Thoughts from a Higher Ed CIO

Harald Rotter, CIO, University of St.Gallen

Harald Rotter, CIO, University of St.Gallen

We all managed and are still managing the challenges in time, quality and professionality of this pandemic situation together as a team.At the beginning in IT the tools were in focus. Later we gave our attention to class- and meeting-room equipment as well as user support for those tools. It is no secret that in this challenging time topics like i.e. change management got a little bit lost. In a very short time, many adjustments had to be made in our working environment. The digital maturity of a University is, except maybe in research, are probably improvable. In this area training and support was and still is very important to use tools efficiently. After the shock of the first lockdown, it quickly became apparent that the tool heterogeneity tending at universities was increasingly desired orattempted to be reclaimed.Even before the pandemic, the cloud theme in university support functions (services) was occupying us. “Cloud-first” and “Buy-before-make” are our guiding principles. Those we implement consequently according to meaningfulness, economy, proportionalities and data protected feasibility.

Process digitization (considering the end-to-end process) and with it the clarification of data protection as well as IT-security has accompanied us already a long time before. The forced lockdown helped us to an earlier, faster, and more “back-to-standard” tool rollout.

Early recognition and adaption of trends are significant parts of my work today. History showed us that technology can be applied in many ways. And even though we face examples of leaks from dubious or even criminal technologies applications almost daily. But we cannot shut ourselves off from those trends. For a CIO an open but critical attitude is a must have. With this background, I also take a skeptical view of therole of a Chief Digital Officer (CDO)in a company. The modern role of a CIO is not only focusing on running the infrastructure but is also, at the same time, the driving function in digitization in a company.

As I mentioned before, we learned that technical accomplishments were not always used positively. Increasingly we see the same in cybercrime.  The "Everything as a Service" resources that are now available for little money, pose very significant challenges to information technology departments around the world.In my opinion it almost doesn’t matter how well and comprehensive companies prepare. We are always in a reactive and defensive mode. Modern security technologies can support various areas but are only of limited. At the end of the day, it is almost always us human beings, who make companies with our actions, vulnerable. Here we face a big gap in self-perception. Offered training materials areperceived as not needed and thereby not used.  Internal phishing attacks to raise awareness are condemned as “not appropriate”. But still are exactly those obvious campaigns aremostsuccessful. It is important that we as an IT-department don’t get discouraged. “Little strokes fell big oaks” is ourmotto and it is crucial to just keep on going. We also know this "not achieving 100%" from service management. Even there, a service level agreement of 100% is an illusion in my opinion.

Although I think the pendulum is swinging a bit too far in the area of data protection, the topic is important and is now part of everyday life in the IT’s of this world. I think it is crucial to find a middle ground in a timely manner so that data protection does not mutate into an obstacle to digitization. Here, legislation is also called upon to find a balanced medium.  Within the organization, however, the issue of data protection helps us to get a grip on the uncontrolled growth of tools. Otherwise, there is little we can do about it.  The implementation of a preliminary clarification (VAK), a risk analysis (DSRA) or a data protection impact assessment (DSFA) forces everyone involved to face the issue. Often, a tool that has already been tested and approved is then suitable and appropriate. 

In all my online participations in various "CxO formats" over the past 12 months, the implementation measures were usually the main topic. And this despite the fact that the majority of universities had set similar challenges and actions. It seems to me that we are currently busy showing off how well we have done our work. But while doing so we almost forget to look to the future. What subjects will we face in three years, in five years? How can we support our companies in the digital transformation, which is far from being stable? We all know too well that a tool is just an instrument for a job to be done. And bad processes leads to even worse or more expensive digital processes.

With this in mind, I hope that we will all soon be looking more to the future so that we can not only react appropriately, but rather act proactively. I look forward to the future discussions so that we can continue to support our ventures in the best possible way in the years to come. The momentum is on our side - let's use it meaningfully!

Information Technology

Change Management

Digital Transformation