When Dr. James Quilty began developing engineering project management courses at Victoria University of Wellington’s School of Engineering and Computer Science, he didn’t find an organized system for delivering course content. Instead, he was faced with chaos.

The problem was that back in 2015 learning materials were scattered across a dozen different tools, like the Blackboard platform, customized Wiki pages, personal websites, and shared Google Docs. On top of that, students were left to choose their own tools for coursework. All of this led to a constant state of confusion. As if that weren’t enough, few of these disparate systems provided proper version history or reliable issue tracking.

This all-too-familiar lack of standardization was creating massive headaches for both lecturers and students.

"Information was fragmented across multiple files, multiple formats — sitting often on file systems, not necessarily under good version control," says Quilty, who is now program director for engineering at the New Zealand university.

After consolidating on GitLab Self-Managed Ultimate in 2017, Victoria University saw 483% growth in student users by 2021. They also added 35 GitLab-enabled courses and now host more than 8,000 projects. The university also deployed GitLab as a unified DevSecOps platform for academic coursework, replacing what had become a fragmented and complicated toolchain. More importantly, they’ve redirected faculty time from administration to actual education.

This pattern isn’t unique. Across higher education, IT teams struggle with the same tool sprawl — multiple tools and incompatible systems that lead to hours lost to context switching and administering disparate and costly tools. Simplifying how teams build and deliver software is the answer to this widespread problem.

The teams making real progress are reducing complexity instead of creating it.

Facing the complexity problem

Higher education IT teams are faced with managing aging infrastructure, legacy systems, and resource constraints that force difficult tradeoffs with every technology decision they have to make.

Development workflows exist in silos since many departments use different version control systems, CI/CD tools, and security scanners. That means teams struggle to collaborate on cross-functional projects because they’re working with incompatible toolchains and a lack of shared visibility.

Legacy technology compounds these problems. Many institutions run development environments that are outdated and incompatible with modern DevSecOps practices. But replacing them isn’t realistic when budgets are tight and IT staff are already stretched thin.

To take on these problems, institutions need to modernize, but because of administrative processes, budget constraints, and the reality of managing critical systems, they have to do it in phases, not overnight. For instance, some workloads may move to the cloud while others remain on-premises. A research department, for instance, might shift large datasets off-site while central IT functions stay in-house.

Organizations need the flexibility to be able to do that, and that’s what they get with GitLab Ultimate, the enterprise-ready DevSecOps platform that delivers the same capabilities whether you deploy on GitLab.com or self-host on your own infrastructure: on-premises servers, data centers, or cloud providers, including AWS, GCP, Azure, or even multi-cloud. Self-hosted deployments include all features, including air-gapped support for sensitive environments.

This means, with GitLab Ultimate, institutions can modernize on their own timeline without abandoning governance requirements or forcing wholesale infrastructure changes.

Moving from manual compliance to automated enforcement

IT teams also have to work with regulatory mandates and that adds another layer of complexity. Student privacy requirements, research grant stipulations, and institutional security policies all demand audit trails and governance controls. For institutions supporting U.S. Department of Defense research or contractors, CMMC 2.0 compliance requirements add stringent cybersecurity controls based on NIST SP 800-171. Meeting these obligations while modernizing traditionally meant manually documenting everything — a process that didn’t scale easily.

In conversations with team members from educational institutions at events like EDUCAUSE we’ve learned it’s all too common for dedicated compliance staff to spend the majority of their time gathering evidence for audits, instead of actually improving security. Not building better software. Just proving that policies were followed. This administrative burden extends to development teams, as well. According to Forrester Consulting’s study The Total Economic Impact™ of GitLab Ultimate, which was commissioned by GitLab, software development team members save 90% of the time previously spent on annual auditing and compliance efforts after adopting GitLab’s end-to-end platform.

GitLab saves all of that time and effort by enabling automation through custom compliance frameworks that map multiple, overlapping controls from different standards and regulations into a single, unified structure. They then cascade automatically from the instance level to all subgroups and projects, ensuring consistent enforcement without manual configuration.

Pipeline execution policies enforce compliance directly in CI/CD pipelines where development work happens. Rather than operating disparate governance, risk, and compliance tools, compliance validation occurs automatically as code moves through the pipeline. To make all of this easier, GitLab’s Compliance Center provides oversight through dashboards that show where projects fail to meet framework requirements — whether due to failed security scans or other control gaps.

Complete audit trails also capture every code change with timestamps and attribution. And policy-as-code enforces security rules that can’t be bypassed. When an auditor asks who changed what code and when, you have the answer instantly — without weeks spent manually gathering evidence. Every pipeline execution automatically generates compliance documentation, enabling teams to instantly prove adherence to requirements and quickly identify any control gaps.

AI: Governance over guesswork

This visibility across the entire security posture matters now more than ever. Artificial intelligence (AI) is changing how software gets built with many teams testing AI code generation tools to enable them to move faster. But higher education institutions are uniquely positioned to lead on a critical question: How do you adopt AI responsibly?

Cornell University and Cal State Fullerton already are developing ethical frameworks for AI use, asking essential questions about transparency, explainability, and bias. The University of California San Diego is adapting its existing data governance framework — originally built for analytics platforms — to secure its on-premises AI assistants, ensuring the same access controls and approval workflows that protect institutional data now extend to AI-driven tools. Educational institutions understand that AI adoption requires more than just enabling new tools — it requires proper oversight and protection.

The problem isn’t AI itself. It’s AI without guardrails integrated into development workflows. Most organizations haven’t considered what secure AI development looks like — what governance is needed for AI-generated code, how to maintain visibility into what gets committed to repositories, or how to ensure the same rigor applies whether code comes from a human or AI.

This is exactly where platform-level AI integration becomes essential. GitLab Duo Agent Platform goes beyond fragmented AI tools and coding assistants alone to provide an orchestration layer that integrates AI across the entire software development lifecycle.

AI agents handle planning, testing, security remediation, and deployment tasks, while working alongside developers rather than just generating code on command. When security scans identify vulnerabilities, for example, AI agents explain findings, assess risks, and prioritize issues to reduce noise and accelerate mean time to recovery (MTTR). This platform approach ensures AI accelerates development without compromising the security standards and governance controls institutions require.

The benefits extend beyond technical capabilities. Through GitLab’s AI Transparency Center, institutions get clear documentation of data privacy protections, AI ethics principles, and vendor selection processes. This means schools can adopt AI tools while maintaining the governance standards they’re developing institution-wide.

AI will change how we build software. The question is whether institutions can do it with the same responsible approach they’re bringing to AI adoption across campus.

See results in your education environment

The universities making real progress aren’t adding more tools to manage complexity. They’re consolidating onto platforms that prevent problems rather than just detecting them, creating visibility and automation across their development workflows.

Forrester’s The Total Economic Impact™ of GitLab Ultimate study found that a composite organization representative of interviewed customers reclaimed up to 305 hours per developer year through automated testing within a single interface, eliminating constant context switching between tools. New hires ramped to full productivity 75% faster — in 1.5 weeks instead of 1.5 months. Teams spend their time building rather than maintaining fragmented toolchains.

Your institution can achieve similar results. Learn more about how GitLab Ultimate can help your institution deliver secure software faster while meeting compliance requirements. Talk to our team about platform approaches for higher education IT.