insights Opptunities fundraising newsletter
July 2013

Keeping cool this summer?

happy spring
We hope so, because the third quarter's issue of Insights & Opportunities fundraising newsletter from SofTrek is hot!

 

 

 


 

Keeping constituent data safe in the cloud

A TechSoup study recently showed 90 percent of nonprofits use cloud computing in some way, shape or form.  A sticking point for many nonprofits, however, comes when they think about moving constituent data to the cloud.  NTEN’s recent “State of the Nonprofit Cloud Report” said as much:  “Many respondents said they were concerned about security for some hosted systems—especially constituent databases.”

From credit-card and social security numbers to healthcare and even simple name and address information, nonprofits frequently deal with truly sensitive data. Keeping your constituent data secure and private involves not only protection from outside (hackers, power outages, etc.) but also from inside (who in your organization is allowed to see what constituent information).   The concern about constituent and fundraising data is underpinned, in many cases, by regulations and standards—like HIPAA, PCI DSS, ISO 27001,
EFTA—specifying how organizations handle personal and financial data. 

This concern around cloud security is natural, but it’s not necessarily based in fact.  A May post in Guidestar’s blog notes that while “nonprofit personnel often have less confidence that data in the cloud is truly secure and recoverable . . . [i]n reality, security and privacy is often much greater with major cloud providers.”  Also a reality of data security . . . your organization, as well as the cloud services company you’re working with, has a big role to play.  
cloud data

To begin ensuring constituent data is safe in the cloud, your organization should:

  • Identify where data lives.  Are you maintaining data on donors, volunteers and other constituents in several databases?  Or is all your constituent data in one core database?  You need to know where the data is before you or any company can secure it.
  • Determine which data is sensitive, proprietary or regulated, and needs to be secure. Data is usually classified either in terms of its need for protection (sensitive data) or its need for availability (critical data).
  • Implement effective data governance, a documented system to handle your nonprofit’s data.  For many nonprofits, a key data governance issue is deciding which staff, departments and/or locations can access certain (or any) constituent information.  It can also include detailing how and when you collect data, managing data and privacy policies, among others.

Your cloud services company should:

  • Help with data governance.  Once you’ve set data governance rules, your cloud provider should help you meet those requirements.  For example, users of ClearView CRM can set access rules within the system that allow national headquarters development staff to see all donor information but chapter staff to see only information on their regional donors.
  • Have well-established policies for disaster recovery.  ClearView CRM’s developer, SofTrek, maintains a second, fully functional location for client data.  Some ClearView CRM clients have fully mirrored databases at a second location that are kept in sync with the database they use daily. If, say, a natural disaster affects the main database location, these clients can point their browsers to the replicated databases and begin work almost immediately.
  • Back up constituent data on a regular basis.  SofTrek backs up client data to disk (and tape) nightly and takes the additional step of mirroring the data over a communications link to the second location.
  • Meet appropriate regulations and standards.  Encryption to testing, password maintenance to malware detection--the company that handles your constituent data needs to comply with and even go beyond the rules and recommendations from regulators and standards associations.  For instance, cloud companies that handle credit-card transactions should be complaint with and receive certification from the PCI (Payment Card Industry) Security Standards Council.

These are just a few of the considerations your organization will deal with when you move constituent data to the cloud.  With the right cloud services provider, however, addressing those considerations will be considerably easier.


 

Cloud–or true cloud?

What is true cloud computing?  Some companies that offer (what they term) cloud computing provide these basicstrue-cloud
  • You can use the system or application on any device with a browser no matter where you are.
  • The cloud-computing company provides hardware like servers, services like backup and maintenance, and software and updates.
True cloud computing goes further than this and includes these characteristics:
  • Multi-tenancy:  All users of the cloud system or application share the resources of the data environment, as all users of a municipal water system share water resources.  When your organization needs more computing power to handle a burst of activity, you get more without having to do anything.
  • Scalability:  The cloud provider can easily add servers if your organization knows it’s going to need more computing power on a regular basis.
  • Redundancy: The cloud-services provider has more than one redundant data center (in other locations) operating at all times.  This the key to recovering data in the event of a loss due to a fire, flood or other disaster.


 

Baby-Boomers-giving-trends

10 major giving trends you need to know

Lots of information exists on major giving trends, but fundraising consultant Gail Perry has sifted through much of it for you.  Her blog post on the topic makes for interesting reading.  For instance, most of us know that women are more generous than men.  But a recent study showed that woman are actually twice as generous: "For every $100 boomer and older men gave, women in the very same economic circumstances gave $258."  Might make for a change in thinking on pipeline priorities.  Read the rest of the post here.



Tell us what interests you.

Sure, we at Insights & Opportunities are interested in a range of fundraising topics.  But what are your interests?  Take a brief survey, and let us know!  (Many thanks for your time.)

survey

Don’t forget to like SofTrek Corporation on Facebook and follow us on LinkedIn!