Higher Ed’s Ultimate Guide To Cloud Computing

Higher education is jumping into the cloud with both feet. According to a new report by the Campus Computing Project, 89% of higher ed currently uses or is actively consider cloud services. I found that figure quite startling as I hadn’t thought that many schools were moving into the cloud just yet. Apparently I was mistaken.

Drilling down a bit more, Google has revealed that more than half of those schools involved with cloud computing are either using or considering Google Apps. Currently, 62 of the US News and World Report’s top 100 Universities are using Google Apps for Education. Schools that have recently selected Apps for Education as their collaboration platform include Harvard University, University of Texas at Austin, Wellesley College, University of Amsterdam, Stanford Graduate School of Business, University of York and University of Bristol.

In addition to these new schools, Google is also bringing some new integrations to Apps:

  • OpenClass: Pearson has developed a free cloud-based Learning Management System that is tightly integrated with Google Apps and provides a new kind of learning environment that stimulates social learning. This is available in the Apps Marketplace.
  • SlideRocket EDU: This presentation software integrated for cloud-based collaborative education enables you to unleash the creation, sharing and communication of ideas with an online application that connects with content in Google Apps for Education and is available on any device or browser. This is available in the Apps Marketplace.
  • Blackboard Bboogle: Last year, Northwestern University presented their popular Bboogle (Blackboard + Google) application at our EDUCAUSE booth. Bboogle has now been certified by Blackboard and is available to other universities as a Building Block through Blackboard’s Extensions website. Bboogle enables instructors to link Blackboard course sites directly to Google Docs, Calendars and Sites without requiring a second login. And by automatically setting permissions for editing, it helps encourage and facilitate collaborative instruction.
  • Desire2Learn: Users will soon be able to add widgets to Course Homepages that make it easy to view unread email messages in Gmail, keep track of upcoming events in Calendar, and submit assignments created in Docs.

All of these announcements were made at this year’s Educause conference at The Academy of Natural Sciences in Philadelphia. Here’s a quick Google-produced video detailing why schools are ‘going Google.’

All this discussion about the future of cloud computing left me with more than a few questions. During my research to answer those questions, I thought it might be helpful to share my findings with the Edudemic audience. Below is an assortment of references and materials detailing exactly what cloud computing is, the problems associated with it, and key considerations to make before taking the plunge.

What Is Cloud Computing?

While there is a lot of discussion about what “cloud computing” really means, at its most basic sense, it is one party such as a university customer obtaining IT services from a provider. The National Institute of Standards and Technology has a more detailed definition of what cloud computing “is” here. UniversityBusiness.com boiled that definition down into 4 main layers:

  • Infrastructure as a Service (“IaaS”) – some service providers offer cloud-based storage, much the same as a campus storage area network (or SAN);
  • Computing as a Service (“CaaS”) ? sometimes included in IaaS, CaaS service providers offer access to raw computing power on virtual servers, such as Amazon’s EC2 service;
  • Platform as a Service (“PaaS”) – certain providers are opening up application platforms (as opposed to the applications themselves) to permit customers to build their own applications using that platform’s underlying operating system(s), data models and databases, pre-built application components and interfaces;
  • Software as a Service (“SaaS”) ? application service providers have been hosting applications for quite some time, but the difference with SaaS in the cloud is that the servers hosting the applications are also virtualized.

In my search for a simpler way to define cloud computing, nearly all definitions dealt with how it affects businesses. This is not surprising but makes it somewhat difficult to find an adequate multimedia presentation on what cloud computing is all about. However, I found this business-centric video that does a great job detailing what cloud computing is with some entertaining cartoon work. Enjoy!

Why Use Cloud Computing?

McKinsey suggests that “using clouds for computing tasks promises a revolution in IT similar to the birth of the web and e-commerce.” Burton Group concludes that “IT is finally catching up with the Internet by extending the enterprise outside of the traditional data center walls.”

Writers like Nicholas Carr argue that a so-called big switch is ahead, wherein a great many infrastructure, application, and support tasks now operated by enterprises will—in the future—be handled by very-large-scale, highly standardized counterpart activities delivered over the Internet.

The prospect of a maturing cloud of on-demand infrastructure, application, and support services is important as a possible means of:

  • Driving down the capital and total costs of IT in higher education
  • Facilitating the transparent matching of IT demand, costs, and funding
  • Scaling IT
  • Fostering further IT standardization
  • Accelerating time to market by reducing IT supply bottlenecks
  • Countering or channeling the ad hoc consumerization of enterprise IT services
  • Increasing access to scarce IT talent
  • Creating a pathway to a five nines and 24 × 7 × 365 environment
  • Enabling the sourcing of cycles and storage powered by renewable energy
  • Increasing interoperability between disjoint technologies between and within institutions

Commercial enthusiasm for cloud computing tends to cluster around agility, economics, and the size of the in-house IT organization. One interviewee drove home the ease of deployment (agility) argument vividly: “If you are Flowers.com and your steady state business is punctuated by massive demand spikes on Valentine’s Day, Easter, and Mother’s Day, access to public cloud services represents a great opportunity to grow your IT infrastructure quickly during times of peak demand. This use of cloud services solves a very real business problem in a very cost effective manner.”

The Challenges of Cloud Computing

Cornell University has a terrific site dedicated to describing the issues and concerns that surround cloud computing. From saving money to being more eco-friendly, they have a terrific outline.

Some of the “cloud’s” most attractive features are the ability to purchase resources on an as-needed basis and to avoid capital costs and internal operation expenses. A low price point and nimble accommodation of both quality and kind of demand also recommends it, as well as contracted upkeep and compliance with regulatory and technological standards.

Delivery of those services occurring on and through the network most frequently with commercial, for-profit entities implicates outsourcing. “Greener,” flexible, and transparent costs must be balanced against loss of on-site, local expertise; the freedom to collaborate with other information technology shops around the country if not the world; and the loss of control over the services that support the missions of higher education. Some might even argue that the overall dependency that outsourcing creates for higher education on commercial services is inimical to the role that higher education plays in American and global society as a principal source of free inquiry and pure innovation.

At a more granular level, most CIOs currently have concerns regarding information security and privacy, ranking these as the number one risks to emerge from an outsourcing cost/benefit analysis. As vendors recognize the need to provide services that meet or exceed the full spectrum of legal regulation and technical security requirements colleges and universities face, in particular the requirement to protect education records, entities will build those requirements and protections into their services.

It is therefore all the more imperative that colleges and universities collaboratively create a consensus around a baseline set of standards to render outsourcing a viable choice and to create competition within the marketplace for those vendors most willing to tailor their services to the specific needs of higher education.

The collective experience of a number of universities that have contracted with Google for email services is an example. Technologists, attorneys, and IT policy personnel first observed that Google reused the same foundational contract for all of the schools with whom it was negotiating and that in early negotiations, Google was resistant to changing contract language.

As a number of schools placed more pressure on Google to amend its language, particularly to address FERPA concerns in outsourced faculty and staff mail, Google became more willing to negotiate those terms and assume responsibility to maintain the privacy of those records in the same manner as is required of institutions. Indeed some institutions, including Cornell, insisted that the language regarding FERPA protections also be included in contracts for the sourcing of student mail, although an informal consensus of attorneys who work closely in this area do not believe that institutional liability for FERPA violations lies in student mail. Although a small example, this one with Google may be a positive sign that if and when colleges and universities place clear, consistent expectations on vendors, the market may induce vendors to work productively with our institutions.

What Cloud Computing Means To Higher Ed

50% of energy usage in Higher Education from laptops used by students. The highest carbon footprint is actually from the production of these devices used (60%). With around 4-5million students using laptops, this creates 1.55 Million Tonnes CO2e. iPads conserve less energy but we now have so many personal devices each, consuming more power. Yet mobile services increasingly get their information from online servers in the cloud. Cloud is simply outsourced code and storage, which is much more flexible to fluxes in demand.

EDUCAUSE’s 7 Things You Should Know about Cloud Computing

What is it?

In its broadest usage, the term cloud computing refers to the delivery of scalable IT resources over the Internet, as opposed to hosting and operating those resources locally, such as on a college or university network. Those resources can include applications and services, as well as the infrastructure on which they operate. By deploying IT infrastructure and services over the network, an organization can purchase these resources on an as-needed basis and avoid the capital costs of software and hardware. With cloud computing, IT capacity can be adjusted quickly and eas- ily to accommodate changes in demand. While remotely hosted, managed services have long been a part of the IT landscape, a heightened interest in cloud computing is being fueled by ubiquitous networks, maturing standards, the rise of hardware and software virtualization, and the push to make IT costs variable and transparent.

Who’s doing it?

Cloud and cloud-like solutions appear to be widespread and growing in higher education, though in relatively focused areas, such as student e-mail. E-mail notwithstanding, higher education institutions are more likely to obtain new services from the cloud than to transition established services that have long been operated by the campus. Many colleges and universities see pockets of cloud service usage in other areas, often led by individual faculty or students looking for the added flexibility and convenience that the cloud can provide. Among the drivers that are encouraging more institutions to contemplate cloud services are budget pressures, calls for increased reliability of and access to IT systems, and the need for institutions to provide timely access to the latest IT functionality.

How does it work?

In traditional enterprise computing, IT departments forecast demand for applications and capacity and invest time and money to develop those resources in-house or purchase them from others and operate them in-house. With cloud computing, institutions procure IT services from remote providers, and campus constituents access these resources over the Internet. E-mail, for example, long considered a staple of an institution’s IT operations, can be obtained from a range of sources, and a growing number of campuses contract with outside suppliers for this function.

Software is hosted by the provider and does not need to be installed—or maintained—on individual computers around campus. In some cases, a large university or a consortium might become a provider of cloud services. Storage and processing needs can also be met by the cloud. Institutions pay only for the resources used, and users can access the applications and files they need from virtually any Internet-connected computer. In a mature cloud computing environment, institutions would be able to add new IT services or respond to changes in capacity on the fly, saving capital costs that can be redirected to programs of strategic value to the institution.

Why is it significant?

Cloud computing presents IT organizations with a fundamentally different model of operation, one that takes advantage of the maturity of web applications and networks and the rising interoperability of computing systems to provide IT services. Cloud providers specialize in particular applications and services, and this expertise allows them to efficiently manage upgrades and maintenance, backups, disaster recovery, and failover functions. As a result, consumers of cloud services may see increased reliability, even as costs decline due to economies of scale and other production factors. With cloud computing, organizations can monitor current needs and make on-the-fly adjustments to increase or decrease capacity, accommodating spikes in demand without paying for unused capacity during slower times. Aside from the potential to lower costs, colleges and universities gain the flexibility of being able to respond quickly to requests for new services by purchasing them from the cloud.

Cloud computing encourages IT organizations and providers to increase standardization of protocols and processes so that the many pieces of the cloud computing model can interoperate properly and efficiently. Cloud computing’s scalability is another key benefit to higher education, particularly for research projects that require vast amounts of storage or processing capacity for a limited time. Some companies have built data centers near sources of renewable energy, such as wind farms and hydroelectric facilities, and cloud computing affords access to these providers of “green IT.” Finally, cloud computing allows college and university IT providers to make IT costs transparent and thus match consumption of IT services to those who pay for such services.

What are the downsides?

Cloud computing introduces significant concerns about privacy, security, data integrity, intellectual property management, audit trails, and other issues. Because higher education is subject not only to institutional policies but also to a broad range of state and federal regulations, these issues are complex and become even more difficult in the context of inter-institutional cloud initiatives. Because of the control that consumers of cloud services cede to providers, successful initiatives rely on a high degree of trust between a college or university and a supplier, including confidence in the provider’s long-term viability.

Where is it going?

The emergence of cloud computing as a viable option for a growing number of IT services speaks to a level of Internet penetration and infrastructure maturity that did not exist just a few years ago. Analysts expect cloud computing to see mainstream adoption in 2–5 years, and some higher education IT leaders believe that cloud computing programs on campus will increase considerably in the coming years. To the extent that these efforts are successful, confidence in the model and trust in providers will grow, and institutions will be more amenable to transferring a larger number of services to the cloud. Conversely, a breach of trust by a cloud provider would likely leave institutions uneasy about cloud services.

Although the benefits of cloud computing are becoming more tangible, significant policy and technology issues must still be sorted out for it to reach its potential. Even as “public” clouds are being developed, a new class of “private” clouds is taking shape. Whereas public cloud providers offer relatively undifferentiated services, private clouds pursue similar economies of scale but do so while preserving the ability to customize applications and services for consumers. Large organizations, such as statewide offices for higher education, for instance, might invest in cloud services for all the institutions in the system. As greater numbers of campuses consider cloud computing, services that have institutional identification or integration needs are less likely to be sourced from the cloud, and a heterogeneous mix of services—some from the public cloud, others from private clouds, still others developed in-house or purchased and customized—is likely to characterize most institutional IT portfolios.

What are the implications for higher education?

Colleges and universities are expected to provide a wide and growing array of technology services, some of which are highly specialized or idiosyncratic to individual campuses, whereas oth- ers simply need to be available. By offering commodity services over the Internet, cloud computing offers one way for institutions to increase operational efficiency and focus scarce resources on services that are institutional differentiators. Operating in a cloud environment requires IT leaders and staff to develop different skills, such as managing contracts, overseeing integration between in-house and outsourced services, and mastering a different model of IT budgets. Cloud services might facilitate inter-institutional collaboration because they are more easily accessed by students and faculty at disparate institutions. In addition, despite the potential security risks posed by cloud services, some would argue that cloud services offer more security than on-campus solutions, given the complexity of mounting an effective IT security effort at the institutional level. Source: Educause, August 2009

10 Important Legal Considerations

Below is a list of the top ten issues that warrant particular attention in outsourced vendor contract negotiations that would be typically involved in shifting to cloud computing. Source: Cornell University.

  1. Information Privacy and Security
    1. Regulation
      Contract should require the entity to maintain all of the legal technical and procedural requirements of all public privacy laws, including but not limited to the Privacy Act of 1974; the Family Education Rights Privacy Act of 1974, amended; the Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactions Act of 2003; the Health Insurance Portability Accountability Act of 1996, as amended; the Gramm-Leach-Bliley Act of 1999; and the Payment Card Industry Data Security Standards, most recently updated as of 2008.
    2. Identity Theft
      To date no federal law requires notification in the event of a breach of personally identifiable information.  A majority of state laws do, and interpretations about how and in what ways they apply to other states differ among legal theorists.  This uneven and ever-changing landscape makes clear and consistent contractual language difficult to impose.  Be that as it may, institutions may decide either to impose those rules found in their home state or to require the entity to adhere to the state with the most rigorous standards of notification and protection.  A third approach may be for the institution and the entity to create its own standards for the management of breaches that would include provisions about who reports the matter to whom, the test for a breach and the technical criteria used to do the assessment, and finally which party has responsibility for notifications and follow up, such as credit reporting arrangements.  Indeed, such efforts, if done collaboratively among institutions and smartly with the vendor could in fact lead to adoption by the federal government at such time as it will almost inevitably pass legislation.
    3. User Privacy
      Allegedly “free” services require the entity to ask the question of “what is in it for the vendor?”  For many web vendors, their business model revolves primarily around advertising; marketing plays a supporting role. In order to achieve that goal in a highly competitive environment, vendors must take advantage of the information under their control; for example, user web search terms and the content of stored information in mail or other file folders. Data mining, aggregation, and sale for targeted marketing is a very significant portion of their revenue.  It is therefore imperative that an institution representing its users must examine its own culture, law, and traditions in the area of information privacy and be prepared to make clear claims regarding what is and is not acceptable behavior on the part of the vendor.For example, the current standard Google student mail contracts reveal nothing about what Google does with web search terms.  It clearly states that the stored mail will be mined, but anonymized, and that not until the student graduates will it feature advertisements on the site.  Some institutions may want to bear down on these issues, for a minimum requiring that if Google does mine search terms, that it do so mechanistically and with anonymizing features.  Moreover, most institutions would want assurances up front that no personally identifiable information will ever be aggregated for advertising and marketing purposes while the user still uses the account as a student.  For faculty and staff mail services, the institution might want to make that assurance a permanent feature of the agreement.  Finally, opt-in and opt-out services might also be offered, for example, on user search terms.  The institution would contract explicitly on this point to be sure not only that options exist, but also that clear user education and training materials include information about all of these features and about how a user may optimize the privacy of their communications.  Specific points to clarify might include: information about any anonymization techniques that the entity uses to separate information from user identity; whether the entity captures search terms and/or queries; whether the entity does or does not associate those terms and queries with individual users; what the entity does with and how it manages the security of that information; whether it sells the information; how long it maintains records of individual’s searches; what other uses it makes of that information; and that the entity promises to permanently purge that information as of a specified date.
  2. E-Discovery
    The institution should, before entering into contract negotiations, do a cost-benefit analysis of how and in what ways to manage e-discovery concerns for which it maintains liability.  For example, no liability may attach to student mail, but most certainly the institutions must consider e-discovery implications of sourcing faculty and student mail, as well as materials sourced in course management systems or data centers.  Entities such as Google offer services, such Postini, which the institution should consider as a part of its analysis in the context of its entire sourcing portfolio, together with whatever in-house technical, policy, and procedural approaches that the institution may already have in place and in which it may have made significant investments (for example, inventory materials, appropriate offices designated to engage with affected parties, technologies such as back up systems prepared to make non-deleting continuous back ups, and the necessary policy materials used to educate and inform affected parties).
  3. Patent Infringement
    Entity should be willing to warrant that they actually own the technologies and business processes foundational to their operations and indemnify the institution against any potential patent infringement action that should come about as a result of its technologies or business processes.
  4. URL Terms
    Entity should make explicit in the contract exactly what other terms of the agreement are included by incorporation via links, URLs, or any other documents associated with the contract.  Moreover, the entity should promise not to alter any of its material terms in those incorporated documents and to service notice on the institution and/or its users in the event of any non-materials change.
  5. Export Controls
    The United States has specific export control laws which the institution and/or its users may be in violation of if the entity stores (and possibly even if it transmits) certain kinds of encryption software not allowed outside of the U.S.  In the event that the vendor/entity has data and/or routing centers outside of the United States, the institution must either restrict such users from those services, or contract with the entity to promise that such data is neither stored not transmitted outside of the United States.
  6. Service Level Agreement
    The institution should insist upon clear language from the entity about how much lead time each party requires before implementation of the agreement and what, if any, penalty exists for failure of a timely implementation.
  7. Suspension/Termination
    The parties should make clear for what specific reasons either party can suspend or terminate the agreement (taking into account a reasonable time period for the institution to either rebuild its services or to shift to another vendor) as well as how, in what ways, and in what time frames the institution will have access to its information, stored or continuing to be transmitted, before, during, and after suspension or termination period.  In the case of institutional information, the contract should be crystal clear about what happens to the information after termination of the contract; one could hardly imagine a case where the rule would not require the entity to instantiate that information for the institution and to destroy its copies.
  8. Extraordinary Circumstantial Access to Information
    The institution should outline the specific circumstances whereby it demands and expects information from the entity or vendor, for example, in instances of a concern for the health or safety of a student, to check on that student’s use of e-mail services and possibly even the content of his or her e-mail messages.  The institution should review its existing or desired practices in this area (death of student, health or safety emergency of the individual, health or safety emergency of the institution or other people) and establish a process by which affirmations may be offered as to the circumstances and promises for prompt response, especially in urgent emergency circumstances per an agreed upon procedure.  In the case of faculty and staff mail, again the institution should first review its own policies and procedures for access or disclosure of such information (content as well as system and network logs) and attempt to incorporate such access rules and procedures in the context of the relationship between the vendor and the institution.  Additionally, the contract should incorporate the ability to review the procedures for effectiveness and efficiencies according to technological, social, or other changed practices.
  9. Warranty and Indemnification
    Most likely, vendors or entities do not provide a warranty of anything!  This area of the contract can be a “throw away”—that is, a meaningless term stating that the entity makes no warranty (which, in the case of negligence, will not absolve its liability).  Indemnification is the other side of the coin. It is not reasonable to list out every possibility of what a vendor might attempt to indemnify itself against in a contract.  The institution should nonetheless scrutinize this section carefully to see whether the entity is using the section as a “get-out-of-court-free card” or similar kind of provision or if the entity has narrowly tailored the section to indemnify it against actions that are in fact not its responsibility.
  10. Choice of Law and Jurisdiction
    By contract, vendors commonly choose their own jurisdiction.  The preferred position is to eliminate this provision from the contract altogether and rely on existing jurisdiction law in the event of a suit.  In most cases that means that if the vendor brings a suit against the institution, default rules of civil procedure require the vendor to bring it in the institution’s location, which usually, although not always, is the preferred posture.

A Discussion Paper for the May 2009 Meeting of the Common Solutions Group

Brad Wheeler, Indiana University

The following essay offers some unrefined thoughts regarding how models for aggregating scale in IT services – clouds, software as a service (SaaS), infrastructure as a service (IaaS) in today’s lingo – may evolve for universities.  Its purpose is to encourage thought, surface assumptions, and spur dialogue to help reach a point of timely action by interested institutions.  The focus is on the needs and abilities of R1 institutions, though the ideas may have merit for others as well.  I hold as an assumption that the aggregated services of greatest interest to institutions must have some sustainable economic model, so in some respects, they are not hugely different from the Service Bureaus that preceded them decades ago – though the connection speed has vastly improved.

The central question is  to what extent should IT services be aggregated and why?  If there is an affirmative answer to aggregation, then the second question is through what models should IT services be aggregated, provisioned, and governed?

Aggregating IT Services

The aggregation question is familiar territory for campus IT leaders, and it is often part of an ongoing balancing of service provision among edge and leverage.  For simplification, edge means a service is provisioned by an academic/administrative department as desired and leverage means it is provisioned through some aggregation.  For many of us, we long ago aggregated campus email services into a common, leveraged service.  Likewise, we did this with Course Management Systems and administrative systems.  We did so to seek efficiencies in the total cost of operations and in providing a common platform for users who move among schools and departments.  We have also chosen to rely on edge provision for some services where specialized domain knowledge, proximity of staff (i.e., boots on the ground), lack of net efficiency gain via aggregation, agility, or frankly politics made this the better choice.  In some cases, service provision can be productively split between some leveraged back office component and some edge, local services component.  It is useful to note that, though similar, Edge/Leverage is not the same as Centralized/Decentralized, but that is another paper.

Thus far, most of our aggregation questions have been in the realm of aggregation in a school, on a campus, multi-campus institution, or possibly some in state consortium.  Growing network capacities, perceived commoditization of some services, and service offerings from Amazon, Google, IBM, and others proffer a level of aggregation for service provision that is ‘Above Campus.’  They also offer services directly to campus units, enabling horizontal aggregation across campuses rather than vertical aggregation on a single campus.

For example, the College of Engineering at a dozen institutions could choose to aggregate email or another service and individually or collectively contract it to a commercial firm independent of campus aggregation.  In essence, the commercial firm becomes the coordinating mechanism for aggregation rather than the CIO.  Is that a problem?  I don’t think so if it is done in a policy-compliant way that does not impose unacceptable risks on the institution.  Is it the best path?  I remain skeptical in the sustaining value of these arrangements over time, but some services can evolve on short-term bases due to low switching costs.

It may be helpful to further define the terms IT service and provision.  A service could be something like an email account, remote PC backup/archive/retrieval, data set storage, support desk, HPC MPI code optimization consultation, licensed software distribution, etc.  A service also has elements of contracting, legal/policy compliance, evolution and improvement, measurement regarding cost/effectiveness, and user support, etc. as essential parts of an overall service.  Provisioning defines the means through which these components of a service are made available, e.g., in an academic department, via a shared service unit of a campus, through a consortium like HathiTrust, or as a free or for-fee service on the Internet.  At present, I would not include Sakai, Kuali, or Fedora as provisioning IT services, but the CIC’s OmniPoP for networking, HathiTrust for scanned books, and of course, Google or Microsoft Live mail are examples.

Service-Model Matrix

The two questions posed above proffer a matrix for considering types of IT services and means of provisioning (Models).  The models seek primarily a means to achieve economies of scale in efficiency and innovation that would not otherwise be accessible within an institution.  Scale, however, requires some commonality and standardization.  It seems unlikely in the near term that institutions could operate their financial systems in an above campus model for scale (other than simple hosting) as the disparity and specialization to each institution remains large (the merits of that disparity regarding the core missions of research and education could be another essay).

One option, of course, is that institutions could entirely drop providing a service through any means.  They could direct individuals to make use of the public services of their choice through their own means (e.g., personal email, S3, Flickr).  For services that are to continue, I’ll propose four provisioning models though the fourth one has two variants.

  1. Baseline: Each institution provisions a service best suited to the edge/leverage culture of its institution.
  2. Commercial Sourcing (COMSo): Provision is shifted entirely to a commercial service provider via institutional contract (student mail is a leading example of this as is iTunesU).
  3. Institutional Sourcing (INSo): An institution provides an IT service to other institutions via contract and fee.
  4. Consortium Sourcing (CONSo): Institutions aggregate demand, define service levels, and governance for a service then source the provisioning of that service to (a) commercial providers and/or (b) institutional providers.

An illustrative and incomplete matrix might look something like this for a particular institution (Summer 2009):

The Commercial, Institutional, and Consortium sourcing models essentially differentiate on the basis of the coordinating mechanism used to achieve economies of scale in operations and innovation.  Each involves a money flow from institutions to an aggregation point for service provision.  I believe there are many subtle and important differences in these three models that merit extended scrutiny.  History instructs us that each model has a potential risk and reward profile, and no model is a silver bullet over the full lifecycle of an IT service.

I suspect that answers for each institution will vary, and answers for an institution will shift over the years as the risk and reality of the services and the models mature.  For a specific IT service, some institutions may already have sufficient size and scale to hit favorable economics, and some institutions can aggregate across multiple campuses to achieve favorable economics.  For other institutions, simple two- or three-way partnerships may produce scale at low coordinating cost.

The COMSo model is generally well understood in the realm of standardized uses.  For example, few institutions print W-2 tax forms in-house or provide online access to them over the years.  Most of us use a COMSo model for this as it is economically efficient and addresses a highly standardized service requirement even if there are variations in our payroll systems and data.  Contracting with one provider or another, switching providers should there be issues, and dealing with service level agreements is not onerous for an institution.  It is doubtful that aggregating demand from multiple institutions to contract with a single commercial firm would yield cost reductions over the increased coordination costs.  Few of us care how to become experts in W-2 services.  Thus, for this commodity service that is similar across many industries, it is economically efficient for 1:1 contracts and loss of any organizational learning from this activity.

Without any surprise to my colleagues, you will rightly anticipate that I find the Consortium Sourcing model the most promising for IT services that are core to our primary missions of research and education over the next 5-10 year horizon.  I will use the remainder of this essay to focus on opportunities and challenges for CONSo, and I am hopeful that others will expound upon the CONSo and INSo models.

Path Forward

My colleagues know that I have no illusions regarding the substantial challenges of sustaining multi-institutional aggregations of effort.  It is those very experiences, however, that give me confidence that CONSo is a viable mean of accessing economies of scale in efficiency and innovation beyond what any institution can do on by itself.  How many consortiums?  Fewer is likely far better than more, and in some cases, we may find that existing collaborations / organizations, e.g., Fedora Commons?, Kuali?, RONs?, Internet2?, EDUCAUSE?, CIC? could be CONSo providers as well.  I also favor light-weight coordinating mechanisms and agreements that can operate in a philosophy of solving problems when they arise over detailed contracts that will likely prove ineffective anyway in the face of real challenges.

If there is merit in the CONSo model, how do we get started?  I anticipate that CONSo provision of IT services will likely come from a ‘coalitions of the committed’ approach.  Institutions that see similar opportunities at similar times can choose to pioneer CONSo arrangements and build them so they are expansible to others later.  It is entirely fair to balance risk and reward in these arrangements so those who take greater risks in the beginning do have a greater role in shaping services and governance.  Not every institution needs to – and couldn’t possibly – participate in each CONSo service as it develops.  Our community as a whole, however, will benefit from parallel development of CONSo services that we can each join in when or if it is a service model that meets our institution’s needs. -Brad Wheeler, Indiana University

What Do You Think?

Will your school jump into the cloud? Should it wait? The future may seem bright for cloud computing but I’m curious to hear what you think. Should all schools move to an outsourced solution or is cloud computing not mature enough?

Now that you’ve read every one of these 6,100+ words in the ultimate guide, you’re an expert. So weigh in down in the comments or on the Edudemic Facebook page.