management and decision-making processes about technology and systems, and a designated sponsor helps ensure such integration. Collaboration is also essential to building resilience—collaboration not only within the institution but also with partners in the larger community, in the region, and in other parts of the country. The development of national and state standards for crisis management has made larger-scale collaboration easier by providing a common language and procedures.12

While the traditional approach of threat/vulnerability assessment and risk management continues to be important, capabilities assessment is also critical. What capabilities—multiple communication platforms, well-understood telework procedures, virtual support services—are in place or must be developed to ensure the recovery and continuance of the organization?

There is, of course, a cost for building resilience, but the cost of recovering from an unplanned disruption is often many times greater.

Critical questions for Disaster Recovery / Business Continuity include the following:

  • Has the institution assigned responsibility for coordinating DR/BC planning to a specific individual or office?
  • Has the institution conducted a risk assessment to determine likely threats and mitigation factors? How much of a risk are the current operating methods?
  • Has the institution conducted a business impact analysis to determine mission-critical applications and restoration priorities?
  • Does the institution have a documented and tested DR/BC plan for each mission-critical application? Is there a program in place for continuous revision and testing of the plans?
  • What processes and capabilities are needed to make the institution resilient? Does the IT organization have a plan for building and testing these capabilities?
  • What opportunities for partnership exist within the state or region to provide resilience to the institution and a partner institution (e.g., a shared regional data center, cross-training, joint testing exercises)?
  • Does it make sense for the institution to outsource some DR/BC functions?
  • Are issues of DR/BC and resilience routinely included in every discussion about new technologies at the institution?

Issue #7: Governance, Organization, and Leadership

The issues surrounding IT governance in higher education are complex indeed. Whereas many of these issues are institutionally and organizationally agnostic, others very much reflect the history and culture of individual campuses. What may seem to be simple questions, such as the IT leader’s title and reporting line, are anything but simple. Complicating many of these discussions is the fact that within a very short amount of time (at least in institutional terms), and within the institutional memory of many on campus, IT has gone from being nonexistent to being ever-visible and requiring ever more resources in terms of staffing, budget, and time.

Many campuses have reached a point of enlightenment: the head of the technology organization is called on as needed to discuss obvious technology-related matters. However, the top IT administrator sits at the cabinet level at fewer than half. Still, the trend has been modestly increasing. According to the EDUCAUSE Core Data Service (, in 2003, 30 percent of CIOs reported to the president and 44 percent sat on the cabinet; in 2005, those numbers increased to 31 percent and 46 percent, respectively, and for 2006, to 32 percent and 48 percent. These institutions recognize the value of having someone with a deep understanding of the strategic and transformative values of technology participate in broad institutional discussions.

At the same time, campus IT constituents are concerned with who is involved in technology-related decision making. Much as the CIO wants to be engaged at the highest level of institutional discussions and decision making, so too does the campus community want to be involved in the process. As a result, the institutional committee structure should ensure opportunities for involvement from all members of the campus, not just the faculty (who frequently have involvement in such matters codified in the governance). Of course, it is also important to structure incentives and responsibilities so that involvement is a practical reality and not just a theoretical right. Finally, determining what to share with the institution’s governance board and being aware of its expectations of involvement in technology discussions form another critical issue—one that is on the minds of many IT leaders, as shown by recent discussions on the EDUCAUSE CIO listserv (

For senior members of the IT profession to be welcomed “at the table,” they must convey both an interest in and an understanding of the complete spectrum of issues that are of importance to the institution. This interest should not develop in a vacuum. The next generation of IT leaders needs not only technical expertise but also regular exposure to and engagement in the issues of the day that affect institutions and higher education in general. Cultivating such an awareness can be difficult when IT staff treat their work as “jobs” rather than “professions,” making staffing and professional development (see issue #10) so critical.

Critical questions for Governance, Organization, and Leadership include the following:

  • Does the IT organization have appropriate advisory committees, and are they constituted to ensure broad constituent input?
  • Has the IT governance process been designed in a coherent fashion, or is it simply an accretion of inherited practices and institutional traditions?
  • Does the IT governance process have the performance measures and other metrics necessary to make informed decisions, and does it make decisions on that basis?
  • Are professional-development opportunities being created within the IT organization to engage staff in discussions of a broad set of issues facing the campus and higher education?
  • Has the campus reexamined the reporting relationship of the CIO, as well as given the CIO a place on institution-wide committees, including the executive cabinet?
  • Is the CEO willing to charter and actively support the advisory committee(s)?

Issue #8: Change Management

IT organizations large and small, private and public, throughout higher education are under constant pressure to advocate or influence institutional change. For most campuses, the CIO has the dual role of delivering service and support and acting as an agent of collaborative change throughout the institution. CIOs use change management (i.e., the purposeful and structured approach to transition from a current to a desired state) to align their organizations to match the institution’s core requirements. In addition, CIOs use change management methods and practices to ensure service levels, improve the consistent delivery of operations, and improve the predictability of support and innovation.

Change management allows the CIO to engage in purposeful change by defining processes, disclosing methods, and facilitating the desired outcomes both for systems and for processes and services. For these reasons, the practice of change management informs the role of CIOs and IT management throughout the institution.

CIOs have been calling for professional practices in change management. For example, Geoff Scott reminds us that IT in higher education must be more flexible and, therefore, more responsive as its management improves.13 But though change management practices may start with vision and leadership, few IT leaders and their institutions are trying to improve governance through explicit management practices.14

Change management is a management practice informed by defined methods. No single method or practice will suit all institutions.

Critical questions for Change Management include the following:

  • What is the institution’s culture and capacity for embracing change? How can the IT organization improve the adoption of change when it is right and needed?
  • Since “culture eats change,” how can management practices be aligned/realigned with an emphasis on culture?
  • What process improvements and skills alignment must be supported before significant change can happen?
  • Which of the multiple layers of the IT organization are most in need of transformation?
  • To involve every layer of the institution, which leaders, stakeholders, and external constituents need to be engaged in change management?
  • Does the IT organization make the best use of data to establish a need or to explain why change is needed?
  • Have ITSM (information technology service management) or similar standards and methods been deployed as the foundation for change?
  • Does the IT organization communicate with the campus using regular and timely information that helps stakeholder groups acknowledge, improve, and celebrate?

Issue #9: E-Learning / Distributed Teaching and Learning

The CIO invests in e-learning and distributed teaching and learning by efficiently hosting enterprise-level hardware/software, securing access, and ensuring data integrity. Through strategic dialogue with campus stakeholders, CIOs are responsible for adopting and implementing new technologies to support teaching and learning. However, the rapid rise of Web 2.0 technologies to support user-generated content, build collective intelligence, and share information across a participatory community of learners internal and external to the campus has altered the pace of adoption, the points of entry for adoption, and the configuration of leaders who should be discussing resulting issues. As faculty and students self-select and adopt emerging social networking tools and applications residing outside the local IT environment, campus dialogue must focus on the impact to the underlying IT infrastructure, content retention, and protection of user (and content) rights.

With the need to balance ongoing support of enterprise-level technologies, the natural state of emerging technologies can dissuade CIOs from investing significant resources in these technologies. As institutions experienced in the early years of learning management systems, a roadmap must be created for turning the emerging technologies into productive tools for supporting the next-generation e-learning environment. Examples include e-portfolios, wikis, blogs, podcasts, e-learning repositories, and virtual worlds.

Critical questions for E-Learning / Distributed Teaching and Learning include the following:

  • Is there active and collaborative engagement—not merely a division of labor—among the CIO, the library, and those who are responsible for fostering an effective teaching and learning environment?
  • Is the CIO in dialogue with legal counsel, provosts, and records managers about the issues inherent in the instructional use of emerging, user-focused applications? Since technology developments always outpace policy, are these individuals willing to reach a common understanding of what is at stake without attempting to curtail the use of such services?
  • Are the aforementioned leaders providing faculty with consistent information about the benefits, risks, and tradeoffs in using services that either fall into the category of emerging technology or exist outside the institution’s purview? For example, will graduates be able to access a pilot e-portfolio service that is either housed on a server in a school of education or offered at no charge by an external vendor? What are the implications of student blogs being hosted off-campus?
  • Do the IT staff appreciate that faculty members’ adoption of emerging technologies may require rapid accommodations in the configuration of the institution’s hardware and software infrastructures that have been hardened for security purposes?
  • Is the institution monitoring the progress of e-learning technologies and strategically implementing those that require institutional oversight? The resources of the EDUCAUSE Learning Initiative ( are a recommended guide.

Issue #10: Staffing / HR Management / Training

The Staffing / HR Management / Training issue is IT’s Achilles' heel. It may not always appear on the top-ten issues list, but it is always present. Every IT issue has associated staffing challenges, whether recruiting and retaining talented and qualified staff, providing much-needed professional-development opportunities, or managing staff morale and work environments. Current research has raised concerns about the anticipated departure and retirement of IT leaders, a change that requires planning for knowledge transfer.15 Another current issue involves the lifestyle and expectations of Net Gen workers, who want a better work-life balance than what their predecessors appear to have.16

Successful recruitment and retention of IT staff require a partnership with the campus human resources (HR) department to foster innovative initiatives. Ideally, this partnership should be characterized by an atmosphere that encourages flexible and innovative approaches to finding and keeping staff.17 Factors such as lower-than-market compensation, highly specialized and perishable skills, and ever-tightening budgets add to the challenges. Many institutions try to reduce dependence on the available pool of IT workers by “growing their own” staff through creating internship programs or hiring recent graduates. According to the U.S. Department of Labor, 64 percent of Americans who leave their jobs say they do so because they don't feel appreciated.18 It is also clear that location plays a large role in both recruitment and retention. Size and location of the community, proximity to high-technology centers and cities, cost of living, commute, lifestyle, and pace all can be counted as factors.

An organization needs to invest in its staff by creating professional-development initiatives that meet broad institutional goals while taking into account the specific needs of the individual.19 A multitude of resources exist to guide a campus in this endeavor. The EDUCAUSE publication Cultivating Careers: Professional Development for Campus IT offers first-person experiences, practical advice, and real-world examples of what works.20 Another set of valuable resources can be found on the EDUCAUSE Professional Development web page (

Critical questions for Staffing / HR Management / Training include the following:

  • How can the IT organization effectively communicate unique IT staffing challenges and ensure ongoing attention to the problem at the institutional level? How can the organization encourage institutions to spend more time and money to promote themselves as an attractive place to work?
  • How can the IT organization work with HR to foster positive recruitment and retention initiatives and to streamline recruitment processes to compete more effectively in today’s market?
  • Can the IT organization create new ways of working that will provide stimulating work environments to help attract and retain staff?
  • Can compensation systems be restructured to be more skill- and performance-based? Can the IT organization find ways to allow for greater job flexibility and options such as telecommuting or job-sharing and to provide more benefits such as daycare and study leaves?
  • How can higher education IT salaries become more competitive with industry salaries?
  • Should the IT organization expand its workforce by looking for talented individuals who do not have formal IT training and work with them to develop new skills? Should the organization be hiring more recent graduates?
  • With the need for continuing technical education increasing and the cost for that training rising, how can the IT organization address these financial challenges? How can it predict the next generation of required skills? How can it adequately train existing staff to meet the new technology challenges?
  • With limited ability to provide out-of-cycle salary increases or project bonuses, how can the IT organization show its appreciation to staff?
  • How can the IT organization take better advantage of the soon-to-be retirees and enable knowledge transfer before they leave higher education? Can their skills be used effectively in a part-time way, should they choose to not fully retire?
  • How can the IT organization prepare existing and more traditional staff to accept and learn from the new generation of workers?


The 2008 EDUCAUSE Current Issues Survey reveals a blend of continuity and change in how IT leaders perceive their major challenges and opportunities. The traditional top-three issues—Security, Administrative/ERP Information Systems, and Funding IT—have been the same for six years, with occasional shifts between first, second, and third ranking. Change Management appeared for the first time (#8) this year, while Strategic Planning dropped off the list, signaling not so much that the latter is less important or not being done but, more likely, that IT leaders see their organizations as the focus of needed change and as the supporters of and catalysts for mission-critical changes at their institutions. The appearance of E-Learning / Distributed Teaching and Learning among the top-ten strategic issues in 2008 suggests that instructional technology and design is now recognized as central to the IT organization’s mission. The drop-off of Course/Learning Management Systems and of Faculty Development, Support, and Training could mean that these aspects of the teaching and learning enterprise are now understood under the rubric of E-Learning. Finally, the appearance of Staffing / HR Management / Training on the list this year for the first time since 2001 indicates that IT leaders face an increasingly acute challenge in recruiting and retaining a skilled IT workforce to implement and maintain complex systems, as well as to meet the rising appetite for technology services.

All in all, when considering the ups and downs, the puts and takes, and the apparent eternal verities of issues in the Current Issues Survey results from one year to another, one might paraphrase the novelist Tom Wolfe in saying that IT in higher education is indeed “a profession in full.”


1. Of the 1,845 EDUCAUSE primary member representatives who received an e-mail invitation to complete the survey, 589 (32%) responded.

2. Debra H. Allison, Peter B. DeBlois, and the 2008 EDUCAUSE Current Issues Committee, “Current Issues Survey Report, 2008,” EQ: EDUCAUSE Quarterly, vol. 31, no. 2 (2008),

3. See John S. Camp, Peter B. DeBlois, and the 2007 EDUCAUSE Current Issues Committee, “Top-Ten IT Issues, 2007,” EDUCAUSE Review, vol. 42, no. 3 (May/June 2007): 12–33,

4. Ann McClure, “Technology Spending Survey ’08,” University Business, December 2007,

5. Brian Hawkins, “Winds of Change: Charting the Course for IT in the Twenty-First Century,” EDUCAUSE Review, vol. 42, no. 6 (November/December 2007), pp. 64, 56,

6. See Norma Holland, Ann West, and Steve Worona, “A Report on the Identity Management Summit, November 2–3, 2006,”, and Brian L. Hawkins, “What Higher Ed Leaders Need to Know about IdM,” EDUCAUSE Review, vol. 42, no. 5 (September/October 2007), pp. 84–85,

7. Hawkins, “What Higher Ed Leaders Need to Know about IdM”; Richard Boes et al., “Campus IT Security: Leveraging Identity Management Technologies,” EDUCAUSE Center for Applied Research (ECAR) Research Bulletin, vol. 2006, issue no. 21 (October 10, 2006),

8. Ronald Yanosky, Shelter from the Storm: IT and Business Continuity in Higher Education, ECAR Research Study, vol. 2 (Boulder, Colo.: EDUCAUSE Center for Applied Research, 2007),

9. Kenneth C. Green, “The 2007 Campus Computing Survey” (Campus Computing Project, October 2007),

10. Roberta J. Witty, “2005 BCM/DR Survey Results from Gartner, DRJ,” Disaster Recovery Journal, vol. 19, no. 4 (Fall 2006), figure 2,

11. Mardecia Bell and Ann Harris, “Beyond Business Continuity and Disaster Recovery: The Paradigm Shift,”

12. See, for example: BSI Group on British Standards, BS-ISOIEC-17799-FAQs/; National Fire Protection Association,; FEMA NIC Incident Management Systems Integration Division,

13. Shelton M. Waggener et al., “The Organization of the Organization: CIOs’ Views on the Role of Central IT,” EDUCAUSE Review, vol. 42, no. 6 (November/December 2007), pp. 24–53,; Geoff Scott, “Effective Change Management in Higher Education,” EDUCAUSE Review, vol. 38, no. 6 (November/December 2003), pp. 64–80,; Wayne Brown, “Taking ‘From Scratch’ Out of Problem Solving,” EDUCAUSE Quarterly, vol. 30, no. 4 (2007), pp. 60–62,

14. One exception is Marquette University, which has used change management practices to improve its governance practices. See Danny Smith. “Improving IT Governance through Formal Change Management,” presentation at EDUCAUSE 2007 Annual Conference, Seattle, Washington, October 24, 2007,

15. Phillip J. Goldstein, "Leading the IT Workforce," presentation at ECAR Symposium, Boca Raton, Florida, December 6 and 7, 2007,; Cynthia Golden, “Planning for the Brain Drain,” EDUCAUSE Review, vol. 41, no. 6 (November/December 2006), p. 84

16. Tracy Mitrano, Susan E. Metros, and Carie Windham, “Cultivating an Agile Workplace: When Eight-to-Five Meets the Net Gen Worker,” presentation at EDUCAUSE 2007 Annual Conference, Seattle, Washington, October 23, 2007,

17. Allison F. Dolan, “You Have an Opening—Now What?” EDUCAUSE Quarterly, vol. 26, no. 1 (2003), pp. 47–49,; “Recruiting and Retaining Information Technology Staff in Higher Education,” EDUCAUSE Executive Briefing #1 (August 2000),

18. Mike Robbins, “Staff Retention: The Power of Appreciation at Work,” CIO, January 18, 2008,

19. Christine E. Haile and Lisa Trubitt, “Tailoring Professional Development for IT Staff,” EDUCAUSE Quarterly, vol. 30, no. 3 (2007), pp. 44–47

20. Cynthia Golden, ed., Cultivating Careers: Professional Development for Campus IT (Boulder, Colo.: EDUCAUSE, 2006),