Virginia Tech plans to review its information technology and cybersecurity operations as it asks for campus feedback and employs Deloitte to form a “roadmap” for the department.
The review is designed to identify opportunities on how IT can best address rising cybersecurity needs and better deliver services, Chief Information Officer Scott Midkiff said, and is similar to processes the university previously conducted for its finance, human resources and facilities departments. The initial review is planned for mid-September through Thanksgiving Break, according to a Virginia Tech announcement.
“The goal of this review is to ensure that the university has the tools and resources to support the evolving needs of our staff, students, researchers, and faculty,” the announcement reads.
Once the review is completed, Midkiff said the information can bring credibility to asking for resources and find service duplication or inefficiency where the university “may not connect all the dots ourselves.” The review will also help identify short- and long-term actions to improve cybersecurity operations, he said.
“Security has been top of mind for many years, but it’s certainly at a point where everyone at the university is aware that we’re so dependent upon IT and that the level of cyber threats is so high right now, we need to be making sure that we’re doing what we can to manage cyber risk,” Midkiff said.
Though the CIO’s office is supporting the review, the chief business officer’s office is leading the effort, which is to include surveys and interviews with students and staff, according to the announcement. Midkiff said he sees an opportunity for the review to guide “digital transformation.”
“For us and many universities, [digital transformation is] a really very challenging situation right now,” he said. “We have technical debt from older legacy systems that we are still maintaining and then we have a huge demand for new integrations, new services, and support for those.”
The review will also help guide decisions in balancing resources and staff between central and departmental IT, Midkiff said. Many large research universities, including Virginia Tech, work with a “hybrid” model, he said, but there are many considerations that go into striking the right balance, including efficiencies, specific needs within departments and security.
“There is a role for hybrid IT at a research university,” Midkiff said. “There are services that are best performed at a local level and there are services that are best performed at an enterprise level, because of scale, because of efficiency, because of risk. It’s important to get the balance right but it’s not all centralized. I think also local IT, distributed IT presents opportunities for innovation, [like] innovation and research, innovation and teaching.”
IT often is at the core of institutions’ strategic planning. Michigan State University recently published its 2030 roadmap, which included technology components to boost areas like student success. At the University of Southern Florida, a recently released strategic plan laid out a vision for IT as a centralized department offering resources and training to various departments.