CHIEF INFORMATION Officers Speak Out

CHIEF INFORMATION Officers Speak Out

Five experienced CIOs discuss security, staffing, and how they respond to changing technology on campus.

THE IT DEPARTMENT IS THE FRONT LINE when it comes to network security and technology training. Along with juggling budgets, guiding projects, and maintaining adequate staff, the campus CIO has to ensure technology on campus not only aligns with student expectations but is usable and used. As a new semester gets under way and network usage increases, Ronald Danielson, vice provost for Information Services and chief information officer at Santa Clara University (Calif.); Bruce Maas, CIO at the University of Wisconsin-Milwaukee; Celeste Schwartz, vice president for Information Technology at Montgomery County Community College (Pa.); Sam Segran, associate vice president for information Technology and CIO at Texas Tech University; and John Smithers, CIO at Johnson & Wales University (R.I.), took time to discuss everything from P2P networks to managing change in a virtual roundtable for University Business.

P2P file sharing is a problem on many campuses. What steps have you taken to respond to the campaigns against illegal music and movie downloads? How involved do you think colleges and universities should be in the issue?

Ronald Danielson: I don't like the phrase "respond to the campaigns against illegal downloads." It seems to imply that universities are working at cross-purposes to copyright holders, or that we've been ignoring the issue, and certainly neither is the case. Santa Clara is diligent in educating students, faculty, and staff about their responsibilities under copyright law and the potential penalties they may face if they violate it. But we also do that for photocopying as a violation of copyright, although less vigorously. I believe colleges and universities owe our students, faculty, and staff informed information about the subject and about the risks they face. From the little factual information I've been able to find about the subject, my sense is that higher education is being disproportionately targeted by the entertainment industry related to downloading.

Bruce Maas: While we do not actively monitor our networks for this type of behavior, we respond promptly to valid and legal Digital Millennium Copyright Act (DMCA) claims by disconnecting network access privileges to the individual identified with the offending IP address. Network service is restored to that person only after verification that the offending material has been removed from the offending computer and the individual assigned to the IP address completes an online course developed to educate the campus community about legal and illegal file sharing.

Sam Segran: We use network technology to block P2P based on the protocols used. But we also have policies prohibiting the use of P2P on the network. Texas Tech is a state university; in April 2006 the governor signed a policy forbidding P2P on state networks. We've negotiated with Ruckus and iTunes for a free music download site, and we distribute handouts at freshman orientation, and to parents, faculty, and staff. John Smithers: We have Packeteer Packetshapers at each internet gateway at each campus that prohibits that traffic from passing to and from our network. We don't allow any subnets, wireless networks or any type of network other than our own, so we monitor for that. We shut them down when we find them.

A recent CDW-G survey suggested that the greatest threat to network security may actually be from users within the university itself. How do you safeguard your network against your own users?

R.D.: There are several different security issues related to this: keeping on-campus people from accessing network resources they shouldn't, making sure computers connected to the network aren't harboring security threats, and controlling network traffic so that no individual disrupts the services of others.

Celeste Schwartz: People don't want to talk about these things. Security is the thing you worry about day and night.

R.D.: For a number of years we have required students in our residence halls to register their computers before connecting to our networks, and we will extend it to faculty and staff this year.

S.S.: We don't trust anybody inside or outside. We monitor access to critical systems, use role based identity, and conduct proactive scans weekly-plus a few other things we won't talk about publicly.

B.M.: We formed a central IT security office with dedicated staff (reallocated from within our organization) three years ago, and it reports directly to me. We also have developed incident response teams mostly composed of individuals from outside our central IT organization, which has helped us to better engage our community in both responses and avoidance through better compliance with best practices.

C.S.: We have intrusion detection where we know if somebody is trying over and over again to gain access and failing. The greatest security threat is wireless and people bringing their own laptops, but it's a small percentage. We have all the fail-safes a four-year would have, but we don't see as many attempts.

How are you managing the push to integrate technology in your classrooms (lecture capture, better presentation options, etc.)? What group is driving it?

R.D.: Providing power connections for students is still a major issue and will be for the foreseeable future. Every summer we either add projection capabilities or replace A/V equipment in a dozen classrooms. This is motivated by increased faculty use of web-based technologies and PowerPoint in the classroom. We've been experimenting for about three years with lecture capture software from Tegrity. Faculty feel more comfortable covering a lot of material because students can review more easily. I think this is a technology that students will be expecting universities to provide within five years, much as ubiquitous networks and wide use of learning management systems have become universal student expectations.

C.S.: If there is a single group leading a change you'll get resistance from some people, but we have collaboration. IT is driving it from providing support-not pedagogy. Eighty percent of our classrooms are "smart classrooms," and the technology can do lecture capture. We're expecting more faculty to start posting lectures online. There is no question that students love the faculty that use the technology. And-this is the coolest thing-we have faculty demonstrate how they have integrated technology into their classroom. We're going to make it an annual event.

S.S.: Colleges tend to drive the learning environment. We lay the base standards, but on the teaching side we try not to be rigid on what is picked. IT also provides consulting help to spec, acquire, and implement A/V-type technology solutions, feedback systems (clickers), and so on.

J.S.: I'd say that what IT lends to a process is our skills and comfort level with doing tech assessment.

On the people side, how do you drive organizational change and get everyone on board?

R.D.: The hundred million dollar question! We use a variety of approaches, but they almost always involve partnerships with peer leaders from the functional side (academic or administrative), so developing good relationships with others across campus is critical.

B.M.: It is important to develop a shared vision. This is not trivial, and will likely involve a lot of hard work. We have a concept that we call "core service teams." When a common need exists on campus for a service, we pull together people mostly from outside central IT to work through the process and identify options. It culminates in a report to me. That has worked really effectively. When the team does the work, it ensures buy-in right from the beginning.

S.S.: Good communication and timely information dissemination are very important. For instance, we still had people using dial-up, and it was becoming cost prohibitive. We've been working for a year to notify people [we are shutting it down], especially if it will have a negative impact.

J.S.: I agree with the premise that IT is a leader for change. We have to help users understand what they need. To increase the ongoing dialogue and ownership among and between all constituents, we recently created a twelve-person university-wide IT governance group (the IT Advisory Committee-ITAC). Part of it is "feel our collective pain"-we don't have the resources to implement every good idea out there.

How do you approach finding and retaining quality staff? How big of a factor are salary, benefits, and the type of technology in place on campus?

B.M.: At most universities, there is competition with the private sector for IT staff.

C.S.: Salary, benefits, and technology are all equally important.

R.D.: We're located in Silicon Valley, which is both a help and a hindrance to staffing. It's important to have interesting things to work on (both projects and toys), opportunities for staff development, and a congenial work atmosphere.

S.S.: The problem in recruiting is more pronounced in certain skill sets, such as IT security, networking, and DBA areas.

B.M.: I utilize CUPA (College and University Professional Association) data and try to be as competitive on salary as possible given that we are in a major urban market. Ultimately, we are trying to create a culture in our central IT organization that is so attractive that word of mouth gets out about this being a high quality place to work.

C.S.: I think the technology keeps people here. We give them opportunities to learn about different things. If you show people respect, let them learn, people seem to want to be at a place like that, and people want to be at a place with current technology.

S.S.: We also expend a fair amount of effort in employee recognition tasks and events.

J.S.: Quality of life in an academic environment is a big draw. You just have to be careful not to overpromise.

What's the next big technology push at your institution?

C.S.: Mobile devices-sending information to various types of mobile devices with different encryption and security. Podcasting-This younger generation has high expectations about lecture capture; they expect instant replay. The generational differences [between traditional and nontraditional students] impact a community college more than a traditional four-year. At a community college you could do all these great things, but the older students will struggle with the technology. It's more intentional when faculty move in a certain direction, because they have to think more about the learning styles in class.

B.M.: We have rolled out an enterprise-wide content management system using the Common Spot software, from Paperthin. We've also deployed Xythos as our enterprise file storage and file sharing system. It improves security and limits the number of places things are stored. We have licensed the network edition of a Web 2.0 collaboration software system from Zimbra and are in the process of beginning our implementation to convert virtually all faculty staff, and students to this new shared e-mail/calendar/ messaging environment. We felt the open source edition was not robust enough for our needs. [Zimbra offers both a commercial and an open source version of its e-mail and calendar groupware.]

R.D.: VoIP. Also, we think both classroom capture and digital video will become major tools on the academic side over the next few years. Identity management is an issue at most higher education institutions I talk to and is something we're trying to make advances in.

S.S.: High performance community clusters for researchers. These offer researchers the opportunity to have more computing power than they could individually purchase at a much lower total cost of ownership. Community cluster participation also saves costs associated with administration of individual groups of servers.

How has your department budget fared in the last year? How are you adapting to cuts or arguing to maintain current funding?

C.S.: My budget is fine, no complaints. That is partly because we have a technology fee we charge students, based on the number of credits taken. Every dollar of that fee is spent on technology and is documented. We just extended our replacement cycle from three years to four, because we found there was still life in the technology. We also do roll downs-technology might be on campus for four years but not in the same department. It's a lot of hassle-don't get me wrong-but it has helped the college stretch the dollars.

S.S.: The budget has pretty much been flat at Texas Tech, which hurts because of the creeping increases in staffing costs and the ever increasing costs in maintenance agreements and major software licenses. We periodically review our activities for operational efficiencies. Still, at some point "lean and mean" changes to "anorexic and vicious."

J.S.: Johnson & Wales is investing heavily in technology. At this point, I'd say that our biggest technical project constraint is resources. One of our major challenges right now is balancing the utilization of these resources for new projects and the ongoing support of existing technologies.

How do you communicate with, and get feedback from, your end users?

R.D.: We're a small campus, so simply walking around provides opportunities to meet and interact with members of the community. We send periodic e-mails to the community, provide anonymous e-mail for submitting suggestions and complaints, and are just implementing a "rumor mill" website where anyone can post a rumor about IS topics and get a full and honest response.

J.S.: I like that anonymous e-mail idea, but people don't usually have problems lodging complaints.

C.S.: We have a new automated process for the helpdesk. After a call, users can comment on the service, so deficiencies are corrected as they occur rather than waiting for once a year.

Web 2.0 applications are gaining popularity with students and many faculty. Is there any concern over how these applications affect network resources? Examples?

R.D.: Just wait until students replace all those photos on their Facebook pages with videos!

B.M.: Zimbra is a Web 2.0 system that we think will provide us with some valuable experience. The challenge will be in providing security commensurate with our risk tolerance.

S.S.: I see some opportunities with podcasting, blogs, wikis, and photo/video sharing, etc. But I have a tougher time so far in seeing immediate value from Second Life, which I think needs more development and educator involvement. It's less of an IT issue and more of a faculty issue-how they teach. I have problems with the rapid integration of new technology without vetting whether it is going to work. If it doesn't work, then the people who will get hurt are the students.

What type of technology training do you offer faculty and staff? Does training take place regularly, or only when new technology is introduced?

B.M.: We've engaged a faculty member from our School of Education to review and update our training and development curriculum. Faculty are a resource at universities that we don't always take advantage of. We've worked with a professor in our School of Information Studies to develop online sources of "just in time" training resources geared to the way that faculty need information when using a new system. These collaborations with expert faculty have been immensely helpful to our staff.

R.D.: We offer classes throughout the year and schedule "technology office hours" in student residence halls periodically. We offer campus-wide training when we introduce significant new technologies or for critical activities, like annual line-item budgeting. We offer more extended training opportunities for faculty, including a two-week summer workshop on pedagogy and technology related to enhancing student learning, and extended training on technology-based curriculum design.


Advertisement