A series of 118 infrastructure reviews with Jisc members between 2016-2020 have highlighted the extensive risks associated with long-term under-investment in IT and digital infrastructure, throughout the UK further education (FE) and skills sectors.
The report gives a summary of findings for each of the key areas below, with advice on how Jisc can help:
- Strategic considerations
- IT support
- Servers and storage
- Enterprise applications
- Device management
- The importance of a technical senior role
When organisations have a CTO, CIO or head of technology type senior role, they are able to make embedded use of technology due to improved organisation-wide technology decision making that occurs in the right place and time to make a positive difference to service delivery.
- Most colleges find capital spending on IT infrastructure difficult
The ongoing FE funding challenges have led to a large number of out-of-date core infrastructure systems are continuing to be used, even when manufacturer or vendor support has ended.
- IT support teams in FE have reduced in size, particularly over the last two years
The average IT support staff to supported user’s ratio in general FE colleges now stands at 814:1 - this is a substantial rise and, in our view, too high to ensure a good quality IT organisation. In most colleges an IT skills shortage of some kind was reported, and in too many cases IT staff who left were not replaced.
- Most organisations can improve elements of their networking provision
In most cases these concerns are down to a lack of capital investment over time. Only a small minority of FE colleges have a resilient internet connection, this is a particular concern given the increased use of cloud hosted software as a service (SaaS) applications that the sector is now making use of.
- Servers and storage provision are impacted by difficulties associated with capital funding
This can mean that resilience is insufficient, or capacity is constrained. For most colleges, the growth in the use of SaaS has not been matched by the use of IaaS (infrastructure as a service).
- Device management can be improved
Whilst the majority of colleges undertake Microsoft operating system and application patch management in a secure way, other third-party software management is often not as rigorously enforced. Mobile phones are rarely managed by mobile device management (MDM) systems, which may cause data protection concerns.
- Backup and disaster recovery preparations can be improved
The age of some systems mean they may not include logically or physically offline backups which can leave organisations without useful mitigations to recover from common cyber security threats.
- Data and information security can often be improved
This could mean using mass storage policy enforcement, the use of compliance tools and through encrypting laptops and other mobile devices.
- Lack of cyber security certifications
Most organisations do not yet have cyber security certifications in place, such as Cyber Essentials, but recognise the need for these.
- A joined-up approach to accessibility and assistive technology
The most mature IT organisations join up accessibility and assistive technology provision sufficiently with the IT team to ensure there are no missed opportunities to improve support for disabled students.
About the organisations reviewed
The majority of these infrastructure reviews were carried out for further education (FE) and skills members. This may be due to FE organisations generally having smaller IT teams than their counterparts in higher education. It aims to be a supportive process to enable service improvement.
We believe this report covers the ‘middle range’ of Jisc members in terms of IT resourcing or IT / digital maturity levels, with reviews undertaken with members who represent both ends of this continuum.