The sourcing of IT systems and services takes many shapes in higher education. Campus central IT organizations are increasingly responsible for the administration of enterprise systems and for the consolidation of operations into a single data center. Specialized academic and administrative systems may be run by local IT departments. In addition, the trend toward alternative IT sourcing strategies has turned attention to "above-campus services," which include services shared among institutions, hosted systems administered by third parties, and cloud computing service arrangements in which the systems and data are distributed among an interconnected infrastructure known as the cloud. Whatever sourcing strategy an organization pursues and wherever the data resides, a set of common challenges and opportunities remains. In this interview, Rodney Petersen explores these issues with three higher education privacy, security, and risk professionals--Michael A. Corn (Chief Privacy and Security Officer for the University of Illinois at Urbana-Champaign), Cathy Hubbs (American University's first Chief Security Officer), and Brian T. Nichols (Executive Director for Administrative Services and Risk Management at Louisiana State University). The three professionals discuss the common challenges and opportunities inherent in alternative IT sourcing.