Alternative IT Sourcing Strategies: Six Views

Authors:
Ed Mahon, Mike McPherson, Joseph Vaughan, Theresa Rowe and John Bielec
Published:
Thursday, July 21, 2011
Collection:
Editors' Pick
PDF:
PDF
min read

Ed Mahon
Michael R. McPherson
Joseph Vaughan
Theresa Rowe
Michael P. Pickett
John A. Bielec

EDUCAUSE Review recently asked six CIOs to talk about alternative IT sourcing strategies and about whether they are, or aren’t, “doing it themselves”—providing technology services—at their institutions.

Cloud-sourcing. Outsourcing. Consortial sourcing. Institutional sourcing. Collaborative sourcing. Clearly, technologies and IT services are being delivered to colleges and universities in a myriad of ways. Whereas in the past the role of the IT organization was to provide IT services to the campus community—known (now) as insourcing—over time that role has subtly but concretely changed. IT leaders today must not only provide but also decide: which tools and services should they continue to supply, which are better delivered by others, and perhaps most critically, which methods from among the bewildering array of alternative sourcing strategies will best serve their faculty, staff, and students.

In 2009, the EDUCAUSE Center for Analysis and Research (ECAR) published Alternative IT Sourcing Strategies: From the Campus to the Cloud, by Philip Goldstein. The author defined “alternative sourcing” as “the range of options institutions have for providing technology services or operating technology functions aside from doing it themselves. This includes traditional outsourcing of all or part of the IT organization, accessing cloud services and externally managed applications, development environments, or hardware via the Internet, and use of contractors and consultants as a part of the IT organization.”

EDUCAUSE Review recently asked six CIOs to talk about alternative IT sourcing strategies and about whether they are, or aren’t, “doing it themselves” at their institutions.

The Cloud as an IT Sourcing Strategy

Ed Mahon
Vice President & CIO
Kent State University

IT leaders get it. It’s old news: reduced budgets, higher expectations, increased complexity, and shorter technology obsolescence periods. Further, we know the IT value proposition does not rest with baseline IT services (though no higher-level IT value can be obtained without these services).

With institutional budgets in crisis mode and increased demands on our IT investments, the need to thoroughly assess how we deliver both baseline IT support and IT development efforts has never been more critical. If you are having trouble keeping up with all the new service demands, a new service model, such as the cloud, may be a solution. To evaluate the cloud, we first need to ask: can the cloud be leveraged to develop new services more quickly and without spending more money than necessary? Sure, cloud service providers tout their features as forming a more scalable and elastic environment, all with a consumption-based utilization model, but is it true?

I think so.

Baseline Infrastructure Operations: Current State

Most IT departments have long since learned how to maintain the information infrastructure well. Reliable and relevant baseline IT services have become commonplace. Keeping the bits flowing and protected, maintaining a messaging environment, managing a multifaceted contact center, providing electronic storage solutions, and running data center services are routine operations. Most baseline services operate with three 9’s reliability (99.9% uptime). So why tinker with success by moving to other support models, such as the cloud’s Infrastructure as a Service (IaaS)?

To save money? If you are like me, you have not used the words “savings” and “IT” in the same sentence for years! We all know the difficulty inherent in measuring IT savings or cost reductions. The benefits often show up somewhere else in the academy, in the form of elevating a clerk to an analyst, reducing paper handling, improving customer satisfaction, or enhancing access to information. All are equally hard to measure, and any savings will likely not be in the IT budget.

Baseline Infrastructure Operations: Future State

Why risk a disruptive change in the support model if everything is working reliably? After all, the cloud is just another outsourcing solution, and we continuously evaluate outsourcing solutions. We select an outsourcing solution not to save money but to obtain a quality of service not otherwise obtainable on our own. Can the cloud actually provide higher-quality solutions by better leveraging advanced virtualization and storage techniques? Can the cloud really help with the unprecedented data growth—or at least control the costs? Some might suggest that the cloud is indeed about cost savings, but with a few exceptions, I don’t think savings is the key attribute. The most important benefits center around solving an age-old problem: the ratio of staff support to staff development. That is, cloud services can minimize operational costs, thereby increasing staff availability for IT development efforts.

I think of the cloud as a service-delivery model rather than a specific type of technology. The cloud offers the potential to deploy services faster by off-loading the tasks of buying, receiving, paying for, and installing hardware and software, patch management, change management, monitoring, and troubleshooting. The cloud also offers consumption-based pricing and capacity on demand. But again, the most valuable benefit is the opportunity to reduce distractions resulting from the maintenance operation and concurrently repurpose operational staff efforts toward developmental services.

Repurposing baseline services to the cloud sets the stage to better utilize full-time employees to learn institutional business needs and to build long-term relationships with the campus community. With more time for assessment, staff can develop a clearer understanding of the needs of the business or academic unit they serve. These service assessments can aid in the recruiting and retaining of students, can help simplify administrative processes, can improve the learning experience, and can support the research agenda.

A Difficult Move

Moving to the cloud is not a light-hearted, short-term endeavor. During the shift, running cloud services and premise-based systems concurrently for an extended period of time is difficult. The effort also requires one-time investment funds. The transition will be a multi-year effort that involves living in both worlds (accruing both on-premise and cloud-based costs). Finally, before moving to the cloud, IT leaders need to compare costs, develop new skills, and determine security requirements.

Comparing costs can be tricky. Learning the true fiscal impact of a consumption-based pricing model and confirming if capacity on demand will in fact meet peak usage needs should be at the root of cloud evaluation efforts. Leveling off or normalizing capital expenditures over time sounds attractive. Moving to a completely operational expenditure environment (no institution-owned equipment) may help develop a multiyear budget model, but doing so likely won’t reduce the expense of operations. Redesigning the existing activity based costing model in order to compare the actual costs of the current support model with that of the cloud prices will be challenging.

To ensure that service level agreements (SLAs) properly serve the new cloud-provider arrangement, IT leaders will need to develop new staff skills such as contract and vendor relationship management (truth is, we should already have these skills within our staff). Creating and managing SLAs within the contract to ensure key components such as monitoring, interoperability, data recovery and backup, real-time metrics, and the penalties that result from noncompliance will be required. The metrics tracked by cloud providers differ from those tracked by premise-based systems, requiring full-time staff to create and monitor these SLA measurements.

Lastly, IT leaders must determine which security requirements should be requested of cloud providers and how to ensure they are followed. Leaders should outline the security audit requirements and expectations of the cloud providers. Enhanced security may be more obtainable in the cloud, but we need techniques to verify that security.

The Cloud at the Application Level

With Software as a Service (SaaS), the vendor hosts the software application (in the cloud) and the customer provides the data to make it useful. This enables the application to be available from a browser anywhere.

Currently, complete institutional data systems such as enterprise resource planning (ERP) systems do not exist in the cloud for higher education (i.e., all tier-one modules integrated into a unified architecture in the cloud). Only a few traditional ERP modules are available in the cloud (employee benefits, payroll, procurement, finance, etc.). If you choose these SaaS offerings, plan for additional complexity and expense in order to integrate them with your core premise-based student information system. Building the interfaces needed to interconnect all applications will not be a new experience, but these interfaces differ in that they interconnect between multiple physical locations.

With limited sourcing options available for our institutional data systems, we will need to work with our ERP software providers to help define the maintenance efforts of these complex systems in order to implement a new ERP support model in the cloud. Additionally, potential shared services arrangements among institutions will also require this effort. Standardizing the ERP maintenance effort will be necessary no matter which option we select.

The Kent State Model

The Kent State University sourcing model involves an ongoing, multi-tiered assessment. First, we are ensuring that we maintain good relationships with our key vendors such as SunGard, Dell, Blackboard, Cisco, Microsoft, and Google and that we understand their future directions. It appears many of them are developing partnerships to provide enhanced services. My sense is that these partnerships will be needed in order to meet the needs of higher education. For example, Google and Blackboard could develop a more seamless collaboration space visible between their products, or Google and Cisco could ensure that unified communications and calendar presence work properly.

Second, we are updating our activity-based costing model that identifies current cost elements, per the business service they provide. The cost model doesn’t need to be exact in order to enable a cost comparison between all future support models, such as an operational expense-based model (OpEx) in the cloud.

Third, we are developing criteria to consider solutions that concurrently solve more than one problem, such as the following:

  • Outsourcing functions, such as moving our help desk to Blackboard, which would extend hours of operation without adding staff, deploy new services such as chat and scheduled call-back appointments via the web, and enable badged employees to create more useful knowledge database articles
  • Developing a daily back-up system that would also serve as a disaster-recovery method
  • Moving e-mail to the cloud (Gmail) to both save money and give students what they prefer

And finally, we are utilizing tier-one vendors’ partnership programs, such as SunGard’s tiered business system. Picking vendors that have already invested R&D dollars to integrate multiple software systems helps ensure that we don’t have to build duplicative API interfaces.

Conclusion

The difficulty in the cloud discussion lies in the transition, not in the decision to move to the cloud. Institutions will need to develop a sourcing strategy to manage their entry into the cloud. Though transition details will be complex, those of us in higher education have lived through such transitions before: mainframes and servers co-exist; UNIX and Windows operating systems co-exist. Cloud-based and premise-based computing support models will co-exist as well.

See ya in the clouds!

© 2011 Ed Mahon

The Discipline of Strategic IT Sourcing

Michael R. McPherson
Associate Vice President and Deputy CIO
University of Virginia

Gone is the black-and-white, all-or-nothing fantasy of the early days of IT outsourcing: in those days, either you continued to perform a function internally or you threw it over the transom, pocketed the savings, and washed your hands of it. Sourcing today is a discipline—a set of practices, competencies, tools, and nuanced choices made over a range of possible configurations for a variety of reasons.

Like most other institutions, the University of Virginia is engaged in the full range of sourcing arrangements. From formal partnerships with commercial vendors for contractually governed joint services and community source partnerships with other institutions for core services, through exploratory forays into the world of cloud Infrastructure-as-a-Service resources incorporated as components of our campus infrastructure, to arrangements for leveraging the changing capabilities of consumer technologies, sourcing discipline is pervasive in modern IT practice at Virginia.

Commercial Partnerships

In our sourcing practice at the University of Virginia, we frequently ask ourselves:  “Are there external entities that have developed industry standards or exemplars in specific services and can we partner with them?” The process of sourcing our help desk operation is an example. For many years, we ran a rather typical university IT help desk, staffed by a core group of full-time technical and end-user communication experts, with a larger group of part-time students answering the telephones and projecting help desk presence into residence halls and computer labs. Things worked pretty well: phones were answered, questions and problems were resolved. But we wanted more. We wanted 24/7 instead of business-hours-only coverage, we wanted advanced call management, and we wanted a detailed analysis of topics and the development of a robust knowledge base. We could have created these capabilities for ourselves, but instead we chose to pursue a partnership with one of the commercial vendors that had already established excellence in this field.

Although many people think of outsourcing as a way to save money, we did not enter into this partnership with cost savings as a goal. Our purpose was to leverage the expertise of a company whose only business is call centers, to achieve 24/7 coverage without a dramatic increase in costs, and to free up the time of some of our best technical and communications staff to work on projects of higher strategic importance. We believe we are headed toward achievement of those goals. We now have 24/7 coverage at about the same cost as our former business-hours-only service. When the full potential of the partnership is realized, the advanced technologies and the business practices provided by a company that specializes in call center operations will give us a much more detailed understanding of the issues our users are facing. The members of our core team of very talented, experienced, and versatile help desk staff are now working in academic units to help faculty use technology more effectively and are working with central IT staff to make our services better.

Sourcing to an external partner does not mean that we are out of the help desk business. The level of effort required, both in the transition and ongoing, is significant. During the transition, we focused on teasing apart the intertwined and interdependent roles of the individuals who provided the existing service, including: carefully specifying all of the topics on which the help desk was expected to provide help (something that was poorly understood and even more poorly enforced with the internal service); translating our existing knowledge bases into language that someone outside our culture could understand and use; capturing the knowledge that existed only in the heads of our staff; creating formal service level agreements (SLAs) between the external partner and the many internal groups that are a part of the overall service; and setting performance expectations across the board. Ongoing, internal staff are dedicated to managing the relationship with our external partner, monitoring service and performance levels, troubleshooting breakdowns when they arise, and refining the knowledge base and the agreements that were created during the deployment. Even if the final service had been unsatisfactory, the process we went through has been invaluable. We learned a good deal about ourselves, and we formalized processes and relationships. We also now have an understanding of what the help desk can and cannot do, of how our services are provided and supported, and of the strategic role of a help desk in the overall IT environment—an understanding that we would not have gained without this project.

This sort of formal, contractual partnership with a commercial entity is probably the primary mode of sourcing in which we currently engage at the University of Virginia. We have similar successful relationships that source systems such as treasury management, job application and tracking, employee performance management, and other critical administrative functions. We have integrated best-of-breed applications into our suite of services without the downside of needing to have in-house staff expertise to support multiple platforms and application infrastructures.

Community Source

Another sourcing alternative to which we are deeply committed is community source software. We are involved in Sakai (learning management/collaboration), DuraSpace (repositories), and Kuali (particularly Kuali Coeus, for enterprise research administration). Community source projects attempt to combine the vitality and creativity of open source software with the predictability and accountability of commercial software. Community source partnerships create open source software while adding formal governance and specific financial commitments from the partners to make things happen on a predictable schedule. Partners provide cash to support operations; architects, programmers, and communications specialists to create and market products and services; usability, business, and audit specialists to validate the effectiveness of the products and services; and committed individuals to participate in governance activities. Community source works because of this formal commitment of institutional resources to address the issues of accountability that would traditionally be addressed in vendor contracts.

Again, as with the help desk sourcing arrangement, we did not undertake these efforts to reduce costs. Community source offers a sourcing arrangement very well suited to activities for which retaining overall direction and control of the activity is deemed strategic, but for which group action with a set of like-minded institutions is necessary to achieve the goals or to provide other benefits of scale. In many of these areas, there are commercial products we could implement or services we could procure, but we consider learning management, repositories, and research administration to be so central to our core teaching and research mission that we prefer to shape the services directly and maintain significant control over our destinies.

Web 2.0, and Beyond . . .

Facebook. Dropbox. LastPass. These names strike terror in the hearts of many institutional IT leaders, and depending on where you sit, bloggers like ProfHacker and Lifehacker are either prophets or Public Enemy #1. However you feel about them, these bloggers are simply articulating what our faculty, staff, and students are already thinking: that the Internet is a place of incredible creativity—a place where new, compelling tools appear every day.

Our need to survive and thrive in the Internet age is leading Virginia to include the richness of the Internet ecology as part of our sourcing strategy. We are taking a two-pronged approach. We are aggressively selecting a small number of best-of-breed web-based tools and integrating them into our Sakai learning management/collaboration environment, giving them the UVa brand (a significant concern for many), and connecting them to the identity management and security infrastructure that supports our more traditional services. In effect, we are taking advantage of the potential of Sakai as middleware infrastructure to build a bridge to the diverse ecosystem of the web. We anticipate that access to these best-of-breed tools will meet the needs of the majority of our faculty, staff, and students.

In addition, since we recognize that there will be significant needs not met by these officially endorsed tools, we are taking a broad look at institutional policies and procedures relevant to individual adoption of technology tools. We have completely rewritten our data-protection standards, shifting from a focus on where the data are to what the data are, providing clear rules for protection of highly sensitive data and clear guidelines for wise decision-making for all other data. We are developing new policies for governing the execution of shrink-wrap and click-through agreements to outline the issues that employees should be keeping in mind when they read a license agreement and to clarify the roles and responsibilities of employees who choose to agree. We are rewriting our standard vendor terms and conditions and contract language templates to clarify the role of subsequent shrink-wrap and click-through agreements in ongoing vendor relationships. We are working to understand and communicate the important responsibilities that exist when instructors require their students to use Internet services (which can pressure students into accepting risks they may not understand and with which they may not be comfortable). The overall intent of these changes is to educate our faculty, staff, and students about the potential risks of using “free” and low-cost Internet services, to empower them to make choices consistent with their goals and with university policy, and to protect the university against contract terms it is not able to accept.

The Consumerization of Technology

With all of the faculty-, staff-, and student-owned laptops, smartphones with both 3G/4G and WiFi connectivity, and various other electronic devices, the device most commonly used to access IT services at the University of Virginia is likely one owned by an individual (not by the university) and one over which we exert very little control. Although this situation brings significant risks that must be managed (which I won’t discuss here), it is also a great opportunity for our sourcing strategy.

At Virginia, we have what is effectively universal computer ownership among our undergraduates (either our students bring their own or we work with vendors to provide computers to those students with financial need). Virtually all of those computers are laptops. Until recently, we had failed to fully incorporate the presence of that rich resource into our planning for IT service offerings. For example, we continued to provide hundreds of seats of open computer labs to students years after we had reached universal computer ownership.

Several years ago, we made the decision to leverage student-owned computers to change the way we provide special-purpose software for teaching and undergraduate research. In essence, we realized we could “source” a major service component—access to basic commodity capability for students—by taking advantage of a consumer trend that we didn’t create and that we don’t control. We began counseling incoming students to buy smaller, more portable computers that they would actually carry with them and use all day. We site-licensed the core productivity applications so that all students can use them without the barrier of per-copy costs. Building on that base, we have gradually eliminated most of our open computer labs, replacing the software-delivery role that those labs provided with a virtualized desktop environment that students and faculty can access from their own computers. This allows us to direct funds previously spent on computers toward creating and maintaining new spaces conducive to technology-enabled individual work and small-group collaboration. Students and faculty are able to use the software tools we provide wherever and whenever they need them and in whatever physical or virtual collaboration space they choose.

*****

IT sourcing takes many forms, manifesting advantages and disadvantages unique to each form and circumstance. Thinking about sourcing as a strategic activity, as a discipline, that embraces those many forms can be a powerful tool for addressing the challenges facing IT leaders in higher education.

© 2011 Michael R. McPherson. The text of this article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License (http://creativecommons.org/licenses/by-nc-nd/3.0/).

IT Sourcing Decisions: A Calculus of Risk and Reward

Joseph Vaughan
CIO and Vice President for Computing & Information Services
Harvey Mudd College

The choices to be made among alternative IT sourcing strategies are among the most difficult and complex decisions, whether the decision maker is the CIO or a vice president of another division. At the seven Claremont Colleges,1 we have a long history of experience with a variety of IT sourcing models, from different kinds of on-premise sourcing to complete outsourcing of the IT function (as was the case at Claremont Graduate University until recently). Many of these models are examples of the “above-campus IT services” identified by Brad Wheeler and Shelton Waggener in their 2009 EDUCAUSE Review article, in which they distinguish between unaggregated local models and above-campus models that can involve commercial, institutional, or consortium sourcing.2 As we explore our various options, we are gaining valuable experience with the ever-changing opportunities offered by cloud computing as well.

One model that we have evolved at the Claremont Colleges is what we call the “lead college model.” In this model, one of the seven colleges acts as the central provider of a service to the others. For example, Harvey Mudd College runs Sakai for all the colleges, and Pomona College runs the student registration system.3 In the case of Sakai, Harvey Mudd College runs the servers and provides staff for tier-two and tier-three problem solving, and each of the colleges provides tier-one and some elements of tier-two support. The service is provided under the terms of a service level agreement (SLA) that was negotiated in 2009–10, some years after the service actually started up. The Sakai Administration Team, which consists of representatives from each of the colleges, is responsible for setting priorities and monitoring the service.

Within the Claremont Colleges, lead college sourcing has typically emerged in situations where the lead college had particular IT strengths or a particular interest in making an application available. Timing plays a role too: a lead college is often ready to roll out an application before the others are. This was the case with Sakai, as Harvey Mudd College already had experience with the application and had the expertise to integrate Sakai with the student registration system (Jenzabar CX).

The other colleges usually fund a lead college service by annual contributions, typically apportioned on the basis of student FTE. In theory, the lead college model has the advantage that the service provider will itself be using the service and thus has a strong interest in ensuring a high quality of service. The model also provides a high level of local control, which is strongly valued by many of the IT staff. And of course, the financial cost to each institution is lower than it would be if each institution were to provide the service itself.

The lead college model has some disadvantages too. These are summed up by the fact that providing a service to other colleges is seldom going to form part of the core mission of the IT function at the lead college. Hence, if there are problems with the service, those problems will constitute a management distraction for the lead college, which may have to direct more resources toward the service than it would otherwise do. This may not be obvious because the colleges are not in a pure vendor-client relationship with one another, making it more difficult for client colleges to bring the same considerations to bear on the lead college that they would bring to bear on a vendor providing the same service.

The Claremont University Consortium (CUC) is a “free-standing educational support institution of The Claremont Colleges” dedicated to providing services to all seven colleges.4 Centralized IT services are thus more clearly aligned with its mission. And there are many examples of such centralized services: CUC provides Blackboard for point of sale and access management and Hyland OnBase for document management and workflow (to name but two). CUC is funded by aggregated contributions from all the colleges and does not have a charge-back model for IT services. The aggregated funding covers all (IT and non-IT) services provided by CUC, which obscures cost/value information on the IT services. Thus it can be difficult to make clear-eyed sourcing decisions that involve an evaluation of a consortium service in comparison with a service provided by a lead college or a commercial vendor.

Many of the Claremont Colleges offer e-mail services to students on either Google Apps for Education or Microsoft Office Live. Although this is now an unremarkable statement, five years ago the reaction would have been different if someone had said: “Let’s get a group of universities and colleges together and build a shared e-mail system.” Last year, Harvey Mudd College, which runs Zimbra on-premise, asked incoming students if they wanted a Zimbra account or if they wanted their @hmc.edu e-mail to be forwarded to another address of their choosing. Only nine students (4.5%) asked for Zimbra accounts. This is perhaps an indication that incoming students don’t place a high value on being given an e-mail account, even though we have anecdotal evidence that they do value having an @hmc.edu address. In the case of these incoming students, the sourcing decision has already been made—and by the students themselves.5 Harvey Mudd College recently decided to move e-mail services for all faculty, staff, and students to the cloud, contracting with both Microsoft and Google for their respective services. The reasons for doing so are similar to those cited by the University of Washington when it made the decision to pursue a dual-provider strategy.6 We anticipate that the affinity groups on campus, some of which are already using the consumer versions of the two services, will benefit from the college’s contracting with the vendor (e.g., through FERPA protections).

Much of the debate about cloud computing has centered on the pros and cons of on-premise deployment versus cloud deployment. It is becoming increasingly clear that many vendors will offer their services only in a Software as a Service (SaaS) model, so that the debate regarding on-premise versus cloud becomes moot. In many ways, this is a far more challenging area for sourcing decisions. At Claremont, we have recently seen a number of examples. Harvey Mudd College contracted with Admissions Lab for enrollment management. And after a ninety-day study of payroll and human resources systems, CUC has chosen to deploy Ultipro (Ultimate Software). Both are offered only in the SaaS mode.

In SaaS-only cases, the IT Office needs to evolve a set of skills different from those required to install and run on-premise applications. Often, SaaS vendors will go directly to the relevant vice president (e.g., in the Admissions Office or the Advancement Office), thus casting information technology in the role of decision-support provider. This is entirely appropriate, but it does mean that the IT Office must develop strong partnerships across the institution and be ready to assist in asking the right questions about security, data recoverability, and risk mitigation. And it must then provide the data-integration services that will inevitably be required. This means going beyond point solutions for data integration and developing a more comprehensive strategy.

At the Claremont Colleges, we are still learning about the myriad nuances of alternative IT sourcing strategies. Each type of sourcing carries with it a different calculus of risk and reward. The value of thinking about sourcing models in the abstract and of categorizing them is that doing so helps to bring to light the different and evolving skill sets required in the central IT area. An increasingly valuable skill will be the ability to evaluate IT service providers, to negotiate and monitor contracts, and to provide data-integration services. Among IT and institutional leaders, perhaps the most-valuable skill will be the ability to then make the difficult decisions regarding IT sourcing models now and for the future.

Notes

1. The Claremont Colleges are a consortium of seven independent institutions that are physically adjacent to one another in Claremont, California: five undergraduate institutions (Pomona, Scripps, Claremont McKenna, Harvey Mudd, Pitzer) and two graduate schools (Claremont Graduate University, Keck Graduate Institute). The total student FTE of the seven institutions is about 6,400.

2. Brad Wheeler and Shelton Waggener, “Above-Campus Services: Shaping the Promise of Cloud Computing for Higher Education,” EDUCAUSE Review, vol. 44, no. 6 (November/December 2009), pp. 52–67, <http://www.educause.edu/library/erm0963>. 

3. Students enrolled at one of the Claremont Colleges can register for classes at any of the other six colleges.

4. The Claremont University Consortium, the central coordinating agency for the Claremont Colleges, serves many of the administrative needs of the colleges and runs a shared library (http://www.cuc.claremont.edu/aboutcuc/history.asp).

5. A review of the e-mail accounts provided for forwarding showed that almost 50 percent were already using Gmail addresses. The next-highest percentage was “other,” which consisted of single instances of addresses such as [email protected].

6. See Terry Gray, “A Tale of Two Clouds,” EQ, vol. 33, no. 2 (2010), <http://www.educause.edu/EDUCAUSE+Quarterly/EDUCAUSEQuarterlyMagazineVolum/ATaleofTwoClouds/206529>.

© 2011 Joseph Vaughan. The text of this article is licensed under the Creative Commons Attribution-NoDerivs 3.0 License (http://creativecommons.org/licenses/by-nd/3.0/)

Managing Alternative Sourcing

Theresa Rowe
CIO
Oakland University

When the EDUCAUSE Center for Analysis and Research (ECAR) published Alternative IT Sourcing Strategies: From the Campus to the Cloud in 2009, the author, Philip Goldstein, noted: “IT sourcing is widespread, but institutions tend to use it narrowly.” One of the supporting case studies in the report showcased IT sourcing strategies at Oakland University: Partnership of Four: Managing Alternative Sourcing at Oakland University.1 Since that time, budget constraints, expanding sourcing choices, mobility, cloud computing, and consumerization have led to pressure for new institutional processes and for an expanded review of sourcing strategy at Oakland University. Professional IT staff skills and day-to-day work tasks are evolving. Managing alternative sourcing has become an involved and time-consuming effort.

Reviewing the sourcing strategy at Oakland University since 2009 reveals significant growth in the number of sourcing decisions. Growth is generally categorized into two areas: (1) niche-sourcing and (2) right-sourcing.

Niche-Sourcing

The need to be responsive, agile, and flexible in the provision of IT services and technologies is resulting in the purchase and implementation of many small and specialized systems. These solutions are a move away from the large, integrated enterprise resource planning (ERP) environments that many campuses valued so highly throughout the 1990s.

The large ERP solutions centralized much functionality and forced a consistency across the institution. In some areas, that consistency did not provide the promised value from integration. In other cases, the large ERP failed to move forward quickly as technology shifted, resulting in a lack of the service agility needed to be responsive to market and educational changes. In particular, user interface design and mobility expectations have moved at a much faster pace than ERP vendor interface and mobility delivery.

At the same time, smaller providers entered the market to provide what has been characterized as “edge” solutions: smaller systems providing services that are outside the core ERP or are loosely interfaced with the core ERP. The edge systems seem to have taken on a life of their own, growing into full environments that specialize in very specific areas. For example, what started as a small, edge admissions application system that provided an easier-to-handle recruiting environment has evolved into a full constituent relationship and development system with interfaces into other systems, such as social networking environments. Academic areas are seeing enormous growth in small, specialized, discipline- and research-oriented solutions. Niche solutions can provide easy entry, easy exit, agility, and responsiveness, if carefully managed.

Niche solutions are increasingly mobile or cloud-based, easily implemented, and low-cost. The growth in market options is expected to continue. With the convergence of cloud computing and mobility, there are now thousands of small options that may be installed on portable devices and that may be used to conduct the business of the university. Tim Flood, senior technology consultant at Stanford University and director of the Stanford Mobile Program, recently blogged about this “vendor explosion” market shift, noting: “Cloud-based services often go hand-in-hand with mobile app development.”2 The relatively low start-up and market-entry costs in an environment of self-generated application development also contribute to the vendor explosion phenomena.

Right-Sourcing

The concept of right-sourcing emerged as a portfolio management strategy in the early 2000s. Oakland University has maintained support for the “culture of lean and best practices” identified in the 2009 study. Alternative sourcing is used to meet aggressive timetables and lower costs, with right-sourcing serving as an important portfolio-management tool. Long-term legacy costs for all sourcing solutions require careful management, planning, and tracking. Understanding the organizational capacity for funding every solution in the portfolio, over time, is key.

Right-sourcing translates into evaluating solutions that fall into a wide array of categories: vendor sourced, open source, vendor-supported source. Open source is a critical component of any right-sourcing strategy. Analyzing and communicating the costs for an open source project compared with those for a vendor-sourced solution is an important analytical skill in the current environment. Open source solutions require aspects of other solutions: Will support and maintenance be in-sourced or outsourced? Where will the solution be located—on campus or hosted? Vendor-supported solutions or freemium models, in which a basic service is offered free while charging for premium features, have become very important for institutions as they seek to expand services while controlling costs. Google Apps for Education and the Microsoft Office Live initiatives are important examples.

The Evolving Decision Process

In the 2009 case study, Maria Ebner-Smith, purchasing manager for Oakland University, noted that the role of the purchasing manager had shifted with the increase in licensing and hosted solutions. The Office of the CIO noted a similar shift. In 2009, we described 25 alternative-source agreement reviews. The right-sourcing review process handled 186 reviews in FY 10 and has handled 245 reviews so far in FY 11. For most of those technology sourcing decisions, the process started with end-users’ solution selections, based on a shopping perspective rather than a requirements perspective. This process shift is the result of consumerization.

We do very little solution development internally. We do a lot of solution selection, installation, and implementation. Decision processes for building solutions differ from decision processes for selecting products. We generally confine development to specific areas: integrating solutions, sharing data with off-campus non-university vendors or constituents, and combining solutions into a single sign-on portal. We’ve decided that we will not use university resources to modify our ERP; that work is outsourced. We’ve carefully considered where we will deploy development resources.

We do not centrally track how many selected solutions fall into the various categories: in-sourced, outsourced, freemium, open source. There are too many permutations to track. The application development and maintenance may be outsourced to a package provider while the server operation is in-sourced. Or perhaps the package application development is outsourced to one vendor, and a second vendor is selected to provide consulting and add-on development. Maybe access to several vendor-source applications is unified within the portal, which is in-sourced using open source.

Knowing how many solutions are in any given sourcing category does not provide useful information or measurable service results. Instead, we seek to be involved with any IT sourcing decisions. Our mindset has changed. We originally reviewed only fully outsourced agreements. However, we’ve discovered so many blends and possible sourcing arrangements that we have expanded reviews to cover any software, technology, or hosted solution.

In the end, we are striving for a consistent strategy that focuses on solution quality, likelihood of successful and sustainable operation, and wise stewardship of limited resources. Focus areas for University Technology Services review are technical quality, identity management, data integration, security, and technology capacity. We are prototyping a formalized review process that standardizes information gathered at the start of a purchase selection. The university Purchasing Department reviews for procedural compliance and vendor management. The Risk Management Department may be involved, setting requirements for cyber-liability insurance or other coverage. Our Office of Legal Affairs steps in for negotiating issues around the university’s standard terms and conditions.

Advice for the Future

CIOs and other senior IT leaders should seek to be at the center of the technology sourcing activity. Consumerization means that many technology solution decisions will start with end users. If we are going to bring our technology knowledge and skills to the table, we need to be a friendly, accessible, and transparent resource for our campus constituents as they make solution choices. We need to be the experts, openly sharing our expertise. We must be supportive of, and willing to facilitate, a changed environment that will likely include hundreds of small, niche solutions.

However, the sheer number of choices and purchases can be overwhelming. The IT organization must have methods or procedures that track solutions through the selection, installation, implementation, management, and legacy termination phases. Working closely with purchasing departments is critical. The IT organization must also have demonstrated skills in reading and analyzing software licenses, hosting and applications service provider provisioning agreements, customized development and service statements of work, and support agreements. Professional IT staff must be experts at translating agreement language into a user experience description that constituent decision-makers can understand. If the role for the central IT organization is evaluating a solution’s technical quality, identity management, data integration, and security, the IT staff members need to be adept at reading licenses and agreements and evaluating how those technical components are presented and protected in the documents.

Current market and economic realities are driving the evolution of institutional processes. At the same time, we are seeing an explosion in the number of vendors and applications. The growth of cloud and mobile apps promises more functionality and agility. Consumerization is changing the decision paths and drivers. The pace of innovation is dizzying. These challenges to the IT organization will require strategic positioning, nimble portfolio management, and wise stewardship of limited resources going forward.

Notes

1. Philip J. Goldstein, Alternative IT Sourcing Strategies: From the Campus to the Cloud, EDUCAUSE Center for Analysis and Research (ECAR) Study, vol. 5 (Boulder: EDUCAUSE Center for Analysis and Research, 2009), <http://www.educause.edu/Resources/AlternativeITSourcingStrategie/177700>; Bob Albrecht and Judith A. Pirani, Partnership of Four: Managing Alternative Sourcing at Oakland University, EDUCAUSE Center for Analysis and Research (ECAR) Case Study, August 19, 2009 (Boulder: EDUCAUSE Center for Analysis and Research, 2009), <http://www.educause.edu/Resources/PartnershipofFourManagingAlter/177675>.

2. Tim Flood, “Who Is Driving the Influx of New Technologies?” Student Affairs in a Digital World, April 25, 2011, <http://twflood.com/?p=493>.

© 2011 Theresa Rowe

IT Choices and the Clouds

Michael P. Pickett
Vice President & CIO
Brown University

Software as a Service (SaaS)? At Brown University, we did not have any other choice. Well, that statement, like most other dogmatic declarations, is not entirely true. Sometimes a choice is obvious—just begging you to get on with it. Other times, the hair on the back of your neck stands up and you wake up at night wondering if you have done the right thing. In higher education, most of our IT choices are business decisions peppered with a dash of political sensitivity regarding how those choices will affect various constituencies.

Brown has recently made a couple of cloud-based IT sourcing choices that could bring about the hair-raising, second-guessing feeling noted above. First, about a year ago, we decided to switch our official e-mail and calendaring to Google Apps for Education for faculty and staff (students’ accounts had been migrated six months earlier). Brown was officially betting on the cloud with this very public decision that influenced everyone in our community on a daily basis. Then, a few months ago, we decided to move to the clouds again. We committed to switching Brown’s aging human resources, payroll, and finance systems to yet another cloud platform, known as Workday, over the next two to three years. (Hey, it’s only payroll—what could possibly go wrong?) And finally, as if we hadn’t rolled the dice enough times, we are in the negotiation stage with Instructure regarding the use of its SaaS-based Canvas learning management system (LMS).

If my tone in any way suggests that these choices were of the screaming-in-your-face, obvious type, I apologize for being unclear. These were not, and are not, obvious decisions. Over time, the choices moved along our perceived continuum of confidence as we gathered data and compared our alternatives. Do we think we made the right call? So far, I would say “yes,” but I would never suggest that other higher education institutions should make the same commitments at this time.

Why should institutions be cautious? Success depends on several factors: the institution; the real and perceived costs and risks surrounding existing IT systems; the richness of functionality provided by existing systems and how deeply embedded they are in the way the institution does its work; how well the institution responds to change; the real risks associated with the SaaS options; how well those risks can be mitigated; and finally, the support available from top-level leaders of the institution.

Right now, these decisions are enormously complicated partially because we are in fairly new territory but also because higher education institutions have some endearing (and enduring) characteristics. In particular, those of us in higher education do not do change very well. Our deep appreciation for critical thought tends to make us take each objection seriously, even if there is little merit. The old joke is that universities are the only place where 33 to 1 is considered a tie. Our decision processes can proceed at a glacial pace, with a tolerance for risk that encourages us to look in the rear-view mirror rather than ahead. However, the recent financial downturn is making many of us consider whether the real cost to our institutions of making technology choices in this manner may be higher than we previously thought.

So why did the planets align to make these choices plausible and the decisions easier for Brown in the last year? It was mostly a matter of timing. When considering the switch to Gmail, we were being forced to replace an aging e-mail system that was at the end of life, that had dubious business-continuity characteristics, and that provided only minuscule amounts of e-mail and archive quotas. The risks, future costs, and general dissatisfaction associated with our old e-mail system were a catalyst for change. The risks associated with making the transition to cloud-based e-mail and calendaring were being addressed by the vendors, and the price was right.

Similar needs forced us to consider replacing our ancient, feature-poor, and risky-to-maintain mainframe-based HR, payroll, and financial systems. Our positive experience with moving e-mail to the clouds allowed us to consider a subscription to the cloud-based Workday product and, after due consideration, to make the commitment. We are skipping one or two generations of enterprise resource planning (ERP) technology as we make this transition.

Finally, as we plan the replacement of our soon-to-be end-of-lifed LMS, we appear to have become “cloud-happy.” I find myself, a change-lover, feeling like the foot-dragger as I force us to consider the risks and our circuit-breakers and exit strategies. While the LMS negotiations are still in process, I think it would be helpful to share some of the potential advantages and disadvantages and the cautionary factors that we consider as we evaluate this and other SaaS sourcing alternatives.

Potential Advantages

  • The institutional IT complexity can be drastically reduced. The institution no longer needs to purchase, maintain, upgrade, and replace servers, databases, and software.
  • Vendors will likely have only one current release of each application, and the upgrade process will be considerably safer, cheaper, and easier.
  • New, better functionality on a more frequent basis is a reasonable assumption. Since vendors spend no developer time in building and testing code to run on the wide range of hardware, operating systems, and databases across all institutional data centers, they can focus on one primary architecture, and developer energy can be directed at new and improved functionality. Depending on the vendor’s approach, new features may simply appear in the application (with Google, this can be a weekly occurrence) or may be bundled into several major releases per year. The impact of upgrades on customers is usually drastically reduced in this model.
  • The vendor knows that the availability and the reliability of the cloud application are major decision factors. Extended outages are potentially company-ending events. Thus, vendors typically design a considerable amount of disaster-recovery/business-continuity capability into their architecture. Because they do this on a large scale, institutions see substantial savings over the cost of doing it themselves.
  • The temptation is strong to customize applications, rendering them difficult to maintain and upgrade. With SaaS, this temptation is reduced or eliminated because most services have little capability for modifications. If the vendor provides a reasonable “best practice,” this can help the institution make process changes that may be long overdue.
  • Ongoing costs will likely be lower and more predictable. Vendors that follow the “free” model for education—vendors like Google or Microsoft—make this possibility very likely. Vendors that charge a subscription fee can pass on the lowered cost of development, resulting in more predictable charges over a considerable period of time.
  • Converting to SaaS can allow staff and hardware to be reallocated. This can be misleading if an institution is already lightly staffed or is transitioning to applications that provide a great deal more functionality and process than the institution had before. The prudent CIO will be cautious about promising huge savings or new resources.

Potential Disadvantages

  • Services structures and models are relatively new, and surprises are bound to happen (not necessarily the happy kind of surprises).
  • The amount of forced change can be enormous.
  • Except for calling the vendor, the institution usually has no ability to do anything meaningful in the short term when there is a problem.
  • Sometimes it is impossible to get special attention when needed from a vendor.
  • Knee-jerk objections, fear of the unknown, or real differences in service can create a grouchy reception among customers.
  • A decision that is not well supported can result in political risks.
  • Hidden costs—beware the temptation of unjustified, third-party add-ons. They are to the cloud model what code modifications are to traditional applications.

Contract Negotiation Considerations

  • At this point, there are risks. Get a discount if possible.
  • Try to get a ramp-up on subscription fees over time if the transition will be gradual.
  • Make sure there are disaster-recovery/business-continuity options, if needed.
  • Ensure there is an off-ramp in case the company goes under or is bought or in case the institution chooses to switch vendors due to poor service or unfulfilled expectations. Eighteen months is a good time estimate for finding and bringing up a new service.
  • Code in escrow may not be enough. Make sure the institution can stay compliant with regulations and laws (e.g., FERPA, HIPAA) during a transition.
  • Include penalties for loss of service. Even so, the institution will not likely be able to cover all potential losses in a contract.

Summary

Over time, cloud-based services will become the obvious choice, and we will look back on our current trepidations with wonder. For now, for the right institution at the right time with the right vendor of the right service with the right kind of pricing, service model, and risk mitigation, cloud services can be a reasonable choice.

Brown just completed a campus-wide survey on the Gmail transition. The results suggest that over 90 percent of the users are extremely satisfied or satisfied. Not everyone is happy, of course, and some people have good reasons not to be thrilled. However, I am surprised by the degree of enthusiasm that the first enterprise SaaS service at Brown has received. During the planning and transition phase of the project, I often used the disclaimer: “It won’t be perfect, but we think we can live with it.” I’m happy to report that with some careful thought, negotiations, decisions, and communication processes, it is possible for our institutions to do just that while taking advantage of this emerging service model.

© 2011 Michael P. Pickett

IT Sourcing in the Cloud: Challenge or Opportunity?

John A. Bielec
Vice President & CIO
Drexel University

One of the biggest disruptive technological forces over the past decade has been the move from “assets to access.” One no longer needs to own assets—data centers, servers, storage space, or applications—to take advantage of high-tech services. Access to the Internet is all that is required, with resources and applications a “click” away. Institutions, corporations and even governments are busy following the lead of consumers, who are accessing new applications and moving as quickly as possible to the “cloud.” Anyone who has ever used Expedia, Orbitz, Kayak, or Travelocity to book travel; Amazon to buy books or e-books; Hotmail or Gmail to access e-mail services; Google, Bing, or Wikipedia to explore a topic; or Facebook or Twitter to collaborate and connect with social networking has used application services via access, without regard to the assets required—the where or how—to deliver them.

Students and younger consumers are leading this technological revolution. Internet whiz kids, often still in college, have understood that access, not a roomful of hardware, is all that is needed to invent and innovate new application services. The billionaire “before they’re thirty” list includes Jeff Bezos (Amazon), Sergey Brin and Larry Page (Google), Steven Chen (YouTube), David Filo and Jerry Yang (Yahoo), and Mark Zuckerberg and Chris Hughes (Facebook). All have built creative consumer (and corporate) applications requiring simply Internet access and a little intuition to use. Yet interestingly, many colleges and universities across the world have not yet accepted these new realities and still struggle, especially in today’s resource-constrained environment, to deliver e-mail, web-based services, and other applications just as they have since the late 1980s.

Why do hundreds of higher education institutions replicate each other’s resources and run virtually the same applications, each with its own costly capital-intensive data center? Does everyone doing the same thing make sense in a technology world where Moore’s Law rules with an exponential IT resource return on investment? In 2005, Brian Hawkins, then President of EDUCAUSE, wrote: “The times and the conditions call for new models and innovative means for facilitating collaboration. . . . We in the higher education community need to ‘get over’ our traditions, our histories, and our many excuses for why we should try to replicate each other’s resources.” He further noted: “Colleges and universities need to outsource . . . to other higher education institutions—similar to the arrangement [at] Drexel University.”1

Drexel University embraced this new paradigm in the late 1990s—first by necessity in taking on the management, via an outsourcing agreement, of the largest private college of medicine in the United States and second as an IT business model based on leveraging resources and strategic collaboration with other institutions. Over the past decade, Drexel has delivered the following applications and services: the complete suite of SunGard Higher Education Banner applications, portal, and Oracle business intelligence tools to a number of institutions; Blackboard learning management solutions to a dozen schools, including high schools and community colleges; and the SAP business academic suite of applications to more than forty business schools across the globe.

Drexel is not only a provider of cloud-based services to others but also a large consumer of cloud services—“we eat our own dog food.” Drexel’s cloud-provided services include RightNow for customer relationship management (CRM), CollegiateLink and StudentVoice for online student organization services, MIR3 for emergency alerts, Samaritan Technologies for civic engagement and volunteer management, Terra Dotta’s StudioAbroad for study-abroad program management, Symplicity for career fair management and career services, University Tickets for  athletic ticket sales, Nuventive for e-portfolios, HRsmart and PeopleAdmin for employment, performance management, and applicant tracking, TouchNet for credit card processing, JP Morgan Chase Commercial Card Solutions for e-procurement, Gmail and Hotmail for student e-mail, and Qualtrics for survey administration.

The question we ask ourselves at Drexel is, why haven’t more institutions adopted this new model of collaboration? The answers are complex, varying from institution to institution. First, an institution needs to reach the point where IT decisions seem to be reactive responses to an ever-changing landscape of IT-related (actual or perceived) problems. As a result, increasing IT costs eventually put pressure on leaders to look at alternative delivery models. Other factors in the decision include institutional crisis, new blood, the instinct that survival requires change, a willingness to accept best practices over custom solutions, and the vision to understand that information technology is a commodity and not core to most institutions’ missions today. However, many questions and counter-arguments will immediately surface: “What about our data? What about a service level agreement (SLA)? The risk is too high. We’re unique and need a custom solution. We can do it less expensively.” Ultimately, making the decision to partner with another institution takes strong leadership at the top, from the president and often the board.

While many CIOs and IT leaders are busy analyzing the details of costly SLAs, complicated contracts, and endless rationales regarding why services must be provided locally, the move to the cloud is happening, with or without their participation. Students, faculty, and staff are using Expedia, Amazon, Gmail, Google, and Twitter. Furthermore, the individual selection of application services remains with the user, under the radar of the IT organization and its “prescribed” applications. The institution’s General Counsel Office was not involved, and it’s unlikely any paper trail exists.

In this new environment, the CIO’s role must shift to become the institution’s Chief Information Strategist developing an institutional IT strategic agenda. The move away from assets is clear; the data center will slowly disappear. The new IT agenda must recognize that hosting, Software as a Service (SaaS), and Software plus Service (S+S) will dominate. In fact, applications as we know them today—as well as traditional vendors—will need to reinvent themselves to survive a changing marketplace. Applications will move to a subscription model with “pay as you go” purchase (e.g., the App Store).

Cloud-based services in the teaching and learning environment are sure to be an even greater challenge than traditional enterprise services. Today’s easily managed enterprise-wide learning management systems (LMSs) will undoubtedly disintegrate into a framework to access cloud-based distributed learning objects creating a Personal Learning Environment (PLE). Facebook, YouTube, Survey Monkey, Twitter, Google Apps, Drupal, and many others (some not even invented yet) will fill the growing need for content and the widening quest for collaboration. Courses will be increasingly commoditized and franchised. A move to a Wikipedia course model—with an expert owner/moderator to sort out contributor content—would not be surprising. Faculty will sell “apps” like textbooks (at Drexel, we’re currently considering updating our textbook ownership policy to include apps).

The IT organization must provide an environment that fosters innovation while at the same time identifying “best practice” service providers. Increasingly, the focus will turn to negotiating and managing contracts and providing integration of applications, whether cloud-based or in-house, with access security, identity, and role management. The challenges are here. The opportunities are clear. The question is, where will you be in five years? Wondering what happened? Fighting to maintain the status quo? Or, leading the charge from assets to access?

Note

1. Brian L. Hawkins, “We’ve Got to Work Collaboratively!” EDUCAUSE Review, vol. 40, no. 1 (January/February 2005), p. 68, <http://www.educause.edu/EDUCAUSE+Review/EDUCAUSEReviewMagazineVolume40/WeveGottoWorkCollaboratively/157951>.

© 2011 John A. Bielec

© 2011 EDUCAUSE

EDUCAUSE Review, vol. 46, no. 4 (July/August 2011)