IT services – we need to talk
I was at two conferences recently (OEGlobal and OER16). At both of them I ended up in a (different) group bemoaning the IT services in their university. I didn’t initiate either of these conversations I should add. Also, please do not interpret this post as having a pop at people in IT services, I know lots of good people there. Rather it is about how universities have created the environment where academics and IT are now in a rather dysfunctional relationship. Across many universities the complaints seemed to be rather similar:
- Security is used rather the same way Governments use terrorism – as a means of controlling things and removing freedoms
- Increasingly academics have no control over their machines, and cannot install or trial new software
- Even basic tasks are often highly frustrating and time consuming
- Support has been centralised so there is no local advice or help
- Senior IT managers have been brought in form other sectors with little understanding of the university culture
- Increasingly academics are circumventing official systems to buy their own machines, or host their own services, often in their own time and at their own expense
- There is little room for experimenting with tools beyond the VLE
Listening to these complaints (and occasional horror stories) made me rather wistful. As IT has become increasingly part of the central operation of every university’s teaching and research environment, it seems that it has moved further away from the people who actually need it for those functions. It has become a thing in itself, and the academics (and students), merely an inconvenience in its smooth operation. This is not to blame those in IT services, they are operating in the context that universities have established for them. If there is a security breach, it will be the IT manager who is in trouble, not the academic who wanted to play around with a cool new tool. It must be frustrating for lots of people in IT also, I’m sure they’d like to be experimenting with tools also.
We have to get back to having dialogue, and having IT people who understand the needs of universities (and equally academics who understand the demands of IT systems). The need for innovation in universities is often trumpeted, but it doesn’t arise from stony soil, but rather from the stinky, messy fertiliser of failed attempts with less than perfect ideas and tools. Innovation is not necessarily synonymous with digital technology, but often it is deeply associated with it. If you don’t have freedom to explore this stuff then increasingly universities will struggle to compete with ed tech companies who have more flexibility and freedom.
22 Comments
mikecaulfield
I’m reminded of this old cartoon of how the Library of Congress works. A researcher comes in, looks through the catalog, finds the work they need, fills out a card, etc. Eventually the book is delivered to the researcher who uses it, finds other citations, makes notes and hands it back to have it travel back to the stacks. As the LoC librarian puts it back on the shelf, she says:
“Good. Now this book is back where it belongs!”
We’re lucky here locally (a great IT team), but in most places that’s how IT thinks of their function.
vivienrolfe
This is bang on Martin but I think the picture is more complex. Quite often there are intermediaries – timetabling/administration – alongside the IT / academic relationship. I always meet these folk 1 to 1 and they are awesome. What isn’t awesome is the lack of shared vision, opportunities to all meet and collaborate. But I agree we spend excessive time servicing the ‘thing’ rather than caring for the student, or woe betide the teacher’s day to day experience.
mandyhoneyman
Dare I say that this is an education-wide issue, not in any way limited to universities. Experiences with local authority control over school networks led some of us to stage a revolt and take matters into our own hands. On reflection it is a mindset towards taking a lowest common denominator approach that may be the problem. Many educators simply want the tools to work, they don’t have the time or inclination to understand how they work, and if they don’t work they get terribly upset.
scottbw
Two things to think about, given my recent experiences of being a consultant embedded in IT Service teams at multiple universities:
1. IT groups in most HEIs are going through a serious recruitment and retention crisis, with many posts unfilled, resulting in staff doubling up, and projects being shelved in favour of keeping critical systems up and running
2. There are almost constant cyberattacks against UK HEIs, and outages of critical services have been high lately. Again, a stretched IT staff is having to respond to this (recent experience: TurnItIn goes down, DDoS hits JANET, and 100,000 assignment hand-ins are due. All in the same afternoon)
To unlock the support for innovation that staff and students want means ensuring there is the capacity and resilience in core services to do it.
Its not all gloom though – I’ve been working closely with IT teams to on providing APIs to support more innovative services on top of core data, and there are some great ideas in circulation for revamping IT security to make it more flexible (think service tiers with many supported login types, such as from social sites).
tjhunt
I think you are in danger of confusing two different types of use of computers.
In the past, computers and computing were pretty much the preserve of the geek. There are still people in this category who need to use their computer as a general purpose computing device, but they are now in the minority.
Then there is the the majority of boring use of computers: everyone’s email, showing powerpoints in meeting rooms, etc.
These things are very different, and need to be managed in different ways. (Except that, it is not a simple dichotomy. In reality, there are people and their computers at every point of the spectrum.)
Trying to think of analogies, I came up with sinks. In a typical university, you will have sinks in your chemistry and biology labs that are used for exciting research, and you will have sinks in the canteen for the boring job of providing food for everyone. It would be quite bad if there was no distinction between the two.
francesbell
I was smiling at this post Martin as my subject discipline was Information Systems and so the messiness is not a surprise, or even something that can be addressed by better control. I thought of an edited book by the late Claudio Ciborra https://books.google.co.uk/books?id=IuqQSqko9BMC&printsec=frontcover#v=onepage&q&f=false called From Control to Drift: The Dynamics of Corporate Infrastructures. Although it’s 15 years old, I think that many HE IT Directors could benefit from reading the Introduction, if not the whole book.
This part seemed particularly relevant https://www.flickr.com/photos/francesbell/26049574133
admin
Thanks Frances, I don’t know that book. I think it starts in the recruitment process – I wonder how often the CIO is asked “how will you facilitate innovation/new ways of teaching/ flexiblity?”
Pingback:
Ajay Burlingham-Böhr
I think it’s about getting the balance right between freedom and responsibility for consequences. Academics, and others, would like the freedom to play and experiment, but they also want a quality of service from IT that cannot be easily, or affordably, delivered if IT cannot control the end device. We offer academics an administrator log-on to their own device but they get a lower IT SLA with it. We will only restore their device back to its original imaged state rather than try and fix any problems created by installing experimental software or changing configurations. If staff want a higher level of IT service than that then they have to agree to not having an administrator log-on and allowing us to manage the configuration of their device and the software on it. Technologies like AppV, VDaaS and Cloud are helping to improve the flexibility of IT services – enabling us to give staff who need it a safe cloud-based playpen. As with most things it’s about developing a good enough relationship so that IT and Academic staff truly understand the constraints that each have to work with and collaborate to develop a solution that works for both.
btopro
In the age of virtualization, control structures for IT that still mirror policies of the 90s are what’s leading to so much strife. I’m non-traditional IT as I’m not in charge of managing infrastructure but building new things to match pedagogies. The same is true on the non-faculty staff side. I know many staff members who when faced with not being allowed to run something (basically) required to do their job they buy their own laptop, put the university issued one in a drawer and continue working while over VPN or some other method of gaining secure access.
It’s sad but in pursuit of ensuring control and stability they are actually destabilizing the institution from a technical perspective. Policy can’t keep pace with automation and virtualization which is allowing people to experiment more securely and faster then ever before. Fail and break often in virtual, deploy in the real.
I think this is also why e-Portfolio solutions are chronically bad, dated, and underutilized by students / faculty. Why use a university blogging platform when you can click and build your own in a few minutes on digital ocean for the tech savvy and rebuild instantly if there’s an issue (for the tech savvy) or host for free on wordpress . com for the “non” tech savvy.
The common thread I bring up amongst friends of innovation is control. All of these issues stem from control which you identify early in your bullet points (which are spot on). I wonder if policy built to securely empower and build up faculty in a distributed manner wouldn’t be more well received and alleviate the IT/Faculty tension that exists.
Pingback:
Anne Adams
I hate to say it but I was not only saying this almost 20 years ago but I had evidence on its destructive possibilities. I’d even highlighted a way through which many security design courses have incorporated and many security organisations have taken on board. But Universities IT (maybe because they pay less than industry seem to be behind the curve. The argument and the evidence showed that this old ‘enemy within’ hierarchical approach only decreases security.
Please read ‘the user is not the enemy’ Adams and Sasse (2000) CACM (communications of the association of computing machinery) and as it is an IT publication, show it to your IT departments so they can re-think their approaches.
After twenty years you’d think they’d move on their approaches.
admin
Hi Anne, I think the It world has changed a bit in that we don’t pay behind the curve so much anymore. This may even be part of the problem – unis attract CIOs from corporates who I think do a good job of dazzling senior management with tech talk but have very really understanding or sympathy with a university culture. They apply the same model that worked in local government, retail, or whatever sector they came from.
Pat Parslow
I’d agree with Anne. 20 years ago, Director level and IT Management at the large non-education organisation I worked for were pressing for greater IT controls, stricter security etc. Fortunately, I worked there, and through some powerful advocacy, we ended up with systems which encouraged experimentation. As IT support, we’d do what we could to rectify the obvious oopsies which would occur, within cost and time constraints, but had stand-by ‘factory settings’ machines to swap out to the end users. We only needed 1, in fact, for 500 staff, but kept 2 just in case.
Security was less of a concern then – viruses tended to destroy information rather than send it to the ‘bad guys’, and our back up regime meant data didn’t get lost. We did have firewalls which prevented certain classes of information leak – they only ever seem to have had a negative impact on me, not on colleagues (but then, I was always breaking our rules, I saw it as part of my job 😉 )
We had a “Can do” attitude – always keen to see how far colleagues could push the new technologies, keen to find out how much empowerment we could squeeze out of those magical boxes of bits. I also insisted that any IT help desk resolution included a “How to avoid it, and how to fix it” element, which had to be conveyed to the user. In 2 years, I cut help desk calls by 66%.
Fast forward to today. In an educational establishment, we briefly had a help desk manager with a “Can do” approach. The rules said that one machine I was working on about 5 years ago, which was in an ‘admin’ office, rather than an ‘academic’ office, could only have software installed by central IT. I persuaded them that it might be wise by giving them a list of software I needed installing – one item at a time, each in its own help desk request. They sensibly gave me admin permission. Although we don’t formally have Ajay’s reduced SLA agreement, I’d have no problem with it – yes, I’d like IT to support the junk they insist on installing, and to make sure I have access via the network to things they insist I use (and Facebook, thanks), but beyond that, I am extremely happy for them not to touch – nor, indeed, have access to, my machine.
There are times when I process details of research participants on my machine – it is not appropriate to have unknown, unnamed, IT staff, often on temporary contracts, able to view my screen or access my disks.
And we have an ‘efficiency’ programme in place which, I confidently predict, will soon lead to centralised controls. Having been in IT support, and having juggled the balance between empowering and security, I understand it is hard – but if they go down the route I confidently expect them to, the environment will make it almost impossible to do my job. I need to test cutting edge, and open-source, and yes, sometimes even deliberately dodgy, software in order to be able to fully understand it well enough to teach the students.
We are, basically, 20 years behind. It isn’t only in IT management, though, but rather in general management mindsets. Maybe ‘industry’ is swinging back to this as well – although the folks I get in to give guest lectures don’t describe it that way.
Half the ‘guerilla’ research I have done would not have been possible without the flexibility I have now – or at least would have been much more time consuming, and much less cost effective.
Ajay Burlingham-Bohr
Another factor that has to be considered is that IT department in Universities also have to satisfy auditors and we are increasingly obliged to implement security practices that are at odds with the freedom needed by academics. The level of control required in order to be compliant is ever increasing and the new EU DPA regulations which will come in in 2018 will require even more rigorous compliance with penalties now increased to 20m Euro or 4% of turnover.
Tracey Torble
Speaking as an IT service management professional I’d say that your senior IT managers are being brought in from other sectors to show you how to do IT service management, not Education. The business has, and should take, an active role in specifying the service, working with IT to take into account constraints such as security and budget. In my experience (which includes Education) too often the business, when asked what it needs, says “everything, with bells on” (or, worse, insists that it is IT’s job to know) and IT services is left with no choice but to deliver what it can afford rather than what was demanded of it. Process and standardisation make things more predictable and the more predictable something is the more manageable it is. IT services are accountable for their costs and must do something to make them predictable and manageable. Yes quite possibly the baby has gone out with the bathwater but that is not unique to Education. The business end of any organisation must step up and play its part in saying, realistically, what it needs and not expect IT services to guess what is most important, but also listen to the professional concerns. Dialogue, yes, it is a two way street.
Pingback:
Pingback:
Pingback:
Pingback:
Pingback:
Pingback: