A Corporate Perspective on the EDUCAUSE 2019 Top 10 IT Issues

Diversity is a key focus on campuses across the United States. Diversity of perspective is also a key focus for EDUCAUSE as we seek to better understand the issues that IT leaders are facing in higher education. For the third year in a row, we've asked members of our corporate community to share their perspective on the EDUCAUSE 2019 Top 10 IT issues. These industry partners hope not only to better understand the most pressing issues for campus IT leaders but also to better understand where they can offer their support and thought leadership to help advance higher education information technology.

Four corporate leaders, each dedicated to developing products and services tailored to the academic enterprise, offered their thoughts:

• 
  John Baker
  President and CEO, D2L
• 
  Nicole Engelbert
  Vice President, Oracle
• 
  Laura Ipsen
  President and CEO, Ellucian
• 
  Chris LaConte
  Chief Strategy Officer, SpyCloud

These leaders shared their perspectives on five of the EDUCAUSE 2019 Top 10 IT Issues: Information Security Strategy (#1), Privacy (#3), Student-Centered Institution (#4), Digital Integrations (#5), and Integrative CIO (#9). Although the four leaders represent different software and services organizations, we find commonalities in their responses related to the need to build systems and governance models to manage and secure student-centric data, the opportunity to build seamless digital services for frictionless experiences, and the potential to organize around student outcomes, in addition to the unique role the CIO plays in understanding and building these solutions.

Issue #1: Information Security Strategy

Developing a risk-based security strategy that effectively detects, responds to, and prevents security threats and challenges

Chris LaConte:

Most people think that the retail, hospitality, and health care industries tend to be the most attractive targets to hackers, since they store a cornucopia of financial and sensitive data. However, most higher education institutions store just as much tantalizing data to a cybercriminal. On the dark web, student and staff personally identifiable information (PII)—including Social Security numbers, credit card numbers, home addresses, dates of birth, and medical records—can command a hefty profit. The average price for someone's full dossier of information (otherwise known as a "full") can sell anywhere from $10 to $20.¹

Higher education continues to grapple with the fact that entry points into their systems are continually expanding while students and staff demand open-access efficiency and collaboration. Cybercriminals are going after online accounts to purloin PII for resale on these dark markets. This is highlighted by the 2018 Verizon Data Breach Investigations Report, which shows that the use of stolen or weak credentials was the top tactic used by threat actors last year to perpetrate a breach.²

In reaction to this, the U.S. National Institute of Standards and Technology (NIST) released its 74-page updated Special Publication 800-63-3: Digital Authentication Guideline.³ The guidance runs counter to the long-held philosophy that passwords must be long and complex. In contrast, the new guidelines recommend that passwords should be "easy to remember" but "hard to guess." According to the new guidance, usability and security go hand-in-hand. In short, NIST recommends the following for passwords:

• An 8-character minimum and 64-character maximum length
• The ability to use all special characters but no special requirement to use them
• Restriction on sequential and repetitive characters (e.g., 12345 or aaaaaa)
• Restriction on context-specific passwords (e.g., the name of the site)
• Restriction on commonly used passwords (e.g., p@ssw0rd)
• Restriction on passwords obtained from previous breach corpuses (third-party breaches)

Higher education institutions can also help protect their community by storing users' credentials correctly. We recommend that all credentials be stored by corporate- and customer-facing applications using a strong cryptographic hashing algorithm such as Bcrypt, Argon2, or Scrypt. If mandated across the board, this requirement can render potentially-leaked credentials nearly useless to criminals. The computational requirement makes it infeasible to crack these algorithms (today). Therefore, any of these stolen hashed passwords cannot be easily decrypted and used against users' other online sites, thus limiting an institution's overall liability.

Issue #3: Privacy

Safeguarding institutional constituents' privacy rights and maintaining accountability for protecting all types of restricted data

John Baker:

When we speak to new clients about adopting education technology—particularly in Europe—privacy is inevitably the first question they raise. It is also, in a sense, the easiest for us to answer because our student data is not used for anything other than student success, and it is not accessible to anyone outside the LMS. However, I find it somewhat concerning that people who could be using a technological solution in the classroom aren't doing so because highly publicized and improper uses of data by prominent tech companies are making them uneasy. We as a sector need to do more to put those fears to rest by assuring users that their data will be used only to improve student outcomes and will never be used in any other way. We need to give students greater insight into the data we collect and assure them that they have full ownership and control.

Issue #4: Student-Centered Institution

Understanding and advancing technology's role in optimizing the student experience (from applicants to alumni)

Nicole Engelbert:

Too often, the hyperbole around student-centricity has been narrowly focused on the student experience. Typical discussions center on the delivery of a frictionless, personalized experience that empowers institutional services to be consumed anytime, anywhere, and on any device.

Without question, an exceptional experience is critical to effective recruitment and influences retention and graduation in important ways. However, the creation of a true student-centered institution goes far beyond defining a quality experience and moves into defining the role and structure of the institution. With the student as the center, courses in classrooms at designated times join a larger pantheon of "educational events" that are not bounded by time, location, or even credit hour. Summer camps, professional development, recertification, and corporate training all become part of the lifelong journey a student has with his or her institution. Instead of organizing itself around programs or degrees, the institution can remain relevant by organizing itself around the outcomes or academic goals the student seeks (see figure 1).

Yet this type of more-flexible structure poses challenges for the institutional IT landscape. Data silos have risen alongside programs and departments, making the fabled 360-degree view of the student experience elusive, even mythical. Similarly, an architecture built to support degree programs makes it difficult for institutions to leverage many enterprise systems for new, innovative programs. Feral or rogue IT practices further complicate the landscape, since the capacity for innovation is uneven across departments and since systems are neither designed nor implemented to support lifelong learning.

Consequently, achieving student-centricity is likely to be a multiyear, if not decade-long, journey that is taken in incremental steps. But perhaps it is the approach an institution takes to navigating this journey, rather reaching its destination, that will define how student-centric an institution becomes?

Laura Ipsen:

Today's students don't want to chase information and services; they want to be the center of gravity around which information and services revolve. That means personalized outreach,⁴ simplified processes, and a digital experience that meets their "consumerized" expectations.⁵ As recruits, they want fast enrollment decisions and next steps tailored to their interests and desired programs of study. As matriculating students, they want to be able to turn to their mobile devices as personal assistants that make questions easier to answer and administrative tasks easier to complete. Even as alumni, they want to be engaged in ways that strengthen their connection to the institution and help them remain more involved.

As a result, we are going to see a heavy emphasis on effective data management and delivery in 2019. CRM systems capable of managing the full student life cycle will gain traction, as will tools that enable these systems to integrate seamlessly with each other and with SIS solutions. We will see more institutions moving to the cloud to enable the mobile delivery of real-time information and self-service tools. And we will also see institutions increasingly explore their options for improving workflows and reducing the time it takes to deliver essential student services.

Baker:

We're realizing that anyone in any organization can become a champion of improving the student experience through technology. We're seeing new clients coming through the door not only because a CIO is a champion but also because individual teachers, parents, and community members are eager to help students succeed. So, the advantage of a growing degree of technological literacy across the board is that literacy enables anyone and everyone to lead the charge. Once implemented, technological literacy can take root quickly, changing the learning culture very quickly as adoption is enabled by tech-savvy users who embrace new pedagogical approaches such as competency-based education (CBE) and digital advances such as artificial intelligence (AI), video, and gamification.

Issue #5: Digital Integrations

Ensuring system interoperability, scalability, and extensibility, as well as data integrity, security, standards, and governance, across multiple applications and platforms

Ipsen:

Top-tier service in the front office requires seamless collaboration between people, processes, and systems in the back office. As higher education continues to work with an array of applications to manage everything from parking to the library, integration of those systems will be a top priority in 2019. Institutional leaders will increasingly look to data models and technology platforms that provide specific benefits, such as (1) the ability to onboard and scale new solutions quickly; (2) the flexibility to keep the homegrown or legacy systems they have come to know and rely on; and (3) the free flow of data throughout the entire technology ecosystem.

As a critical first step, many institutions will need to reexamine data governance policies and cultural norms that have traditionally kept systems (and the data they contain) siloed off from one another. Consider today's average student, who no longer wants to use four different systems to access student-related information, services, and/or activities; or consider today's advisor, who needs more insight into nonacademic challenges (such as financial aid or student life issues) that might impact performance; or consider today's enrollment officer, who wants to leverage predictive analytics from across the institution to make better admissions decisions. To adequately address these challenges, those responsible for IT governance must ask themselves a simple question: Does our data belong to the department that captured it or to the institution as a whole?

Issue #9: Integrative CIO

Repositioning or reinforcing the role of IT leadership as an integral strategic partner of institutional leadership in achieving institutional missions

Ipsen:

In our work with more than 2,500 institutions around the world, we find that those that have elevated the CIO to the cabinet level are making the most progress on strategic priorities that run the gamut—because from student success to finance to talent development, there isn't an aspect of institutional operations that technology doesn't touch. That's why we expect to see more and more CIOs taking a seat at the table when overarching institutional strategies are discussed, in 2019 and beyond.

Today's transformative CIO is crafting strong partnerships with leaders across the institution and is using this trusted advisory role to offer creative solutions to problems faced by departments, faculty, and students alike. Moreover, this kind of close collaboration enables the CIO to prioritize technology investments and implementations in ways that align with institutional objectives. And the CIO can also validate or reject what other leaders are hearing from technology vendors who are increasingly seeking to engage campus leaders outside the IT organization.

Today's higher education CIOs sit at the intersection of the student experience, operational efficiency, and the innovations that are driving both to greater heights. That makes them not only a critical resource for leaders across campus but also true drivers of institutional vision and strategy.

Notes

1. Dell SecureWorks, "Underground Hacker Markets: Annual Report, April 2016." ↩
2. Verizon, 2018 Data Breach Investigations Report. ↩
3. NIST, Special Publication 800-63-3: Digital Authentication Guideline (June 2017). ↩
4. Ellucian, "Data-Driven Communication Leads to Increased Enrollment—and Future Donations," press release, October 31, 2018. ↩
5. Ellucian, "College Students Expect a More Connected Technology Experience Outside the Classroom," press release, October 31, 2017. ↩

---

Margita L. Blattner is Senior Director, Business Development, for EDUCAUSE.