Leading an IT Organization Out of Control

min read

Gregory A. Jackson ([email protected]) is Vice President for Policy and Analysis, EDUCAUSE.

Comments on this article can be posted to the web via the link at the bottom of this page.

With the era of control ending for campus IT organizations, leaders need to learn to use some known management approaches and methods in radically different ways.

The era of control is ending for campus IT organizations. This means that IT leaders need to rethink some known management approaches and methods. Specifically, they need to learn to use these methods in radically different ways.

PCCs, Context, and Control

In E. L. Doctorow's novel Ragtime, set around 1909, Tateh and his little girl board the #12 streetcar from Hester Street to Union Square in Manhattan. They change to a #8 headed up Broadway, a Webster Avenue car through the Bronx, a Red and Yellow from Mount Vernon into New Rochelle, the Post Road Shore Line across the Connecticut line into Greenwich, the New York and Stamford into Bridgeport, a Springfield Traction Company car up through Hartford to Springfield, Massachusetts, and finally the Worcester Electric Street Railway to Boston.

The streetcars that Tateh and his little girl rode weren’t standardized, they weren't very comfortable, they weren’t efficient or powerful, they were generally old, and they were hard to maintain. To address these technology challenges, the major transit company presidents formed the Presidents Conference Committee, the “PCC,” in the 1920s. The PCC had two principal goals: to advance streetcar technology, and to gain efficiency and economy through standardization and joint procurement. Brooklyn received the first of the resulting iconic streetcars, always called PCCs for short, in 1936. Some 5,000 were manufactured by three different U.S. companies between then and 1952, when San Francisco got the last ones.

To many of us, successful IT collaborations in higher education such as Kuali, uPortal, and InCommon may seem like modern examples of this type of collective action. It's thus tempting to view the PCC story positively, as a parable that teaches how such collective effort succeeds. Indeed, shortly after the first PCCs entered service, the decline in ridership reversed, and urban transit volume increased sharply. But that was not just because of the new streetcars. Engaged in World War II by the end of 1941, the United States was redirecting steel, rubber, and gasoline to the military, drastically constraining the use of private automobiles and causing commuters to turn to urban and interurban transit systems. But as materiél became available once again after the war ended in 1945, car ownership and use began a steady climb. Not coincidentally, transit ridership began a rapid decline.

Thus the PCC story isn't just about successful collaboration. It also illustrates how focusing on control within too narrow a context can mislead strategy and misdirect resources. The lesson is this: Having influence in contexts that one can’t control can be just as important as directly managing actions in contexts that one does control.

To buttress this argument, I will begin with some examples of how technology change, organizational change, and contextual change are eroding centralized control over campus information technology. I will then suggest some known methods that IT leaders will need to use, in new ways, as control becomes elusive.

Technology Change

Even the largest campus data centers are too small to fully exploit economies of scale. More problematic, only a few are located where power costs are low. As a result, the collective operating costs of college and university data centers are higher than they need to be. Moreover, the combined capacity of higher education data centers is rapidly growing larger than projected demand requires or than reasonable risk management advises. Eventually we’re going to realize that hundreds of campus data centers should give way to tens, or perhaps scores, of shared or commercial ones.

In terms of efficiency, consolidated data centers are clearly good. But by definition, someone else’s infrastructure is less controlled than one’s own. As dedicated data centers give way to shared or commercial Infrastructure as a Service, or IaaS, the central IT organization’s control over data centers will diminish.

As applications have proliferated and become more complex, the number of servers on campus has grown sharply. Part of this growth has been managed through ever-smaller servers. As servers condense, however, their requirements for power and air conditioning rise sharply, and those requirements are hard to satisfy economically in small, distributed facilities. To address this, most campus IT organizations offer hosting services in central data centers for non-central servers. The advent of flexible, highly manageable virtualization technologies has made these services very efficient, as racks of dedicated servers give way to large, expandable virtual-machine environments.

Centrally managed virtual environments have brought a great deal of standardization and centralization to many campuses, in addition to driving some of the growth in campus data centers. Virtualization appears to have increased central control. But that effect won't last. Much as campus IT organizations can provide virtual environments to departments, so can above-the-campus entities replace campus IT organizations as providers of virtual machines. Those above-the-campus entities might be commercial services, they might be bilateral arrangements between campuses, or they might be multi-campus collaborations. Once this happens, central IT organizations will no longer be able to rely on campus-based data centers and virtual-machine environments to maintain control.

Data centers represent the first level of cloud-based services: IaaS. Virtualized servers form a second level: Platform as a Service, or PaaS. Loss-of-control effects also emerge from a third level: Software as a Service, or SaaS. This is especially true for what we might call the “shared-instance” form of SaaS, in which campuses contract with outside entities to provide specified services without dedicating a specific instance of applications to the campus. For example, many campuses have long relied on outside providers, such as ADP or their bank, to distribute paychecks. Several use standardized services, such as Concur, to manage their travel-expense reporting and reimbursement or use online “utilities” to process library materials or even human resources records. In fact, we at EDUCAUSE recently moved our job bank to just such a service.

Under the shared-instance SaaS model, the service is defined by the vendor to satisfy its customers’ needs in the aggregate. Standards and protocols apply equally to all customers. Individual campuses thus must adapt to what is generally acceptable, idiosyncrasy becomes impossible, and the campus IT organization’s control over the service shrinks. Yet adopting the shared-instance model is usually a plus. The shared-instance model forces respect for widely accepted standards and procedures, which in turn tends to drive process simplification and economy of scale. In other words, losing control can be healthy.

Loss-of-control changes also characterize a second technology domain: networking. Internet2, National LambdaRail (NLR), and their regional, state, and urban networking partners have given campuses excellent network access to each other and to cloud services. By making cloud infrastructure, platforms, and services accessible, these networking collaborations have helped reduce central IT control over core infrastructure. But two other networking trends dilute central control even more. One is the rapid extension of broadband service to homes, and the other is the even more rapid expansion of cellular and other wireless services everywhere, including on campus.

By the time my son was in college, around the turn of the millennium, his very traditional attendance pattern was a rarity among university students. He went to college straight out of high school, enrolled full-time, finished in four years at one institution, remained unmarried and childless, and was dependent financially on his parents rather than working full-time. Virtually all of his coursework was campus-based. Today, “nontraditional” attendance, which is commonplace, often means doing part or even all of one’s coursework online. That requires good connectivity off-campus, especially to homes. Thus, the higher the penetration of broadband into homes, the broader the market for nontraditional higher education.

By last fall, according to the National Telecommunications and Information Administration, 70 percent of households had Internet access, most of that being some kind of broadband.1 As the National Broadband Plan takes effect, this percentage will only increase. Yet with the exception of a few communities, home broadband is not and will not be provided by campus networking organizations. Commercial Internet service providers, which provide most home broadband, accept only minor influence—and certainly no control—from campus IT leaders. So even as home broadband increases the potential market for college and university nontraditional education, it reduces campus control over a key mechanism through which that education is delivered.

I spoke recently to about two hundred colleagues at an EDUCAUSE conference. In the middle of my presentation, I asked how many people in the audience had used a mobile computer or mobile device’s Internet connection at least once while I was speaking. Easily 90 percent of the audience members raised their hands—sobering for me as presenter but an excellent illustration of another way in which networking changes are eroding control. My audience was with me in the physical sense but was also somewhere else in the network sense.

As “location” becomes a metaphor rather than a well-defined concept, controlling people geographically no longer implies controlling where they are physically. Location is defined as much by signal strength, which campuses only partially control, as it is by building and campus boundaries, over which they have considerable control. Students, faculty, and staff can all be in more than one place at once, and in that way, they are all out of control. In addition, the devices they are using—tablets, smartphones, and similar devices—are designed, sold, configured, and supported with the consumer in mind, not the enterprise. The same is increasingly true for small computers.

The synergy between these two trends—the increased pervasiveness of wireless networking and the proliferation of consumer-managed devices—may be the dominant technological force eroding control by the campus IT organization.

Organizational Change

Just a couple decades ago, those of us who were becoming IT managers in higher education learned all about affinity diagrams and KJ exercises, total quality management, fishbone diagrams, root-cause analysis, BPR, and the like. We were all about teamwork, flat organizations, permeable boundaries, and cross-unit collaboration. We filled our EDUCAUSE tote bags with Post-it Notes, Magic Markers, colored dot stickers, and masking tape so that we'd be ready to facilitate teamwork at the drop of a process hat. To this day, many of us are uncomfortable in rooms that don't have flip charts.

At that time, lots of campuses had someone called the Chief Information Officer, even though most people who called themselves by that title were actually Vice Presidents or Associate Provosts or Directors. CIO was a descriptor, not a true title—the only Chief title usually belonged to the head of police. But then we began to have Chief Financial Officers, and before long we had Chief Administrative Officers, Chief Investment Officers, and in some cases Chief Academic Officers. More recently, we've seen Chief Privacy Officers and Chief Security Officers and Chief Accessibility Officers and Chief Compliance Officers.

Would that this were just about titles, but it isn't. There's a very real desire, on many campuses, to divide responsibility neatly among Chiefs so that hierarchy, authority, and especially accountability are clear. It's a tribal approach to management—or, to be more precise, a Bureau of Indian Affairs approach. Each tribe is given a reservation, and its Chief's job is to manage within its boundaries and within its allocation of water.

Following this tribal model, many campuses consolidated administrative computing units, which had previously reported separately, into the central IT organization. Other campuses went beyond this and also brought academic IT units under the central umbrella. In theory, such centralization yields efficiencies, and sometimes it did so. But there's no way to separate campus IT from the academic and administrative work it supports. Information technology has become too pervasive and too important to segregate.

I believe it is critical for campuses to have CIOs—and I say that not just because I was once a CIO. But defining the CIO role tribally, as the individual with direct and exclusive authority over all campus IT staff and resources, may no longer make sense. On the other hand, if the CIO is not a tribal Chief, why do we need him or her? As I wrote recently in EDUCAUSE Review, there are good reasons for campuses to have a senior officer overseeing and guiding information technology. For example, campuses need someone in charge centrally to properly integrate central systems, to secure economies of scale in operations and procurement, to promulgate and accept standards, and to advocate for strategic applications of information technology across the institution's academic and administrative domains.2

IT leadership in today's campus environment requires collaboration across functional lines—collaboration that in many cases requires teamwork rather than tribalism. Teamwork is very different from control.

Contextual Change

One reason to have a CIO, as noted above, is to secure economies of scale in procurement. CIOs do so by using a the aggregate demand of a campus to encourage aggressive price and feature competition among prospective vendors, much as the PCC did with streetcar manufacturers.

This works especially well when a few major vendors engage their customers and compete for business in sophisticated ways. Historical examples abound:  Dell, Compaq, Gateway, IBM, and HP in the Windows personal computer market, for example, or Juniper, Ciena, Lucent, Avaya, and Cisco for network switches, or even AT&T, Sprint, and Verizon for cellphones. It works less well when weaker vendors go out of business or stronger ones consolidate, so that one vendor comes to dominate a particular market. In information technology, we've watched Microsoft dominate personal productivity software, Oracle dominate large-scale databases, and Apple tighten vertical control over its devices from hardware up through applications.

Higher education rarely constitutes a large share of any vendor's market. It is even more rarely a source of significant profit, so we start out with rather little leverage. Industry consolidation trends reduce our leverage even further. As higher education loses its leverage with vendors, the associated rationale for having strong central IT control weakens. And if vendors aren’t competing for our business on the basis of volume, it’s hard to persuade individual departments not to do their own IT procurement. If individual departments do their own thing, central control continues to diminish. Industry consolidation thus erodes central IT control.

Conversely, government action often requires central control over information technology and so would appear to increase central power. The problem is that government action can also dictate how that control is used, thereby rendering the control moot. Consider, for example, the early 1990s controversy about CALEA, the Communications Assistance for Law Enforcement Act, which was intended to give police the same ability to tap Internet communications as they had for telephone communications. Because the architecture of the Internet differs from that of traditional phone systems, Internet tappers need access to the thousands (if not the millions) of switches through which a given call or message might be routed. The CALEA sponsors, who apparently didn’t understand this, wanted all traffic within a network to be accessible through some central, tappable point. Had this requirement taken effect, most campuses would have had to re-architect their networks into a more centralized model. As it turned out, CALEA imposed technical tapping requirements only on public networks. Partly because EDUCAUSE members’ dues dollars were hard at work, CALEA defined most college and university networks, even those that provide some guest access, as private, meaning that campuses dodged the bullet—at least for now. CALEA II, now under discussion, may put higher education back in the sights.

The point remains: government action can both require central control and then undercut it by eliminating central flexibility. Government also can constrain central IT control by imposing content-oriented legislative and regulatory requirements on network service providers. This has certainly been the case for copyright infringement, DMCA complaints, Audible Magic, and “plans to effectively combat.”3 When central IT leaders are cast as enforcers, especially of rules that arise around commerce rather than crime, their ability to work with others on campus suffers—not because others on campus are violators but because the “cop role” redefines the relationship. Among the casualties of that redefinition is control.

Leading IT Out of Control

For several reasons—some technological, some organizational, and some contextual—central IT organizations, and by extension their leaders, are losing the control they once had over campus information technology. But if campus IT leaders can't lead by controlling, how can they lead? I propose that in order to manage actions in areas they cannot control, IT leaders need to learn to use—in radically different ways—three important, known methods for exerting influence: conspiracy, bribery, and propaganda.

By conspiracy, I do not mean that IT leaders should become traitors skulking around dark hallways. Rather, they should look to management approaches based on teamwork and collaboration, like those that seemed so promising back in the 1990s. Those approaches emerged from organizational development research and advocacy. Chris Argyris and Don Schön, for example, argued that many organizations adopt a Model I culture. In Model I, individuals define goals and try to achieve them unilaterally, maximize winning while minimizing losing, squelch negative feelings, and seek to be rational and unemotional. Argyris and Schön contrasted this with a Model II culture, in which individuals maximize valid information, ensure free and informed choice for all concerned, and commit collectively to internal choices and to constant monitoring of their implementation. Argyris and Schön went on to argue that two things were required for a modern organization to succeed: emphasizing Model II over Model I, and matching actions to words.4

The key point here is that a centralized IT organization can work well in a collaborative environment only if all of those involved share a sense of goals, possibilities, and strategies and if they work together to maximize success. Achieving conspiracy like this requires skills. It requires the ability to understand others' points of view, the ability to express one's own point of view in terms that others can understand, and especially the ability to negotiate fairly and effectively.

By bribery, I do not mean that IT leaders should solicit or slip money under the table. Rather, they should configure technologies and services so that members of the campus community make choices that serve the general good. Among other things, IT leaders need to organize and price central information technology so that the free, voluntary choices of individuals align with the needs of the institution. This is partly a matter of how the central IT organization deploys technology, but it is equally a matter of full disclosure.

Seeking efficiency through homogeneity, central IT organizations used to require departments, or at least administrative departments, to procure standard computers through the central IT organization. But requirements like this require control, and they rarely please campus communities. Some years back, a counterpart of mine on another campus tried a different approach. Rather than requiring departments to buy particular computers through the central IT organization, he used central funds and some vendor concessions to subsidize the cost of computers bought through the central organization. Administrators had free choice. They could buy whatever computers they wanted, from whomever they wanted, at retail rates. Or they could buy the centrally recommended machine through the central organization for about half that price. Under those circumstances, most administrators used their free choice to buy what the central IT organization had wanted them to buy in the first place. The campus got a homogenous administrative desktop environment without telling anyone to do anything. Bribery—done openly and correctly—works.

Finally, by propaganda I do not mean that IT leaders should focus on producing videos and posters extolling their good works. Rather, they must learn to inform and persuade rather than defend and dictate. As control gives way to persuasion, it is very important to be honest and clear about mistakes, about bets that didn't pay off, about unsatisfactory service, and about outages.

For example, after a horrendous four-day campus e-mail outage a few years back when I was a CIO, I received an enraged and contemptuous note (typed in all capital letters) from a Nobel Laureate. He insisted that the IT organization should have a backup mail server ready to go at all times. In response, I explained that a backup mail server with a full copy of the entire community's mailstore would probably cost about half a million dollars. I suggested that given the frequency of major outages—about one every four to five years—it would be unwise to tie up that much capital rather than invest it academically. “I never thought about it that way,” he replied almost immediately, somewhat to my surprise, adding: “You're absolutely right. That would be a waste of money."

PCCs, Context, and Control (Reprise)

I started this article with a story about streetcars. By the time U.S. production of the PCCs ended in 1952, many American transit systems had begun to fold. The demise of streetcars was driven largely by suburbanization, which in turn depended on private automobiles, which therefore became the dominant way people got around even within cities. Their demise was helped along by bus manufacturers, which actively sought to replace streetcars running on fixed rails with much more flexible buses driving on city streets.

We know now that ripping out city and interurban streetcar lines was, in many cases, a mistake. We'd have been far better served had rapid-transit and light-rail infrastructure evolved along with roads, as part of a coherent, multifaceted transportation plan. In part because the Presidents Conference Committee was so focused on optimizing streetcars, an area they controlled, rather than overall transportation, an area they did not control, that didn't happen in the United States.

As I mentioned at the beginning of this article, the last U.S.-made PCCs were delivered to San Francisco, and there's an instructive epilogue to that fact. The 1989 Loma Prieta earthquake damaged major parts of the Embarcardero Freeway that once ran along San Francisco's docks. Rather than repair the freeway, the city demolished the remnants and installed light-rail tracks along the median of a wide replacement boulevard. It extended those tracks down Market Street, amid auto and bus lanes. Most of the streetcars that run along these new surface tracks are refurbished PCCs—the largest number, I believe, still operating in any U.S. city.

That San Francisco did not rebuild the Embarcadero Freeway—a radical choice in auto-obsessed California--is somehow reassuring as we contemplate using, in radically different ways, known methods to organize, manage, and lead the IT organization out of control.


1. U.S. Department of Commerce, National Telecommunications and Information Administration, Digital Nation: Expanding Internet Usage, NTIA Research Preview (February 2011), p. 7, <http://www.ntia.doc.gov/reports/2011/NTIA_Internet_Use_Report_February_2011.pdf>.

2. Gregory A. Jackson, “The Shrinking CIO?” EDUCAUSE Review, vol. 46, no. 1 (January/February 2011), pp. 8–9, <http://www.educause.edu/library/erm1114>.

3. The Higher Education Opportunity Act of 2008 (Public Law 110-315) requires, among other things, that colleges and universities have and implement a “plan to effectively combat” copyright infringement over their campus networks.

4. Chris Argyris and Donald Schön, Theory in Practice: Increasing Professional Effectiveness (San Francisco, Calif.: Jossey-Bass, 1974).

EDUCAUSE Review, vol. 46, no. 4 (July/August 2011)