Why Cyber Insurance Renewals Are Getting Denied and 4 Fixes Higher Ed Leaders Must Implement Reading time: 4 minutes Cyber insurance was once viewed as a financial safety net for colleges and universities facing cyber threats. Today, that safety net is becoming increasingly difficult to secure. Across the United States, higher education institutions are encountering unexpected challenges during cyber insurance renewals. Some are seeing premiums rise sharply. Others are facing stricter underwriting requirements. In the most concerning cases, renewals are being denied entirely. Insurance providers are reassessing risk across higher education cybersecurity environments after years of escalating ransomware attacks, data breaches, and operational disruptions. Carriers now demand evidence that institutions have implemented strong cybersecurity controls before they will approve coverage. For CIOs and institutional leaders, this shift reflects a broader reality. Cyber insurance is no longer a substitute for cybersecurity maturity. It is a reflection of it. Why Cyber Insurance Renewals Are Becoming Harder for Colleges Ransomware in universities has surged in both frequency and severity. Institutions store vast amounts of student records, research data, financial information, and intellectual property. At the same time, decentralized networks and aging infrastructure create complex security environments. Insurers have recognized that many colleges carry higher cyber risk exposure than corporate organizations. As a result, underwriting processes have become significantly more rigorous. Common factors driving cyber insurance denials include: Lack of multi factor authentication across critical systems Incomplete incident response planning for colleges Insufficient monitoring of network activity and threats Weak backup and disaster recovery validation Limited oversight of third-party vendors and cloud platforms From an insurer’s perspective, institutions without these controls represent unacceptable financial risk. As policies renew, insurers are requiring proof that higher ed IT security frameworks are capable of preventing and containing major incidents. For many institutions, this scrutiny is revealing gaps that previously went unnoticed. Fix 1: Strengthen Identity and Access Controls Across Campus Systems Identity compromise remains the most common entry point for campus cyber-attacks. Stolen credentials allow attackers to move laterally across systems and escalate privileges quickly. Cyber insurance providers now expect strong identity security practices as a baseline requirement. Institutions should prioritize: Multi factor authentication across faculty, staff, and administrative systems Privileged access management for sensitive infrastructure Centralized identity monitoring for suspicious login behavior Automated deprovisioning of inactive or former user accounts These measures reduce the likelihood that a single compromised credential will expose large portions of the institutional network. Higher education environments often include thousands of users and decentralized access policies. Strengthening identity governance helps demonstrate that the institution actively manages risk rather than reacting after compromise. Fix 2: Operationalize Incident Response Planning for Colleges Insurance underwriters increasingly require institutions to demonstrate that incident response plans are not simply documented but actively tested. A mature incident response planning framework for colleges should include: Defined executive leadership roles during cyber incidents Legal and regulatory reporting procedures Communication protocols for students, faculty, and media Data recovery workflows and restoration validation Tabletop exercises involving IT, legal, and executive leadership When institutions conduct regular response simulations, they reduce the uncertainty that often accompanies large-scale cyber incidents. Insurers view these exercises as indicators that the organization can contain damage quickly and resume operations efficiently. Cyber resilience in higher education depends not only on prevention but also on coordinated response. Fix 3: Implement Continuous Threat Monitoring and Detection One of the most significant concerns for cyber insurers is delayed detection of security incidents. Many breaches remain undetected for weeks or even months, allowing attackers to exfiltrate data and establish persistent access. Institutions that rely solely on perimeter security tools often struggle to detect sophisticated threats. Continuous threat monitoring strengthens visibility by providing: Real time analysis of suspicious network activity Detection of unusual login patterns and lateral movement Alerts triggered by ransomware behavior indicators Rapid escalation to security teams for investigation Managed cybersecurity services for universities have become an increasingly common solution for institutions lacking internal security operations capacity. Continuous monitoring environments provide around the clock threat detection that many campus IT teams cannot maintain independently. For insurers, this capability signals that threats will be identified quickly rather than discovered after significant damage occurs. Fix 4: Validate Backup Integrity and Recovery Readiness Backup systems play a critical role in ransomware recovery, yet many institutions fail to test whether those backups can actually restore operations. Cyber insurance carriers now expect evidence that backup environments are secure, isolated, and regularly validated. Key practices include: Immutable backups that cannot be altered by attackers Offline or segmented backup storage environments Regular restoration testing to confirm recovery timelines Documentation of recovery time objectives for critical systems Without validated backups, institutions may face prolonged outages after ransomware attacks. This scenario dramatically increases insurance claims and operational disruption. Demonstrating backup integrity reassures insurers that recovery is possible without extended downtime. Cyber Insurance Is Becoming a Cybersecurity Maturity Test For many colleges and universities, cyber insurance renewals are revealing an important truth. Insurers are no longer simply pricing risk. They are evaluating whether institutions are capable of managing it. Higher education cybersecurity programs that demonstrate strong identity controls, tested incident response planning, continuous threat monitoring, and resilient backup infrastructure are far more likely to secure favorable policy renewals. Institutions that cannot provide this evidence face rising premiums, restricted coverage, or denial of renewal altogether. Cyber insurance has effectively become an external validation of cybersecurity readiness. Preparing Your Institution Before the Next Renewal Cycle Cyber insurance renewals will continue to become more demanding as ransomware in universities and campus cyber-attacks evolve. Institutions that prepare early will navigate underwriting reviews with greater confidence. Strengthening higher ed IT security frameworks, implementing continuous monitoring, and improving incident response readiness not only reduce operational risk but also improve insurability. OculusIT helps colleges and universities strengthen higher education cybersecurity through comprehensive risk assessments, managed cybersecurity services for universities, incident response planning for colleges, and continuous threat monitoring designed specifically for campus environments. If your institution is approaching a cyber insurance renewal, strengthening your cybersecurity posture today can

The 2026 Risk Landscape: What Boards Are Demanding From CIOs in Higher Education Reading time: 4 minutes In 2026, higher education boards are no longer asking whether technology is important. They are asking whether institutional risk is under control. Digital infrastructure now underpins enrollment systems, financial operations, research continuity, student experience, and regulatory compliance. As cyber threats intensify, artificial intelligence expands across campus, and financial pressures mount, boards are sharpening their expectations of CIO leadership. The conversation has shifted from system performance to enterprise risk accountability. CIOs are being evaluated not just on uptime, but on resilience, governance maturity, and strategic foresight. Higher education IT leadership has entered a new phase. Institutions that recognize this shift are strengthening their position. Those that do not are being pressed for answers. Higher Education Cybersecurity Is Now a Governance Metric Campus cyber-attacks and ransomware incidents in universities continue to disrupt institutions across the United States. Extended outages, exposed student records, and research interruptions have elevated higher education cybersecurity from an IT concern to a governance metric. Boards are no longer satisfied with technical dashboards or threat summaries. They want risk translated into institutional impact. Trustees increasingly ask: What is our current cyber risk exposure How quickly can we recover from a major incident Are we investing enough to reduce operational disruption These questions reflect a broader shift. Cyber resilience in higher education is now viewed as an indicator of institutional stability. Boards expect CIOs to quantify potential downtime in terms of tuition revenue, research funding delays, regulatory exposure, and reputational harm. Incident response planning for colleges must be tested, funded, and aligned with enterprise priorities rather than maintained as documentation alone. AI Governance Has Become a Board Conversation Artificial intelligence is now embedded across admissions analytics, student success platforms, research environments, and administrative workflows. Innovation is accelerating, but governance frameworks often lag behind implementation. Boards are asking pointed questions about data usage, bias mitigation, accountability ownership, and vendor compliance. They want clarity on how student information is processed within AI systems and how institutional oversight is structured. AI risk management is becoming inseparable from higher ed IT security. Institutions must demonstrate formal governance models that include policy development, cross-functional oversight committees, documented risk assessments, and defined escalation protocols. CIOs are increasingly expected to present AI strategy alongside AI controls. Innovation without governance is no longer defensible at the board level. Enterprise Risk Integration Is No Longer Optional Technology risk can no longer operate in isolation from enterprise risk management. Boards increasingly expect CIOs to align digital strategy with institutional resilience planning. This integration extends across financial forecasting, enrollment management systems, disaster recovery planning, research infrastructure protection, and regulatory compliance monitoring. Digital exposure affects every operational domain, and governance models must reflect that reality. Higher education institutions that continue to treat IT as an operational silo are encountering friction at the board level. Trustees want to see cross-functional coordination that demonstrates how digital risk intersects with institutional sustainability. Proactive visibility into vulnerabilities and mitigation strategies has become an expectation. Waiting until after an incident to surface exposure erodes confidence quickly. Vendor Risk Oversight Is Under Scrutiny Colleges and universities rely heavily on third-party technology providers, from cloud services to learning management systems and research platforms. As supply chain vulnerabilities become more visible, boards are sharpening their oversight of vendor risk. CIOs are expected to demonstrate structured vendor governance that includes formal risk assessments, clearly defined security and compliance clauses in contracts, continuous monitoring of third-party access, and contingency planning in case a major provider experiences disruption. Boards are less comfortable relying solely on vendor assurances. Independent validation and documented oversight processes are becoming standard expectations. Managed cybersecurity services for universities are often evaluated through this lens, particularly when institutions seek external expertise to strengthen monitoring and accountability. Vendor accountability is now a governance requirement, not simply a procurement checkpoint. Financial Pressure Is Reshaping IT Expectations Enrollment volatility and demographic shifts continue to pressure institutional budgets. In this environment, boards scrutinize every major technology investment. CIOs must articulate how higher education IT strategy directly supports institutional outcomes. This includes demonstrating how digital initiatives: Support enrollment growth and recruitment efforts Improve student retention through analytics and engagement tools Reduce operational inefficiencies across departments Strengthen higher education cybersecurity posture Enable scalable digital learning models Technology budgets are increasingly evaluated through the lens of measurable value rather than infrastructure expansion. CIO credibility depends on the ability to translate IT strategy into financial and mission impact. Cost optimization does not mean underinvestment in security. It means disciplined allocation aligned with risk reduction and long-term sustainability. Incident Response Readiness Is Being Tested Boards have witnessed enough public cyber incidents to understand that prevention alone is insufficient. They are seeking confidence in recovery capability and crisis leadership. Incident response planning for colleges must now move beyond documentation and include executive-level tabletop simulations, clearly defined recovery time objectives, validated backup restoration processes, and structured communication escalation protocols. Cyber resilience in higher education is measured not only by how quickly operations resume, but by how transparently leadership communicates during disruption. Institutions that cannot demonstrate tested response frameworks face increased board intervention and heightened scrutiny. Resilience is no longer theoretical. It is observable through preparation. The CIO Profile Boards Value in 2026 The CIO role has expanded beyond infrastructure oversight into enterprise risk leadership. Boards are prioritizing leaders who can quantify cyber and technology risk in financial terms, communicate clearly with non-technical trustees, align IT strategy with institutional priorities, oversee AI governance and compliance, and strengthen higher ed IT security posture through proactive planning. Technical depth remains essential. Strategic translation has become critical. Higher education cybersecurity, AI governance, vendor oversight, financial sustainability, and incident readiness now converge into a single expectation: institutional stability in an unpredictable risk landscape. Responding to Board Expectations With Confidence The 2026 risk landscape demands clarity, structure, and measurable resilience. CIOs who prepare early, integrate governance into digital strategy, and modernize cybersecurity frameworks will meet board expectations with confidence

The “Inevitable” Campus Cyber Incident: What Higher Education Leaders Must Do Before a Cyber Attack Hits Reading time: 5 minutes Higher education cybersecurity is no longer a defensive function operating quietly behind the scenes. It has become one of the most significant institutional risk variables facing U.S. colleges and universities. Ransomware attacks against higher education institutions have surged in frequency and operational impact in recent years, with institutions experiencing prolonged system outages, data exposure, and weeks of academic disruption. For many campuses, recovery timelines now extend far beyond initial containment. Presidents, CIOs, and governing boards are confronting a difficult reality: a campus cyber-attack is not a remote possibility. It is an operational certainty over a multi-year horizon. The institutions that recover with stability are not the ones that avoided attack. They are the ones that designed for disruption long before systems were compromised. The future of higher ed IT security depends not on the illusion of prevention, but on measurable resilience, executive governance alignment, and disciplined incident response readiness. Why Higher Education Cybersecurity Risk Is Structurally Higher Colleges and universities operate within an open, decentralized model that encourages collaboration and academic freedom. While this mission-driven openness is foundational to higher education, it also creates structural cybersecurity exposure. Key factors that elevate risk across higher education institutions include: Decentralized IT environments across departments and research centers Legacy infrastructure integrated with modern cloud and SaaS systems Large user populations with varying levels of security awareness High-value research data and federally funded grants Budget constraints that limit internal cybersecurity staffing These conditions create a complex threat surface that is significantly different from corporate enterprises. Higher education institutions must secure hybrid campuses, remote learning environments, research labs, and administrative systems simultaneously. The financial impact of a campus cyber-attack often extends far beyond ransom payments. Institutions face operational downtime, enrollment disruption, legal exposure, compliance penalties, reputational damage, and long-term recovery costs. In many cases, system outages affect learning management platforms, payroll, admissions processing, and student services for weeks. Higher education cybersecurity is therefore not simply about preventing breaches. It is about safeguarding institutional continuity. Elevating Cyber Risk to the Board and Executive Agenda Effective cyber resilience in higher education begins with leadership ownership. Institutions that treat cybersecurity as a strategic risk discipline rather than an IT function demonstrate stronger recovery outcomes. Board-level engagement should include regular review of: Institutional cyber risk posture Third-party vendor security exposure Incident response planning readiness Cyber insurance adequacy Alignment between cybersecurity investments and strategic priorities When cyber risk reporting becomes part of executive governance, funding decisions shift from reactive spending to proactive risk mitigation. This alignment is essential for building long-term cyber resilience in higher education. Strengthening Incident Response Planning for Colleges and Universities Many institutions maintain documented incident response plans. Far fewer have tested those plans under executive pressure during a simulated ransomware crisis. Consider a scenario that unfolds at 6:30 a.m. on a Monday morning. Learning management systems are inaccessible. Payroll systems are encrypted. Admissions data cannot be retrieved. Social media speculation begins before official communication is drafted. In these moments, institutional resilience is not determined by technical controls alone. It is determined by leadership clarity, escalation discipline, and communication speed. Incident response planning for colleges must extend beyond technical containment. It should integrate executive coordination, regulatory guidance, legal oversight, and structured stakeholder messaging. A mature incident response framework includes: Clearly defined leadership roles during a campus cyber attack Crisis communication protocols for students, faculty, and media Legal and regulatory coordination processes Data backup validation and restoration testing Tabletop exercises simulating ransomware in universities Institutions that conduct executive-level simulations reduce decision paralysis when real-world incidents occur. Preparation ensures that escalation pathways and public messaging strategies are rehearsed before institutional credibility is tested. Resilience is built through rehearsal, not documentation. Building Cyber Resilience in Higher Education IT Environments Modern higher ed IT security must operate under an assume-breach model. Rather than focusing solely on prevention, institutions should prioritize containment, detection, and recovery speed. Strategic cybersecurity controls that strengthen resilience include: Zero trust architecture implementation Multi-factor authentication across all critical systems 24/7 threat monitoring and security operations oversight Network segmentation to limit lateral movement Immutable, isolated backup environments These measures reduce the operational impact of a campus cyber-attack and protect essential institutional functions such as online learning, financial aid processing, housing systems, and research continuity. Cyber resilience in higher education ensures that even during disruption, institutional mission delivery remains intact. Aligning Cybersecurity Investment With Institutional Outcomes Higher education leaders must reframe cybersecurity spending as revenue protection and mission assurance rather than discretionary IT expense. A strategic cybersecurity program protects: Tuition revenue and enrollment stability Donor confidence and alumni trust Federal research funding and grant compliance Accreditation and regulatory standing Institutional reputation in competitive markets Managed cybersecurity services for universities have become increasingly relevant as institutions struggle to recruit and retain experienced security professionals. External partnerships can provide continuous monitoring, advanced threat detection, and rapid incident response capabilities that internal teams may not be able to scale independently. In a labor market where cybersecurity talent is scarce, strategic augmentation supports both operational security and budget predictability. The Institutional Cost of Delayed Cybersecurity Action Delaying investment in higher education cybersecurity creates compounded risk. A severe campus cyber-attack can lead to: Prolonged system outages affecting academic delivery Exposure of student and employee personal data Delays in admissions and financial aid disbursement Research data loss and grant violations Negative national media coverage Prospective students and families increasingly evaluate institutional stability when making enrollment decisions. Cyber incidents influence public perception, especially when recovery appears disorganized or opaque. Higher education leaders must recognize that cyber resilience is now a competitive differentiator. Preparing Your Institution Before the Next Campus Cyber Incident The inevitability of cyber threats in higher education does not mean institutions are powerless. It means preparation must be intentional, structured, and institution wide. Proactive colleges and universities are: Conducting cybersecurity maturity assessments aligned with institutional risk tolerance Modernizing higher ed IT security architecture to

Why Higher Education Institutions Are Moving Ellucian Banner from On Premises to the Cloud Higher education institutions are under mounting pressure to modernize operations, enhance digital experiences, strengthen cybersecurity posture, and control technology costs while managing lean IT teams. Enterprise systems that once operated reliably in campus data centers are now creating operational strain. Across industries, ERP platforms are rapidly shifting away from on premises deployments, and higher education is following the same trajectory. More than 60% of higher education institutions now operate at least one core administrative system in the cloud. Globally, over half of ERP deployments are cloud hosted. The direction is clear. Migrating Ellucian Banner® from on premises infrastructure to cloud hosting or SaaS is no longer simply a technical infrastructure upgrade. It represents a strategic transformation that reduces institutional risk, improves resilience, and enables IT teams to focus on student success and institutional growth. The Growing Strain of On Premises Banner Environments On premises, Banner environments increasingly stretch institutional resources. Aging hardware requires frequent refresh cycles. Security risks continue to escalate as cyber threats targeting higher education grow in sophistication. Scalability becomes a challenge during peak academic cycles such as registration, admissions, and financial aid processing. Compliance requirements continue to expand. Institutions often dedicate significant time and budget to infrastructure patching, monitoring, backups, and disaster recovery planning. These operational burdens divert attention away from innovation, digital transformation, and service improvement. The result is an environment where IT teams are focused on maintenance rather than modernization. Cloud ERP Adoption Is Accelerating Across Higher Education The shift toward cloud ERP is not theoretical. It is happening at scale. The global cloud ERP market is projected to more than double by 2032. Within higher education, CIO surveys consistently rank cloud adoption and managed services among the top strategic priorities. Cybersecurity threats, staffing shortages, and the need for operational resilience are driving this urgency. Institutions are recognizing that maintaining local data centers for mission critical systems introduces financial and operational constraints that cloud environments are designed to solve. Key Benefits of Moving Banner to the Cloud Cost Efficiency and Financial Impact Cloud hosting eliminates capital expenses associated with servers, storage infrastructure, and recurring data center refresh cycles. Instead of unpredictable capital investments, institutions shift to predictable operating expenses that improve long-term budget planning. Operating costs are reduced across power consumption, cooling, backup infrastructure, and disaster recovery environments. Institutions also lower their dependency on specialized infrastructure support resources. Independent studies show initial infrastructure cost reductions between 40 and 50%, with ongoing operating savings ranging from 15 to 30% compared to traditional on premises ERP environments. For institutions facing budget constraints, these savings are not marginal. They are transformational. Enhanced Security and Compliance Higher education continues to be a prime target for cyberattacks. On premises environments often rely on limited internal security capacity. Cloud hosted Banner environments provide 24×7 monitoring, automated patching, and advanced threat detection capabilities. Security frameworks align closely with FERPA, SOC standards, and broader industry compliance requirements. By strengthening security posture, institutions reduce both exposure and the potential financial impact of cyber incidents. Scalability and Performance During Peak Cycles Academic institutions experience predictable usage spikes during registration, admissions, and financial aid processing. On premises infrastructure is often sized for peak usage, leading to overinvestment in hardware that remains underutilized for most of the year. Cloud infrastructure allows on demand scaling during high traffic periods while optimizing costs during standard operations. Institutions gain performance flexibility without unnecessary capital commitments. A Modern and Resilient Platform Enterprise grade cloud environments deliver higher availability and reliability than many campus data centers can achieve independently. Built in redundancy and disaster recovery capabilities significantly reduce institutional technology risk. Resilience is no longer optional. It is foundational to continuity of operations and institutional reputation. Refocusing IT on Strategic Value Perhaps the most overlooked benefit of cloud migration is the opportunity cost reclaimed. When IT teams are no longer consumed with infrastructure management, patching, and disaster recovery testing, they can redirect capacity toward analytics, student experience improvements, digital transformation initiatives, and innovation aligned with institutional priorities. The return on technology investment becomes aligned with student outcomes rather than infrastructure upkeep. SaaS as a Future Pathway While cloud hosted Banner provides immediate modernization benefits, institutions may also evaluate SaaS ERP models as a longer-term strategy. Many institutions view cloud hosting as a strategic intermediate step. It modernizes infrastructure today while preserving flexibility for a future SaaS transition. However, moving Banner directly to SaaS requires significant planning. Institutions must often undergo a process of de customizing their environments before transition. Careful assessment and roadmap planning are essential to ensure alignment with institutional goals. How OculusIT Supports Banner Cloud Transformation OculusIT has supported multiple higher education institutions including Rockhurst University, Essex Community College, City College of San Francisco, and New England Institute of Technology in their cloud journeys. Through structured cloud readiness assessments, Banner migrations, secure hosting environments, continuous monitoring, disaster recovery design, and ongoing optimization, OculusIT helps institutions reduce risk while accelerating value realization. For Banner institutions considering SaaS, OculusIT also provides assessment frameworks to evaluate next generation ERP platforms and determine the optimal pathway, whether migrating to SaaS or adopting a new ERP system. Conclusion: The Question Is When, Not If  Maintaining Ellucian Banner on premises increasingly diverts financial and human resources away from institutional priorities. Cloud hosting offers a proven, secure, and financially sustainable model aligned with the future direction of higher education ERP platforms. Institutions that act proactively position themselves to better serve students, faculty, and stakeholders in a rapidly evolving digital environment. The move to cloud hosting is not a question of if, but when. Want to explore what a Banner® cloud migration could look like for your institution? Connect with our team at engagements@OculusIT.com to begin the conversation.

Leading When It Matters Most: The Full Circle Journey of Tuan Dinh at Menlo College OculusIT, in partnership with Menlo College, shares the journey of Tuan Dinh, whose path from student and early campus contributor to Director of Information Technology reflects leadership shaped by service, growth, and long-term commitment to the institution. As Menlo College’s trusted technology managed services partner, OculusIT works closely with Menlo’s leadership and campus community to support and strengthen the institution’s technology operations. Together, the focus remains on ensuring that students, faculty, and staff are supported by secure, reliable, and mission-driven technology systems that advance learning and innovation. Just days before the spring semester was set to begin, severe flooding caused major damage to Brawner Hall, one of Menlo’s primary academic buildings. With the former Chief Information Officer on a planned vacation, the responsibility of leading Menlo’s Office of Information Technology fell to Tuan Dinh. There was no room for delay. Classes had to begin on schedule. Tuan stepped forward without hesitation. “In moments of disruption, technology becomes more than systems and equipment — it becomes the foundation that keeps learning moving forward,” said Tuan Dinh. “I felt a deep responsibility to our students and faculty to ensure that campus was ready, no matter the challenge.” For Tuan, moments like these define leadership more clearly than any title ever could. But the path that prepared him for that responsibility began years earlier, rooted not in authority or ambition, but in curiosity, dedication, and a deep commitment to serving others. A Journey Built on Curiosity and Service Tuan’s professional foundation began with a degree in Computer Science from California State University, Northridge, followed by early career experiences in demanding environments where accountability and reliability were essential. However, the most defining chapter of Tuan’s growth began in June 2019, when he first joined the Menlo College community in a service-oriented role. Working closely with students, faculty, and staff revealed something deeply transformative: technology was never merely infrastructure; it was a vital force behind learning, momentum, and human connection across campus. Leadership Through Responsibility In August 2021, Tuan returned to Menlo as Help Desk Manager and Systems Administrator, leading a small IT team while mentoring student workers. His leadership style was quiet but powerful — rooted in preparation, trust, and accountability when things do not go as planned. Recognizing his ambition and dedication, Vice President for Academic Affairs and Chief Academic Officer Professor Mouwafac Sidaoui became one of Tuan’s strongest supporters. “From the beginning, I found Tuan to be a people-centered professional — ambitious, curious, and always eager to learn and serve others,” said Professor Sidaoui. “His integrity and commitment to the Menlo community stood out immediately.” In support of Tuan’s continued growth, Professor Sidaoui awarded him a full-ride scholarship to join Menlo’s inaugural Master of Science in Information Systems (MSIS) cohort in early 2024. Balancing graduate study with full-time leadership further sharpened Tuan’s strategic thinking and reinforced his ability to align technology decisions with institutional priorities. Leading When It Mattered Most That preparation became critical during the Brawner Hall flooding crisis. With only days remaining before the semester was set to begin, Tuan coordinated the IT team and student workers to establish temporary classrooms across alternate campus locations over a single weekend. Once repairs were completed, the work continued at full pace: fifteen classrooms were reinstalled and fully tested, two computer labs were rebuilt, and approximately sixty-five flood-damaged PCs were removed and replaced with new systems. Remarkably, the entire restoration effort was completed within just two days, allowing teaching and learning to resume without disruption by the third week of the semester. This moment also reflected the strength of the Menlo–OculusIT partnership: a shared commitment to continuity, responsiveness, and student success, even under the most urgent conditions. “Tuan represents exactly what higher education IT leadership should look like — calm under pressure, deeply service-oriented, and relentlessly focused on student success,” said an OculusIT executive leader. “We are proud to partner with Menlo College and to support professionals like Tuan who embody the mission of technology with purpose.” The experience reinforced a belief Tuan had been building throughout his career — that leadership in IT is not defined by titles, but by responsibility when the stakes are highest. A Full Circle Moment Today, Tuan Dinh serves as Director of Information Technology at Menlo College, bringing together deep technical expertise, academic perspective, and a mission-driven leadership style that places people at the heart of every innovation. From his early days as a student to now guiding the systems that sustain teaching, learning, and campus life, Tuan’s journey has truly come full circle — and it continues to inspire those around him. For students and emerging professionals seeking a path into technology leadership, Tuan’s story offers a lasting lesson: technical ability may open doors, but true growth comes from stepping forward with humility, serving others with purpose, and leading with clarity when conditions are uncertain. At its core, Tuan’s philosophy remains clear: IT leadership is proven not when systems are stable, but when people are counting on you — and there is no room for delay. Tuan’s journey reflects what steady growth, curiosity, and accountability can become over time. From stepping forward during moments of uncertainty to continuing his education while leading full time, his path is a reminder that leadership in higher education IT is built gradually through service and commitment. At OculusIT, we value the opportunity to work alongside professionals like Tuan, whose example reinforces that technology leadership is ultimately about people, responsibility, and showing up when it matters most.

The Hidden ERP Cost Drivers Every Higher Ed Leader Should Flag Before Budget Season Reading time: 4 Minutes Enterprise resource planning systems sit at the center of nearly every higher education institution. They support finance, human resources, student administration, and reporting functions that leadership depends on daily. Because of that central role, ERP costs are often assumed to be well understood, planned, and relatively stable. In reality, many institutions enter budget season underestimating how ERP related costs evolve over time. The result is often surprise. Expenses appear higher than expected, boards ask sharper questions, and leaders find themselves explaining increases that do not clearly align with new initiatives or visible progress. These challenges rarely stem from poor planning. More often, they reflect cost drivers that operate quietly beneath the surface, accumulating over time and escaping traditional budget scrutiny. Understanding these hidden drivers before budget discussions begin can make the difference between reactive explanations and confident, aligned conversations. Why ERP Costs Feel Predictable Until They Are Not ERP systems are often treated as foundational infrastructure. Once implemented, they fade into the background, viewed as necessary but largely static. Annual costs may appear familiar, giving leaders a sense of predictability. What is easy to miss is that ERP systems rarely remain static. As institutions adapt to new regulations, enrollment patterns, reporting requirements, and operational expectations, ERP environments expand and evolve. Each adjustment may feel incremental, but together they reshape the cost profile. When these changes are not examined holistically, leaders are left explaining growth without a clear narrative. Customization and Configuration Creep One of the most common hidden ERP cost drivers is customization. Institutions often tailor ERP systems to reflect unique workflows, reporting structures, or historical processes. While customization can improve usability in the short term, it introduces long term complexity. Over time, customized environments require: Additional testing during updates Specialized support knowledge More time to troubleshoot issues Increased effort to maintain compatibility What begins as a practical adjustment can become an ongoing cost driver that limits flexibility and increases dependence on specialized expertise. Before budget season, leaders benefit from understanding how much of their ERP environment relies on customization and what that means for long term cost and sustainability. Integration Dependencies That Multiply Quietly ERP systems rarely operate alone. They connect to learning platforms, analytics tools, identity systems, finance applications, and external reporting solutions. Each integration introduces value, but also adds cost. Hidden expenses often emerge from: Ongoing maintenance of integration points Monitoring and troubleshooting data flow Adjustments when one system changes Increased reliance on middleware or custom scripts Individually, these costs appear manageable. Collectively, they can account for a significant portion of ERP related spending. Leaders preparing for budget season should look beyond licensing and ask how many systems depend on ERP data and what it takes to keep those connections reliable. Reporting and Compliance Expectations Reporting requirements in higher education continue to grow. Regulatory oversight, accreditation demands, and internal governance expectations all rely on accurate, timely data. ERP systems often become the source of truth for this reporting, but meeting these expectations is not cost neutral. Hidden drivers include: Manual work required to reconcile data Custom reports built to meet specific requirements Additional controls to ensure data accuracy Ongoing validation and audit support These efforts often live outside formal ERP line items, making them harder to track and easier to overlook during budget planning. Flagging these drivers early helps leadership connect ERP costs to governance and compliance responsibilities rather than viewing them as unexplained overhead. Support Models That Depend on Institutional Knowledge Many ERP environments rely heavily on institutional knowledge. Long tenured staff understand how systems were configured, why certain decisions were made, and where workarounds exist. While this knowledge is valuable, it creates risk and hidden cost. When support depends on a small number of individuals, institutions face: Increased vulnerability during turnover Higher effort to onboard new staff Delays in resolving issues Reduced ability to standardize processes These dynamics often lead to additional spending on external support or emergency resources when knowledge gaps surface. Before budget season, leaders should assess whether ERP support models are sustainable or overly reliant on individual expertise. Upgrade and Change Management Effort ERP upgrades are often framed as technical events, but their cost extends far beyond system updates. Change management introduces hidden expenses related to: Training staff on new functionality Updating documentation and processes Supporting users through transition periods Managing temporary productivity impacts When these efforts are underestimated, ERP costs appear to spike even when upgrades are planned. Leaders who account for these factors upfront are better positioned to explain why ERP investments extend beyond software maintenance. Reframing ERP Costs Before Budget Conversations ERP spending becomes difficult to defend when it is discussed only in terms of licenses or maintenance fees. The real cost lies in how deeply ERP systems are embedded in institutional operations. Leaders who approach budget season with clarity focus on: How ERP supports governance and compliance Where complexity is increasing cost over time Which dependencies are intentional versus inherited Whether current support models are sustainable This reframing shifts the conversation from cost justification to stewardship and risk awareness. What Stronger ERP Awareness Enables When hidden cost drivers are surfaced early, leaders gain control over the narrative. ERP budgets become easier to explain, easier to forecast, and easier to align with institutional priorities. Boards are more receptive when they understand not just what is being spent, but why those costs exist and what risks they mitigate. Most importantly, leaders move from reacting to budget scrutiny to guiding informed discussions. Preparing With Intention Budget season rewards clarity. Institutions that flag hidden ERP cost drivers before conversations begin are better equipped to make thoughtful decisions, prioritize investments, and maintain trust with governance bodies. ERP systems will continue to play a central role in higher education operations. Understanding what truly drives their cost is not a technical exercise. It is a leadership responsibility. OculusIT works alongside higher education leaders to help bring