Category Archives: Educause

UK vs. US HE – Blockchain and student engagement

liz_ellis

 

 

Elizabeth Ellis
Product Development Manager
Learning Innovation, Learning and Teaching Solutions,
The Open University

Cross-pond impressions from EDUCAUSE 2016

EDUCAUSE 2016 in Anaheim was a really valuable and thought provoking experience, especially as a stranger in a strange land.  I’ve wanted to attend this conference for a long time – having been to ALT C a number of times and attended EDEN, this felt like it would provide me with a trifecta. Because of my role as a product development manager in Technology Enhanced Learning Innovation, I often find myself with a foot in both the technology camp and the pedagogy camp of learning and teaching (I don’t actually think they’re camps – I think they’re symbionts and crucial to students being successful in their higher education careers, but I digress).

I have attended other US-based conferences, and it’s always a bit of a culture shock. The sheer scale of EDUCAUSE was quite unnerving: 8000 colleagues from 1800 institutions across 46 countries. The queue for lunch was terrible.

The conference hashtag provided an invaluable backchannel for discussion and arguments, and is worth a visit (#EDU16). If you would like to see the day by day account of my experience, then do feel free to grab my notes. But this article is more a personal reflection on the three things that stood out for me from EDUCAUSE – where the US Higher Education sector is ahead, where the UK Higher Education sector is ahead, and where we are about level.

Where the US Higher Education sector is ahead

One of the most attended and talked about sessions was on ‘Why the blockchain will revolutionise credentials’. One of the speakers was Chris Jager from Learning Machine. A transcript is available from the link.

It struck me that the presentation and ensuing conversation about blockchain certifications was far more developed than the conversations that have happened locally to me at The Open University, or from what I have gathered in the UK sector. The work that the Knowledge Media Institute at the OU has been doing on blockchain is still in the realms of research and innovation, whereas the HE sector in the US appears to be already beginning to tackle the cultural shifts of implementation. The temperature on blockchain credentials in the sector is still lukewarm in places, with some claiming there is a fear that giving students control of their credentials may undermine those credentials. A more mercenary view is that HEIs are loathe to transition to blockchain certification as there is a market for transcripts and money to be made when students request theirs.

MIT’s Open Standards for Blockchain Certificates are being used, and the advent of interoperable standards represents a shift from idea to reality, and a new infrastructure of trust between students, institutions and employers. This is interesting when compared with criticism of the Open Badges movement, which employers have been fairly sceptical about. UK HEIs have made more use of badges, but predominantly in informal learning spaces or for soft skills.

Blockchain certification could be more compelling within the US HE sector, by virtue of its legacy of for-fee qualifications, and also the high degree of transfer between community, state and private colleges.

In the UK, with the recent advent of tuition fees, the onus has perhaps been less for more mainstream HEIs. However, The Open University has always charged a fee, and is also seeing an increase in student transfers both in and out of the institution. OU students are also more unconventional in routes through education and employment, and blockchain certifications could be a valuable string to the University’s bow.

In an article in the Times Higher Education magazine, Martin Hall points out that blockchain certifications ‘could be an effective way of providing Britain’s Advanced Apprenticeships, for which components of the programme have to be delivered by a number of organisations’. (THE, 28 November 2016)

In The Open University’s Innovating Pedagogy 2016 horizon scan, Blockchain has been identified as High Impact but with a long timescale (4 plus years). The US feels ahead in this particular game.

Full disclosure: I have become borderline obsessed with student engagement, partnership and co-creation this year. I have been co-administering and organising a student consultation and engagement panel, running Hack Days to get students involved in future developments, and generally trying to find ways to not only give our students more direct access to the creation of learning and teaching content and tools, but also to give the Open University’s academic and academic related staff more direct access to students eager to be involved in practical ways.

My colleague David Vince and I published a paper on our work on this in September, outlining our approach to involving students in Technology Enhanced Learning Innovation, referring to the key frameworks that underpin ‘student as partners’ and ‘students as change agents’ in UK HEIs, from Jisc, the Higher Education Academy, and covered in the Teaching Excellence Framework.

‘The Teaching Excellence Framework (TEF) is a catalyst to rethink the role of the student in modern Higher Education Institutions. The Higher Education Academy in the selection criteria for the National Teaching Fellowship defined personal excellence as ‘evidence of enhancing and transforming the student learning experience’ (HEA, 2015).

Part of teaching excellence should therefore be the proactive engagement of students in matters relating to their learning experience, beyond assessment outcomes. More recently within the higher education sector, engagement initiatives such as ‘students as partners’ and ‘students as change agents’ have emerged.

Students as partners is characterised by active student engagement and collaboration ‘[…] in which all involved – students, academics, professional services staff, senior managers, students’ unions and so on – are actively engaged in and stand to gain from the process of learning and working together. Partnership is essentially a process of engagement, not a product. It is a way of doing things, rather than an outcome in itself.’ (Healey et al., 2014)

Students as change agents sees students being actively involved in the change process. In 2015, Jisc launched the ‘Change Agents’ Network’ which is a ‘highly active community of staff and students working in partnership to support curriculum enhancement and innovation’. (Jisc, 2015)’

In two sessions during the conference where I would have expected a robust argument for the involvement of students in the design and implementation of educational technology, there was no mention from presenters, and even the floor seemed largely truculent about the idea when it was brought up.

Design Thinking Process: Edtech Adoption’, an otherwise useful session from Edsurge, didn’t refer at all to the importance of testing new tools and technologies with students in implementation, much less involve them during ideation.

It was a similar experience in the ‘Trends Spanning Education’ session, despite having a great quote – ‘Democratisation of education innovation, it’s starting to happen with people rather than to people’ – people in this sense appeared to be academic and institutional staff rather than students.

Several comments that emerged during out of conference conversations and the Twitter backchannel featured the kneejerk reaction of students not knowing what they need, a conversation that has evolved now in the UK to understanding the balance between need, want and institutional responsibility towards them.

Some US colleagues talked about consultancy processes that include students, but there does not appear yet to be the drive to formalise student partnership as an approach. The emphasis is on institutional collaboration and partnership for student success, rather than partnership in the sense of student engagement as co-creators and co-owners of their learning experiences.

Where the UK and US Higher Education sectors are about level

Almost as soon as I hit the pre-meetings and the Twitter backchannel at EDUCAUSE the term NGDLE started to permeate. Not a new term, certainly, but Next Generation Digital Learning Environments as a concept suddenly seemed to be everywhere. And then I returned home and almost immediately fell in with an online consultation activity being coordinated by Lawrie Phipps, senior co-design manager at Jisc, using a combination of Twitter and blogs, on what NGDLEs and by extension co-creation could mean for the future of learning and teaching.

It also corresponds closely with my work, which is focused heavily on digital learning environments, as well as student engagement in learning and teaching tools and platforms development.

The UK and US higher education sectors appear to be level on this concept, as the discussion moves further way from current vendors and current platforms and tools, and more towards the use of technology in its purest sense for the furthering of learning and teaching, and how students are both key users and contributors in that space.

The key questions for me around this important and innovative concept are:

  • What does next generation mean for online and distance education, and what does it require of it?
  • How can NGDLEs be a vehicle for the best parts of online and distance education: the open web, co-creation, student engagement, technology, and digital capability?
  • What does student success look like in a NGDLE?
  • What do NGDLEs signify about innovation in online education?
  • How is the Teaching Excellence Framework creating a space for NGDLEs and how is it restricting it?

None of which I have any answers for yet, but I’m enjoying the conversation, and it’s allowing me the space to stop and consider the opinions of colleagues, the layering of experiences over my own, and generally the ongoing realisation of that best part of attending conferences: being part of a community.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A version of this blog post originally appeared on the Learning Innovation blog

Getting into the zone for Educause 2016

liz_ellis

 

 

Elizabeth Ellis
Product Development Manager
Learning Innovation, Learning and Teaching Solutions,
The  Open University

So, here I am, in a hotel in Anaheim, California, getting into the zone for my first Educause experience. To say that Educause has been a bit of a holy grail for me conference-wise would be an understatement. All the information I’ve received about the conference from colleagues who have attended before has been that it is a unique intersection between edtech, IT, and learning and teaching practice.

I’ve identified already the tracks

that I’m going to focus on and which have the most immediate relevance to my work. I’m hoping to bounce between ‘Driving Innovation in Teaching and Learning’ and ‘Transforming the Student Experience’. As a product development manager in Learning Innovation/Technology Enhanced Learning at The Open University, you get used to having to slightly squint to see the direct relevance of approaches, methods, and findings to your own situation. But increasingly over the last few years, that squinting has had to become less and less as the sector has moved more into the OU’s realm of Supported Online Learning (SOL). So, I’m very much looking forward to seeing what the sessions have to offer.

My work in particular over the last year has come to focus not just on the development of new tools and technologies for our students to use, but also on new methods to involve them in that process, in an appreciative and empathetic way.

Perhaps the most challenging part of these types of events is running the vendor gauntlet. But this time I’ve come prepared, and have put some thought into the sorts of criteria I can use to make assessing new technologies more useful over the long term (and also make reporting back to my colleagues more helpful).

  • Is this technology a disruptive or incremental innovation
  • Does this technology support:
    1. Participative learning (students contributing in non-assessment ways)
    2. Learning to learn (students becoming more digitally confidence and creative)
    3. Deeper engagement with learning materials (new strategies for immersive learning)
    4. Collaborative learning (the ongoing curse and joy of group work)
  • Does this technology demonstrate:
    1. Improvements in student attainment
    2. Improvements in student progression
    3. Improvement in student retention

At the very least, it will hopefully spark a useful conversation or two.

 

EA and project portfolio management

ian-ellery-head-small

 

Ian Ellery
Head of IT Architecture
Canterbury Christ Church University

 

 

 

 

 

 

My final technical session was from an enterprise architect and portfolio manager at Danfoss, a Danish engineering company. Although very focused on improving the bottom line and digital innovation for a manufacturing company, parts of this were very relevant. Before architecture and portfolio got together, projects were initiated and governed by individual business areas (faculties?) with no overall coherence. While they have now moved to a single portfolio model, they still allow business areas to think they have their own portfolio, even if they don’t really own it. They also spoke about technical IT people never wanting to engage with business staff, expecting business partners to act as the interface and go-between. This certainly sounds familiar at Christ Church. Their final insight for me was that although they had a big vision for how architecture and portfolio was going to come together, they cautioned against trying to explain this to business colleagues all at once. Eyes would simply glaze over, so they realised it was easier to explain the changes piece by piece.

The last session of the day was from Neil Mullarkey – formerly of “Whose Line Is It Anyway?” and now using the techniques of improvisation to teach businesses how to collaborate. He drew out a lot of parallels between agile development and improv, as well as getting us all to improvise a story with those sitting next to us. An excellent speaker, with some strong messages, who I would strongly suggest UCISA consider as a guest speaker at the annual conference.

UCISA has an Enterprise Architecture community of practice which may be of interest.

Bursary review – Educause

michelle

Michelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

 

 

 

I applied for and was extremely delighted to be awarded a UCISA Bursary to attend the conference of my choice in 2015. I chose to attend Educause 2015 , based on very extremely good feedback from fellow UCISA_PCMG committee members who had attended in previous years.

Educause is a non-profit association whose mission is to advance higher education through the use of Information technology. It is based in North America, but has global reach, with members in Europe, Africa and Australasia. Each year the Educause annual conference is attended by upwards of 7000 higher education professionals. Oxford University has been a member of Educause for a number of years, and has presented at past conferences.

The main areas of interest from the Educause programme based on my current projects were in the areas of identity management, smart cards, and risk management. The organization of the event was extremely good; there was a mobile app that you could download and schedule which presentations you wanted to attend, which then formed your own customized conference schedule. The event was vast: with approximately 7000 attendees, you need to be really well organized. The “First timer pit stop” area was a must on the first day of the event after registration. The “International Welcome lounge” became my home from home after attending the presentations. I used the IT equipment in the International Lounge to type up my blogs, ready to be posted onto the UCISA blog site:

The keynote speakers in particular were really inspiring and engaging. I was particularly moved by the closing keynote speech by Emily Pillotan.

Emily runs a non-profit design company and shared a few of her project stories with the audience. These included a farmers’ market public space, a middle school library, two homes for the homeless, creating a space for young girls, and creating items to be used in a domestic abuse centre. After explaining each scheme, Emily provided quotes from individuals that worked on the project. This was by far the focal point which really underlines why Emily does what she does and the value she helps put back into people’s lives and communities.

The general session was presented by Daniel Pink from MIT, who described motivation from the perspective of science. Daniel said that everyone in the room was an expert in motivation, they just may not realise it yet! He also said that we all have an explicit knowledge of physics without having studied it as a major. Daniel discussed when you should reward good behavior and bad behavior, and whether this changes behavior. I think I will be adding one of his books to my reading list: Drive: The Surprising Truth About What Motivates Us.

One of the sessions that made me think outside of the box a little when it comes to career aspirations was the panel discussion “From IT Support to CIO: A journey of three women” The career path from support to CIO is not a usual one, in my experience; however, the experiences shared by the panel made it clear that if you are motivated and think big, you can succeed to the highest heights!  Originally, I was not planning to attend this presentation, but whilst looking for another room, I came across this, which seemed more appealing!

Since attending Educause a number of Identity Management suppliers have been in contact with me, which is near perfect timing for the IAM programme. I have passed onto the programme manager in charge of IDM all the contact details I gathered whilst attending Educause, which will be used to help source an IDM solution.

I would like to thank UCISA for giving me the opportunity to attend Educause 2015. It has helped me broaden my networking and knowledge base, learn from my peers, gain a useful insight into how International institutions work, and bring all that I have learnt back to Oxford University and UCISA_PCMG to share with colleagues and peers.

Day Type of Session Presenter(s) Title
1 Session 1 – Opening keynote Daniel Pink (MIT) How small wins can transform your organization (blog post)
1 Session 2 – Presentation Lawrence Bobranski (University of SasKatchewan) A practical approach to risk management that delivers results  (blog post)
1 Session 3 –Poster Myles Darson – JISC National BI Service for UK education
1 Session 4 – Panel Clint Davis, Mike Carlin and Thomas Hoover (UNC and UTC) Transforming IT – a tale of two institutions
2 Session  1- Direct poll Randall Albert (AD, Ringling college of art and design) Project Management (blog post)
2 Session 2 – Keynote speaker Andrew McAfee (MIT) The second machine age: work, progress and prosperity in the time of brilliant technologies 
2 Session 3 – Panel discussion Melody childs, Cathy O’Bryan, Wendy Woodward and Sue B. Workman From IT Support to CIO: A journey of three women  (blog post
2 Session 4 – presentation Emory Craig, Mike Griffith and Maya Georgeiva Wearable tech and augmented vision – Pedagogy in the future
3 Session 1 – presentation Ron Kraemer, Kevin Morooney and Anne West Trust and Identity in education and research identity for everyone  (blog post
3 Session 2- Closing keynote Emily Pillotan If you build it: The power of design to change the world  (blog post)

Looking to the future: sustainable IT and HE web presence

simon

Simon Geller
Senior Project Manager
University of Sheffield
Member of UCISA-PCMG

Day Two at Educause

I started the day at 8am – the Yanks get up early! – with a session on Google Apps. Sheffield was an early adopter of Google so I had an in on this but the session got a bit bogged down in questions about account creation and deletion rather than the potential for collaboration.

Sustainable IT
Then I moved on to a discussion session about sustainable IT. This doesn’t get talked about so much these days – I think one of the reasons for this is that the movement into cloud services means that institutions aren’t quite so conscious of their energy footprint. Also, IT shouldn’t beat itself up too much about how green it is – we enable so much green activity in other areas, from maps and journey planners on smartphones that make people feel more comfortable about walking and using public transport rather than driving, pool bike schemes that you register for online, to smart energy management systems and systems that make industrial processes much more efficient. The future is Green IT that you don’t even notice.

A presentation from the University of Edinburgh on helping non-project managers to deliver success
In the afternoon, I thought I’d better support our Edinburgh colleagues and went to their presentation  on how they provide support for non-vocational project managers. Although the AV wasn’t being helpful the level of resource they had brought to the issue was impressive.

Then I continued on my quest to discover where the web would take us in the next 10 years. The key message from What Will Your .Edu Site Look Like in 10 Years?  is that your web presence will be going out and looking for your customers rather than waiting for them to come to you.

Later I found myself in a compliance session I hadn’t really intended to go, but thought I’d take risk and stick with it. The message I took away from that is that there are two types of institutions – those that have been hacked, and those that had been hacked and don’t know about it. Scary!

The final session I attended that day was a trend analysis run by journalists from the Chronicle of Higher Education , and the takeaway from that was that we used to talk about the for-profit sector, now, in the US at least, the whole area is for-profit. Plus two questions to ask suppliers: “What research is (that assertion) based on? and “What’s the upgrade cycle?” – cutting edge tech doesn’t stay there for long.

 

A practical approach to risk management – two perspectives

Tim Banks
Faculty IT Manager
University of Leeds

 

This is a write-up of a session  I attended on Wednesday at Educause 2015  which was delivered by Bill Arnold, Information Security Analyst at the University of Tampa, and Dr Lawrence Dobranski, ICT Security Access & Compliance, University of Saskatchewan (Canada).

Introduction

The University of Tampa, Florida, is a liberal arts institution and has a student population of around 8,000 students, 65% of whom live on campus. There are 1,200 staff and the annual turnover is c. $235m with an estimated annual economic impact of around $850 million. They formally launched their Information Security Program 3 years ago with the appointment of a Chief Information Security Officer, who reports directly to the President (Vice-Chancellor). Their stated aim is to build a culture of risk management, security awareness and data protection, and as part of this, they have created a cyber-security lab. They achieved ISO/IEC 27001:2013 accreditation in July 2015.

The (often misspelt) University of Saskatchewan is one of the top 15 research universities in Canada with 22,500 students from over 100 countries. They have a 16:1 student:staff ratio and an annual budget in excess of $1bn which includes $9.2m of scholarships and bursaries. They have 120 Graduate Degree Programs (taught postgraduate) and over 200 undergraduate degree programs. It snows regularly and can get very cold! They formally launched their information security program in June 2012, which is centred around the following three areas:

  • IT Security
  • IT Compliance
  • IT Access

It is a risk based program, meaning that priorities for investment and action are based around a risk score. Bill observed that in 2014, cybersecurity criminals were making more money than drug cartels.

A number of barriers to progress were noted which included:

  • Lack of executive support
  • Inadequate investment
  • Ineffective information security leadership
  • Information security ‘unaware’ community
  • Information security gaps especially with respect to 3rd party service providers

Practical steps

  • Ask the right questions to the right people
  • Don’t adopt every aspect of a rigorous standard (like ISO27001), use common sense
  • Focus on information lifecycle
  • Insights will come quickly once you start working with your stakeholders. These will inform your future strategy.
  • Advance planning and effective communication are absolutely essential
  • Don’t use mass surveys (if you actually want people to provide useful information)
  • Decide how you will engage – either in person or through focused surveys
  • Keep the process simple
  • Focus on business processes and impacts on information (e.g. loss / unauthorised access) rather than using technical jargon

The University of Tampa developed a very simple spreadsheet that included each major business unit on campus, each major process within the units and the process owner. The process owner was asked to rank each of their processes on a scale of 1-5 in three areas:

  • Degree of sensitivity of the data
  • Impact of loss of integrity
  • Impact of loss of availability

The average was taken of each of the three scores for each process to arrive at a risk score for the process. A discussion was held with the process owner about the information handling lifecycle involved with each process which covered:

  • Accessing the data
  • Processing the data
  • Transmitting the data
  • Sharing the data
  • Storing the data (in both paper and electronic forms)

They also looked into whether there were any compliance requirements associated with the type of information that was being stored, and determined whether the University IT department or a third party provided the service.

Summary (University of Tampa)
Bill provided the following summary of the University of Tampa’s risk based approach to managing information security.

  • Data Discovery – find out where your confidential data resides
  • Opening the Doors to positive change in University departments. You should be seen not as people who stop departments from doing things, but the people who help them to do it securely.
  • Re-engineering information handling, which will require a change in mindset from both IT and the business
  • Getting everyone to participate
  • Security Awareness (education is key)
  • Once they trust you, they will come (bringing information about risks right to your door)
  • Rinse, wash repeat (continual process)
  • Collaborate to reduce risks

Blog_4__slide1Always remember there are a lot of things we don’t know that we don’t know, as demonstrated by this slide.

 

 

 

 

Summary (University of Saskatchewan)
Lawrence focussed mainly on the best way to present information security risks to University senior management. This is done most effectively when the senior officers of the University understand and accept the cyber-risk. In addition:

  • The information presented must be in a familiar format, as we cannot afford for the busy people we are trying to communicate with wasting time trying to understanding the presentation format.
  • We need to focus on risk information and focus on the high risk areas when talking to the University executive group.
  • Don’t make the visuals too complicated or people will stop listening to you and start focussing all their attention on trying to understand the graphics.
  • Read the IEEE publication (Slide Rules)

During their audit, they discovered an internet accessible incubator control unit with a built in web server. On further investigation, if this had been hacked and the incubators shut down, then thousands of cute little chicks would have died (and research would be put back two to three years). They also found a robot roaming the hall talking to patients which the department was trying to control remotely by adding it to the wireless network. This robot was big enough to cause serious injury to somebody if an authorised person managed to take control of it.

Blog 4_slide2The key stakeholders that Laurence identified were cyber security professionals (never be afraid to ask for help) and the staff and students at the University. It is vital that those closest to the business processes are closely involved in the threat and risk/privacy impact assessment process. The world of cyber security is a fast changing one, so dedicated cyber security professionals, either internal or external are vital in order to keep abreast of emerging threats and techniques to combat them. As an institution, we need to own risk and manage it.

Some particular suggestions for ways in which to present the information security risks included using a Gartner-style quadrant with likelihood on one axis and impact on the other. Then encourage your senior team to only focus on the top-right quadrant, whilst being able to see at a glance the entire risk landscape.

slide3

An alternative is to use a radar plot to display how well the University is doing with multiple aspects of a particular IT security concern.

Overall this was a very informative session with some practical takeaways on how to both manage information security risks and communicate this to senior managers.

 

 

 

 

Motivation and the Nobel Prize

michelleMichelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

A keynote presentation at Educause

In The Cascade Effect – How small wins can transform your organization, Daniel Pink began by discussing motivation from a perspective of science. He said that everyone in the room was an expert in motivation but they might just not realize it! He explained that we also have an explicit knowledge in physics, even though we may not have studied it as our major.

He invited the audience to consider: “When do you reward good and bad behaviour?” and asked us “Does this change behaviour?”  He added that if a larger reward is provided it leads to a poorer performance, according to research, quipping that “this could not happen in the USA but maybe in France!”

Key points

  • Controlling the contingent record: – If, Then, Else
  • Rewards ensure performance, they also get our attention
  • Even for rudimentary cognitive skill, larger reward led to poorer performance
  • Pay people fairly and pay people well

Daniel then cited the following Gallop statistics: three in ten Americans are engaged in their jobs; five in ten are not engaged in their jobs and two in ten are actively disengaged in their jobs.

Key points

  • Engage by being self-driven not by being managed or controlled
  • Traits of a good manager 1. High Standards, 2. Autonomy, 2. Expertise

Outside the day job
Daniel went on to discuss a case study focusing on Graphene which is a material developed by the University of Manchester that is lighter but stronger than steel (it recently won the Nobel prize in Physics). The product was developed not in people’s day jobs but as part of Friday evening experiment time. Staff were advised that do anything they wanted to as long as it wasn’t boring!

He suggested that management teams need to look at putting some time aside. Even if it’s just an hour per week that the staff are away from the ‘phones, they can develop new strategies/improvements in working.

He added: “An email a day keeps the micromanagement away” and advised us to log the progress we make each day as it important to keep our motivation up.

He advised that we schedule weekly 1-2-1 sessions with our staff and vary what we cover, with topics such as:

  • What are you working on?
  • What do you need?
  • What barriers are you facing?
  • What is your long term career goal?

Snake oil or common sense? Demystifying risk management

Tim Banks
Faculty IT Manager
University of Leeds

Let’s face it; risk management doesn’t have the best reputation. Many institutions see it as a necessary evil; something to keep the auditors happy, a document to pull out of the filing cabinet once a year. Something that has to be done, rather than something that people want to engage with. Proper, active IT risk management can be of enormous benefit to an institution and is the foundation upon which professional quality IT services should be built. However, this requires IT staff at every level to see risk management as a live, ongoing process, rather than just an annual activity. We all undertake risk assessments on a daily basis, not because we feel we ought to but because we see the value in doing so. Every time we cross a road, pick a child’s toy up from the floor, prepare a meal or get in a car we are (often unknowingly) assessing likelihood, impact and making judgements on how to proceed based on the overall risk level.

Let’s focus on that last example of driving a car.  The bad thing that could happen (impact) is serious injury or death resulting from a crash. The chance that it will happen (likelihood) depends on a series of triggers such as excessive speed, mechanical failure, poor weather etc.

In order to manage the risk of something bad happening, we implement a series of control measures, each of which requires checking (auditing) at different intervals.

Examples of control measures that reduce the likelihood of a crash are as follows:

  • For example, we make sure that our driving speed is appropriate to the road conditions and monitor this every few seconds whilst driving.
  • We make sure that our car is mechanically sound by putting it through an MOT test every year. However, if we hear strange noises before the next MOT is due, we don’t just ignore them – we make sure that the car is checked out by a mechanic.
  • Tyre condition is something that we would (or at least should) check weekly and when it’s wet, we use windscreen wipers to reduce the problem of poor visibility in wet weather.

Control measures to reduce the impact of a crash might include:

  • Wearing a seatbelt (which we check is securely fastened each trip; the actual belt is tested every year with the MOT).
  • Airbags (again checked every year).
  • Motorway crash barriers (installed and checked by the Highways agency).

When driving, we don’t think it’s acceptable to just check your speed once a year, but equally don’t try and test the airbags every trip. We have an audit schedule that is appropriate for each control measure. Each control measure is audited by somebody appropriate (e.g. qualified, experienced MOT tester, driver, highways agency engineers). Some are within the direct control of the driver, some need to be actioned and checked by the driver and others have to be entrusted to 3rd parties. We should take the same approach to managing risk in IT services.

I have signed up to attend several risk management sessions at EDUCAUSE 2015 and will report back on them in other blog posts.

Enterprise Architecture Trends and Strategies

Allister-Homes-Profile-pic---small

 

 

Allister Homes
Senior Systems Architect
University of Lincoln

Gartner EA Summit Day 2

I’ll take the same approach as the blog post for day 1, summarising the sessions I attended.

Top 10 strategic technology trends for 2015

top 10

I thought this session brought together some of yesterday’s themes quite nicely – I’m not sure if that’s how it was intended or whether it was a coincidence (or even just my interpretation), but that’s how it came across to me.

First of all the presenter explained the traits that the Vanguard Enterprise Architect – Gartner’s term for the architect of tomorrow – will need to have:

  • Futurist, trend spotter
  • Business visionary
  • Technology analyst
  • Strategist (social connector)
  • Educator, communicator
  • Vendor watcher
  • Leader, collaborator
  • Evangelist, catalyst
  • Salesman

We were told that if you see trends in a spectrum, the enterprise architect should consider adopting trends, and how they can help the organisation, during their growth phase – after the emerging phase (when disruption is uncertain) and before they become mainstream (when the disruption is happening or has happened).

The top strategic trends Gartner identified as being of greatest important to EA over the coming years are:

  • Merging Real World and Virtual World
    • 1 – Computing everywhere (think mobile people instead of mobile devices)
    • 2 – Internet of Things
    • 3 – 3D printing
  • Intelligence everywhere
    • 4 – Advanced, pervasive and invisible analytics
    • 5 – Context-rich systems
    • 6 – Smart machines
  • New IT reality emerges
    • 7 – Cloud/client computing
    • 8 – Software-defined application and infrastructure
    • 9 – Web-scale IT (our IT world will look more like Google)
    • 10 – Risk-based security and self-protection

Business outcome driven application strategy
The focus of this session was bimodal application strategies, particularly the use of mode 2. Most IT departments are generally seen as good at identifying savings and efficiencies that an organisation can make, but not necessarily as good at supporting new revenue opportunities and taking advantage of new opportunities. Organisations need to take advantage of business moments – that is, opportunities that arise suddenly and are transient – and if the IT department is not good at responding to those opportunities with the business then they will become marginalised and bypassed. We heard how business moments are human-centric, transient, ad-hoc and blur the physical and digital boundaries. The difficulty for enterprise architects is that it is hard to plan the target state for these business moments when we have no idea what the state will look like until the transient opportunity arises. Instead, we have to design the architecture to be able to respond to opportunities rapidly as they arise.

In bimodal IT, mode 1 is the more traditional way of doing things, is consistent, has steady governance controls and does things ‘the right way’; mode 2 on the other hand has no simple path, is flexible and adaptive. Mode 3 looks more chaotic but it doesn’t have to be. Mode 1 might use a waterfall methodology (but might use Agile) whereas mode 2 can only succeed with Agile methodologies.

It was suggested that when starting out with a bimodal approach, we should first pick a specific project or projects to experiment with. Use agile approaches, devops, create an innovation lab and use small vendors. Then, as competence with mode 2 and a more unstructured world grows, mode 2 can start to be applied in more situations. There are significant differences in characteristics between mode 1 and mode 2 approaches, including funding arrangements, which are less predictable but can be less risky with mode 2. In an Agile project it will be known much earlier whether a project is likely to fail than would be the case in a waterfall project (called failing fast), and much less of the budget would have been spent, meaning the financial risk can be lower. Organisations will probably always have some mode 1, but a bimodal approach will start to displace it to some extent.

This session was presented by the same person who presented Application Architecture for Digital Business yesterday, and the information about app and service style application architecture from that session was repeated in this one. It was suggested that the likes of Nginx and in-memory computing are used for scale and performance. There was also a comment that, for integration, don’t assume the ESB is centre of universe. It is still good for core systems, but gateways (e.g. with APIs) can be faster and easier for mode 2 applications.

Orchestrating Ideation: Creating Breakthrough Innovation Opportunities
The ‘nuts and bolts to drive innovation’ were presented in this session, which concentrated on thoughts for an innovation pipeline. Innovation in many large businesses used to be driven by a small group, perhaps a dedicated Research and Development team. Businesses need to, and are, changing this approach now, partly because it is increasingly possible for someone with a good idea to simply go out and build it with tools at their disposal (cloud-based services in the case of IT tools) without the involvement of specialist teams in the organisation and without any kind of governance or approval. The change of approach needs to move from the likes of R&D teams to the wisdom and diversity of the crowd, and from managing innovation to orchestrating, engaging and motivating the right set of people and guiding them through an innovation pipeline.

Gartner has come up with a way of categorising problems according to their nature and applying different methods to crowd-source solutions depending on that categorisation.

pic 2

Problems can be categorised as complicated (e.g. putting a man on the moon in 10 years), complex (e.g. climate change) or chaotic (e.g. traffic movement). For each categorisation there are different knowledge scopes, and also different approaches:

  • Analysis for complicated, breaking down the problem into smaller pieces
  • Synthesis for complex, aiming for the best outcome to a problem without a way of necessarily knowing if it is ‘solved’ (see yesterday’s blog post for a session that covered analysis vs synthesis)
  • Selection for chaotic, where the whole problem can’t necessarily be solved but solutions can be selected to solve incremental parts of it.

Stakeholders will also vary according to the problem type. This is all much easier to explain using a series of Gartner’s slides, but I don’t think I can reproduce that much copyright material without falling the wrong side of the rules.

When it comes to the type of crowd used to solve the different categories of problems, complicated problems are best solved with specialist teams, e.g. the DARPA robotics challenge; complex problems are solved best with community co-creation, starting with a goal rather than a problem and then selecting the best option, e.g. the way the city of Porto Alegre involves citizens in setting the use of the discretionary budget; and chaotic problems are best solved using the largest possible target audience and giving the community a broad space to get many different ideas rather than setting a specific goal, and then working through filters of selection, development and final launch, e.g. the Department of Work and Pensions’ staff ideas scheme.

All of this needs to be done by putting rules and recognition/reward around a process. Participants are motivated from having autonomy (being part of the change), mastery (developing skills) and purpose (having meaningful contribution). A pipeline provides creative constraints to encourage creativity, because if there are no boundaries or guidance at all it is harder to think of something to be creative with, and organisations should put in place a way of managing innovation portfolios to make the best of crowd sourced ideas.

Digital Business Architecture Fuels Digital Business
At the very beginning of this session, it was emphasised that if you are not doing business architecture you are not doing EA – you’re doing EITA (Enterprise IT Architecture) instead. It was also emphasised that business architects must be part of the EA team, and even if there are reasons why the reporting lines for personnel are different it is still important for business architects to sit with and work with the rest of the EA team in a virtual team. Gartner estimates that by 2017 60% of Global 1000 organisations will execute at least one revolutionary and unimaginable business transformation effort, and if business architects are not an intrinsic part of the EA team then the rest of the architecture will not be able to respond properly to these transformations.

pic 3

My interpretation of this session was that much of it was about what should already be taking place in the business domain of EA, with elements of how to take it a little further. One interesting point is that organisations, people and things (think Internet of Things) will all be equal peers when it comes to digital business designs in future. I thought other aspects, such as how business architects should work on business strategy and goals, fill the gap between strategy and execution, and so on, were what has been suggested for a long time. Business moments were talked about again (see earlier in the day) and likened to lightning strikes of opportunity. The suggestion was made that to gain an advantage and be able to respond more quickly than competitors, business modelling should not stop at the boundary of the organisation; instead, also model the business domain of partners, competitors and customers.

Finally, the presenter urged IT and EA departments NOT to think of, or refer to, the rest of the organisation as customers, because doing so makes IT and EA subservient to the rest of the organisation. IT is intrinsic to most modern organisations and crucial to their futures, and department staff should be thought of as peers.

Three Roadmaps to Guide and Drive Change in Your Organisation
As the title suggests, this session was about roadmaps. The first point was that not every roadmap suits every stakeholder – it’s no good giving a tube map to someone getting the bus. In some cases a particular roadmap might only be relevant to a few technical staff, and there is nothing wrong with that because those people need that roadmap, but it would be a mistake to give the same one to board members. The definition of a roadmap provided by the presenter is that it is graphical, illustrates milestones and deliverables, and shows transition from current to future over specified time. Time is the primary dimension, but additional influencing factors may be shown, and the level of abstraction must be appropriate to the audience and purpose. That leads to the first piece of critical information when creating a roadmap – who and what is it for? By understanding that, an appropriate roadmap can be developed that is fit for the people and for the purpose for which it is being created.

pic 4

At this point similar emphasis to that of the previous session was made about the importance of not thinking of the IT department as separate to the rest of the organisation. You wouldn’t typically talk of the finance department and its relationship to the business, for example, so don’t do it with the IT department.

It was also suggested that staff from within the organisation are sought out for how they can help with roadmaps – many organisations have a marketing department with staff who spend much of their time making things look as appealing as possible, so ask if they can help do the same with your roadmaps for example.

A topology of roadmaps was presented covering quadrants of operational planning, operational execution, strategic planning and strategic execution. Roadmaps tend to fit towards the strategic rather than tactical axis, but lifecycle roadmaps cover some of each because they cover the full life cycle of a capability or system over time. Evolution roadmaps show a specific target state and what components are introduced or removed to support the required business outcomes. An enterprise roadmap shows current and planned strategic change at a contextual level, again including the time dimension. It tracks high level business outcomes linked to KPIs, and indicates change across the whole enterprise rather than just one programme or area of it.

Cloud for US HEIs

face
Caleb Racey
Systems Architecture Manager
Newcastle University
Member of UCISA EACP

 

 

In this blog post I’ll share some of the take home messages from the cloud sessions I attended at EDUCAUSE.

There was a wealth of cloud presentations at EDUCAUSE with several time slots involving a choice between competing cloud sessions.  The American universities seem to have largely got beyond the question of “should we use the cloud?” and are now concentrating on practical questions like “how do we effectively use the cloud?”.  The services used as examples are no longer the low hanging fruit of student email and have moved up the chain to a wide breadth of paid-for services (e.g. CRM, developer services, travel).  The impression I got was that the States has a 2-3 year lead in deploying cloud based services over the UK HE community.  The message of many of the presentations was that the advent of cloud is transformational.  Cloud is driving levels of change in university IT on a par with the two historical seismic shifts of the mainframe to PCs transition and the advent of the internet.

Leveraging collective buying power

Part of the reason for the US HE lead in the cloud appears to be the availability of the  Internet2 Net+ cloud procurement model.  This enables the community to purchase cloud services as a group and use that group leverage to get the services and their contracts shaped to HE requirements. Buying as a community allows them to use best buying practice when it comes to cloud, such as assessing the security of a cloud service via the cloud security alliance’s 136 point assessment matrix, or ensuring contracts have reasonable terms e.g. liability can not exceed purchased value. They also have a mature attitude to cloud service lifecycle with a well defined on-boarding and sun setting process.  While Net+ looks to be a valuable resource many seemed to be buying services on their own.  Salesforce in particular seems to have real traction; Cornell reported that when they mined their payment card data Salesforce was used across the organisation without the IT services involvement.  This was a common theme – cloud sells direct to the end user without reference to IT departments.  Indeed cloud sales activity is often targeted at academics and administrators rather than IT. The need for IT departments to adapt to this change is clear.  With IT now an intrinsic part of the majority of business activities it is inevitable that control of IT is increasingly going to reside in those business areas.  As a provider of enterprise IT the following Oliver Marks quote may be uncomfortable, but it makes it no less true: “cloud companies are cost-effectively emancipating enterprises from the tyranny of IT, solving lots of problems with tools that are a pleasure to use”.

Several of the presentations touched on the impact of the cloud on the IT department.  All presenters said that it had not reduced head count.  Cloud approaches increase the velocity of change and the depth of IT penetration into business processes, the increased efficiency of cloud is counteracted by much greater demand and resulting volume of activity.  This is a common story of conversion of an area from bespoke to utility provision.  The conversion of electricity from self-generated to utility provision saw massive growth in the demand for electricity and electricians.  Penn (Pennsylvania) State said that cloud for them was “about delivering more capability and capacity to their customers”.  For Cornell it was driven by a need to shrink a massive $27 million application budget to something more manageable.  The skill sets required in the IT department change with the cloud, managing services, facilitating, contract and relationship management all requiring development.

Addressing security concerns

The real value of EDUCAUSE for me is in hearing the experience of peers who have led the community in a particular area.  This was particularly true for cloud, it is an area awash with myth, marketing, fear, uncertainty, doubt and undoubted risk. Hearing real experience helps to focus concerns on the real issues.  When I speak to colleagues in my university about cloud,  security is one of the number one topics.  While this was a concern mentioned in the presentations it seemed to be largely a resolved issue.  There was a great quote in the Notre Dame session: “90% of HE already uses a SaaS solution for credit card payments and has for a long time.  Once you have put your highest risk assets (your customer’s financial details)  into  the cloud then most other data security concerns are minor”.  Notre Dame’s session was a particular eye opener, they already have 130+ SaaS service deployed on campus and aim to be 80% cloud based within a couple of years.  The speed with which they are moving to cloud is astonishing.

Lessons for UK HE  

Reflecting on the conference I’m increasingly convinced that UK HE needs to embrace the full breadth of cloud services.  Cloud is here to stay, it will continue to grow and those harnessing it will lead the sector in IT delivery.  A service  similar to the Net+ service would be a major bonus to the community.  Having worked with the JANET amazon AWS pilot I can see  the beginnings of a Net+ style service.  The JANET cloud service is  good, however I can’t see it having the breadth or pace of the Net+  initiative.

The government’s G_cloud  framework  has breadth and pace in spades, it easily outstrips Net+ in terms of size (13,000 services) and velocity.  G_cloud is usable from a university context with individual universities named in the list of eligible organisations.  However its terms and services aren’t tailored to university requirements.  Having investigated G_cloud as a route to procuring two potential services this has proved to be a problem.  In one instance the length of contract was an issue, the capital up front funding of some research projects means that the two year cut off of a G_cloud service makes it unsuitable. In another instance the flat unnegotiable fixed price nature of G_cloud agreements meant it was more expensive than  we could have negotiated directly with academic discount.  The way forward to me seems to be to pursue a multi-tiered approach: call off on JANET cloud services when available, use G_cloud services where suitable,  work with the government digital service to influence G_cloud to include HE specific considerations, and finally procure cloud services directly when the previous two approaches are exhausted.  However cloud is not an area that easily lends itself to tender agreements.  Procuring cloud on an individual basis will see each organisation invest considerable effort into answering the same concerns that many of their peers are also having to address.  While the US is leading the HE community in harnessing the transformational potential of cloud services I can see the real potential for the UK to pick up the pace and take the lead.  A sensible combination of tailored JANET cloud services and  G_cloud’s velocity and drive could act as a transformation enabler in the sector.

Cal Racey