Cloud Computing for Nonprofits: the Risks How to Overcome Them

A recent NTEN survey of 780 nonprofits revealed that 91% of respondents are using some sort of hosted software. In fact, almost 80% are using multiple cloud-based solutions. However, according to NTEN’s report, “the feature-set, ease of use and cost over time” were more important to them than whether or not a solution was cloud-based.

These advantages are precisely why the Cloud is generating a lot of excitement in the nonprofit world these days. Remote access, reduced operating expenses, and less maintenance enable nonprofits to cut costs, operate more efficiently and devote more time and money to their core mission. Some organizations have moved their entire IT infrastructure to the Cloud with dramatic results.

No doubt as word about the benefits of cloud computing for nonprofits continues to filter out, more and more organizations will make the leap. But, newcomers need to be aware of the potential hazards.

There are several reasons why you should approach the Cloud with caution:

  • Security – Security is a top concern of Cloud users – and rightly so. Here’s why:
    • Reliability of access – Network availability is an issue; outages do happen whether it’s the vendor’s fault or Mother Nature’s. Moreover, organizations based in areas where Internet access is slow or unreliable should keep critical applications in-house.
    • Device security – Employees lose mobile devices and fail to use strong passwords; therefore, regularly updating malware and antivirus definitions, and installing patches and updates in a timely manner is critical.
    • Data integrity – Potential problems that affect the integrity of an organization’s data include corruption, misplacement, accidental deletion, physical accidents, malicious acts, hardware failures and a lack of proper user access policies. The importance of backing up your data can’t be overstated. Not only should the vendor perform regular back-ups, you should back up your data regularly as well. That way, if something happens to your data while it’s on the vendor’s network, you have another copy somewhere else.
    • Privacy & confidentiality of data – Data is vulnerable while traveling across the Internet and once in the hands of the cloud service provider, it has to be kept separate from other organizations’ data. Reliable methods for proving the identity of users (called “authentication”) is also extremely important. It’s up to you to make sure that your cloud service provider has adequate safeguards in place to protect critical applications and sensitive data in case of hardware failures, natural disasters, cyber crime or data breaches.

Security concerns, specifically someone gaining unauthorized access to sensitive data and reliability of access, were top concerns of the participants in NTEN’s survey. However, as the report points out, your data’s at no greater risk in the Cloud than it is when it’s stored on a local machine connected to the Internet, as long as the vendor has the proper security measures in place.

There are three keys to keeping your data secure in the Cloud:

  • Verify the vendor’s security policies and procedures – Confirm that they use the latest security technology and also that they conduct background checks on their employees and enforce their own internal security policies.
  • Negotiate a solid Service Level Agreement (SLA) – SLAs should spell out who is responsible for what (like regulatory compliance or backing up data, for example) and guarantee network uptime and support response times. They should also state what steps the company will take if your data is compromised while it’s on their network.
  • Validate security measures – If possible, work the ability to conduct security audits or make site visits into the contract.

Compliance – Even though the cloud computing vendor is managing your applications and data, you’re still responsible for making sure both you and they are compliant with any regulations governing your industry’s handling of data, including privacy and data retention, notification of breaches, etc. If your institution must be HIPAA- or PCI-compliant, then your vendor must be, too. Verify that they are certified to handle such data.
Hidden costs – One of the main reasons nonprofits turn to cloud computing is to save money. However, many find there are hidden costs they didn’t account for during the planning process. Sometimes, cloud service providers charge initial set-up fees or for transferring data to their servers. They might also charge recurring fees for data transfers or storage. In most cases, these fees won’t be enough to keep you from using a cloud service, but you still have to account for the extra cost in your budget so there are no surprises when you get the bill.

In spite of these risks, it is possible to migrate to the Cloud successfully. Many institutions turned to cloud computing as a way to survive when the economy tanked and giving plummeted. Here are a few nonprofits whose moves to the Cloud were hugely successful:

  • Metanexus Institute – In a February 2011 article on The Chronicle of Philanthropy’s website, William Grassie, founding executive director of the nonprofit that works to “promote interaction between religion and science,” detailed the organization’s a-la-carte approach to adopting cloud technology. The institute started using eight different cloud-based services for everything from email to payment processing and cut an astounding $176,000 from its annual budget.
  • Seattle Works – One of three winners in 2011 of the Tech for Good contest sponsored by Microsoft and TechSoup, the nonprofit down-sized its physical office space and added virtual office space with Microsoft’s Business Productivity Online Suite (BPOS). The organization, which connects young adults with volunteer opportunities in the community, reduced its operating expenses by $20,000 – at the same time it expanded its number of volunteers, volunteer hours, and programs.
  • 350.org – This group’s achievement is not centered on how much it saved by moving to the Cloud, but rather the exciting part is how cloud computing enables them to live their mission – solving the global climate crisis by reducing CO2 emissions. Thousands of volunteers and 40 employees based in more than 188 countries around the world work on laptops with an Internet connection from wherever they are – they only have 3 physical offices. According to a recent profile of the organization on The TechSoup Blog, their “IT budget mainly pays for monthly cloud service fees and Internet service provider charges.” A “web team” of four oversees its website and cloud services – which it uses for pretty much everything including: online advocacy, fundraising, managing their supporter database, email blasts and donations (ActionKit); video chat (Skype), office productivity (Google Apps), file sharing (Box.net), internal communications and collaboration (Yammer); and social media engagement (Twitter).

Cloud computing can be a boon for nonprofits when it’s brought online just as any other IT system would be – with careful thought and planning. As the Metanexus Institute, Seattle Works, and 350.org have demonstrated, all it takes to benefit from cloud computing is a willingness to think outside the box.

Megan Berry
Senior Editor
ITManagerDaily.com
As a senior editor of ITManagerDaily.com, Megan provides in-depth coverage of topics such as virtualization, cloud computing, and green IT, among others. She has over 13 years of technology experience doing help desk, business systems support, technical writing, and web site development.