The announcement that GuideStar, Charity Navigator and others would be moving away from the 990 form as their primary source for assessing nonprofit performance raised a lot of interesting questions, such as "How will assessments of outcomes be standardized in a way that is not too subjective?" and "What will be required of nonprofits in order to make those assessments?" We'll have a chance to get some preliminary answers to those questions on February 4th, when NTEN will sponsor a phone-in panel discussion with representatives of GuideStar and Charity Navigator, as well as members of the nonprofit community. The panel will be hosted by Sean Stannard-Stockton of Tactical Philanthropy, and will include:
As my colleague Steve Backman fully explains here, here's been some fallout from this story for Microsoft. First, like Google and Yahoo!, Microsoft operates a search engine in China and submits to the Chinese governments censoring filters. They've kept mum on their feelings about the cyber-attack. Google's analysis of that attack reveals that GMail accounts were hacked and other breaches occurred via security holes in Internet Explorer, versions six and up, that allow a hacker to upload programs and take control of a user's PC. As this information came to light, France and Germany both issued advisories to their citizens that switching to a browser other than Internet Explorer would be prudent. In response, Microsoft has issued a statement recommending that everyone upgrade from Internet Explorer version 6 to version 8, the current release. What Microsoft doesn't mention is that the security flaw exists in versions seven and eight as well as six, so upgrading won't protect you from the threat, although they just released a patch that hopefully will.
So, while their reasoning is suspect, it's nice to see that Microsoft has finally joined the campaign to remove this old, insecure and incompatible with web standards browser.
I have kept Google Wave open in a tab in my browser since the day my account was opened, subscribed to about 15 waves, some of them quite well populated. I haven't seen an update to any of these waves since January 12th, and it was really only one wave that's gotten any updates at all in the past month. I can't give away the invites I have to offer. The conclusion I'm drawing is that, if Google doesn't do something to make the Wave experience more compelling, it's going to go the way of a Simply Red B-Side and fade from memory. As I've said, there is real potential here for something that puts telecommunication, document creation and data mining on a converged platform, and that would be new. But, in it's current state, it's a difficult to use substitute for a sophisticated Wiki. And, while Google was hyping this, Confluence released a new version of their excellent (free for nonprofits) enterprise Wiki that can incorporate (like Wave) Google gadgets. That makes me want to pack up my surfboard.
A few months ago, I blogged a bit about Google Wave, and how it might live up to the hype of being the successor to email. Now that I've had a month or so to play with it, I wanted to share my initial reactions. Short story: Google Wave is an odd duck, that takes getting used to. As it is today, it is not that revolutionary -- in fact, it's kind of redundant. The jury is still out.
If you haven't gotten a Wave invite and want to try it, now is the time to query your Twitter and Facebook friends, because invites are being offered and we've passed the initial, competitive "gimme" stage. They should be easier to find if you speak up. And, once you get there (or if you are there and don't know what to do), there are some excellent ways to start learning and playing, which I'll discuss below.
Awkwardness
To put Wave in perspective, I clearly remember my first exposure to email. I bought my first computer in 1987: a Compaq "portable". The thing weighed about 60 pounds, sported a tiny green on black screen, and had two 5 and 1/4 inch floppy drives for applications and storage). Along with the PC, I got a 1200 BPS modem, which allowed me o dial up local bulletin boards. And, as I poked around, I discovered the 1987 version of email: the line editor.
On those early BBSes, emails were sent by typing one line (80 characters, max) of text and hitting "enter". Once "enter" was pressed, that line was sent to the BBS. No correcting typos, no rewriting the sentence. It was a lot like early typewriters, before they added the ability to strike out previously submitted text.
But, regardless of the primitive editing capabilities, email was a revelation. It was a new medium; a form of communication that, while far more awkward than telephone communications, was much more immediate than postal mail. And it wasn't long before more sophisticated interfaces and editors made their way to the bulletin boards.
Google Wave is also, at this point, awkward. To use it, you have to be somewhat self-confident right from the start, as others are potentially watching every letter that you type. And while it's clear that the ability to co-edit and converse about a document in the same place is powerful, it's messy. Even if you get over the sprawling nature of the conversations, which are only minimally better than what you would get with ten to twenty-five people all conversing in one Word document, the lack of navigational tools within each wave is a real weakness.
Redundant?
I'm particularly aware of these faults because I just installed and began using Confluence, a sophisticated, enterprise Wiki (free for nonprofits) at my organization. While we've been told that Wave is the successor to email, Google Docs and, possibly, Sharepoint, I have to say that Confluence does pretty much all of those things and is far more capable. All wikis, at their heart, offer collaborative editing, but the good ones also allow for conversations, plug-ins and automation, just as Google Wave promises. But with a wiki, the canvas is large enough and the tools are there to organize and manage the work and conversation. With Wave, it's awfully cramped, and somewhat primitive in comparison.
Too early to tell?
Of course, we're looking at a preview. The two things that possibly differentiate Wave from a solid wiki are the "inbox" metaphor and the automation capabilities. Waves can come to you, like email, and anyone who has tried to move a group from an email list to a web forum knows how powerful that can be. And Wave's real potential is in how the "bots", server-side components that can interact with the people communicating and collaborating, will integrate the development and conversation with existing data sources. It's still hard to see all of that in this nascent stage. Until then, it's a bit chicken and egg.
Wave starting points
There are lots of good Wave resources popping up, but the best, hands down, is Gina Trapini's Complete Guide, available online for free and in book form soon. Gina's blog is a must read for people who find the types of things I write about interesting.
Once you're on wave, you'll want to find Waves to join, and exactly how you do that is anything but obvious. the trick is to search for a term "such as "nonprofit" or "fundraising" and add the phrase "with:public". A good nonprofit wave to start with is titled, appropriately, "The Nonprofit Technology Wave".
If you haven't gotten a Wave invite and want to, now is the time to query your Twitter and Facebook friends, because invites are being offered and we've passed the initial "gimme" stage. In fact, I have ten or more to share (I'm peterscampbell on most social networks and at Google's email service).
Cloud computing is one of those buzz phrases that has come to mean everything and nothing depending on your perspective.
Cloud computing is neither good or bad: it is increasingly an element of planning and strategy even for small to medium organizations. It is new technology that happens to correspond to, accelerate and enable us to respond to larger economic and social trends. At the risk of oversimplifying, I tend to break it down to two challenges and three opportunities.
Two Challenges
Cloud computing wrestles with two fundamental challenges of the modern computing era: infrastructure and the desktop.
Without a doubt, the bits and pieces of organizational infrastructure have gotten cheaper. Putting all those hardware and software pieces together, managing them, securing them, updating them, backing them up, and ensuring 24x7 global up-time remains challenging and expensive.
In the current recession, cloud computing has become the means to translate technology from capital costs to operating costs. That is, instead of investing in longer terms cycles of network servers, other office hardware and software, cloud computing says, pay as you go over the Internet. Business planning articles have commented on this as an imperative about this recession—with which the maturing of cloud computing happens to coincide.
Formerly, organizations planned on upgrading locally installed network servers every three to four years. Or should have. The cost of not doing so might be a catastrophic failure with days of down time. The cost of an upgrade includes new hardware, usually new network software to be compatible with the new software, ancillary updates to security systems, back-up software, email software and so on. The cost also includes migration, planned instead of emergency downtime, reconnecting desktops and lots more. Big costs, hard to consistently budget for, particularly in a recession, and particularly for smaller businesses and nonprofits in recessionary environments.
These one-time costs can be enormous even if the pure cost of a server has gone down. Cloud computing aims to turn these capital outlays into ongoing operational costs. They can be metered as usage grows or retracts instead of planned over multiple year period.
Cloud computing also can alleviate the budgeting for support costs. It’s not that there’s necessarily less to watch or do. It’s more the scale and scheduling of support these days. Even if system consoles have become somewhat more straightforward to manage, the burden of responsibility may not have. More organizations support staff working at home or in the field at odd hours. More organizations have multiple offices or close partners sharing systems. More organizations maintain connections between internal data systems and their website. These all imply closer and closer to 24x7 support, even if an organization nominally has traditional office hours.
The other big challenge on the mind of IT strategists today is the desktop. Twenty five years or so into the “PC Revolution,” we’re grappling with what to do with the desktop. We all wanted its promise; now we have to contend with the consequences. Desktops have become more and more powerful. As they do, they also become more and more difficult to tame and manage.
Before PCs, everything ran off of servers, and desktops were relatively cheap, dumb, easy to maintain. Support was centralized on the server. While those servers and related infrastructure cost more, support costs were perhaps more predictable.
Even as purchase costs for a new office computer drop, analysts still consistently talk about total costs of ownership to a business or organization dwarfing that initial cost. (I’ve recently heard 15% as current ratio of initial to total cost.) The total cost includes acquiring and configuring the computer, maintaining it with security and software updates, supporting its users, and then managing its replacement down the road. Windows-Mac-Ubuntu each have their proponents in this regard. Travelling around to different offices, I see universal complexity on the typical staff person’s desktop and unending monthly support requirements.
Jonathan Zittrain’s excellent “The Future of the Internet—And How to Stop It” (http://futureoftheinternet.org/ ) writes about the fundamental openness of the PC environment. And this is true whether Windows, Mac or Linux. By their nature, unlike earlier devices that sat on office workers’ desks, they provide endless choices for installing software and configuring things. Endless choices mean endless headaches for IT staff.
Troubleshooting why some configuration no longer works on a particular machine (it is hardware? Software? Malware? User error?...) is probably the least fun part of an IT dept’s week. Zittrain argues for keeping that creative openness against the forces that want to put computer usage back into “walled gardens.” (This is the “future of the Internet he wants to stop.) Yet he also recognizes the pressures facing IT departments in wanting to lock things down or limit choices. It would be hard to impossible to imagine giving up the computing power now at everyone’s finger tips on their desktop. The challenge is to provide that power with less support complexity.
Three Opportunities
From two challenges come three opportunities: “Software as a Service,” “IT as a service,” and “Platform as a Service.”
Software as a Service means taking strategic business or organizational software applications and moving them up to the web as pay as you go services. For example, on a small scale—Constant Contact. On a large Scale—Salesforce. Things run in the browser and operate like household utilities.
Platform as a Service takes a similar model and provides software developers the tools to build complete applications. For example, instead of doing your own Drupal thing, you develop complex sites from within the Acquia Drupal Platform.
IT as a Service (or Infrastructure as a Service) aims to move your whole network infrastructure out of your office and up onto the web somewhere. Instead of worrying about configuring Outlook on everyone’s desktop, everyone uses the same desktop software image centrally maintained and managed.
The first two of these meet the challenge of the desktop by minimizing what runs there versus what runs in your browser. IT as a Service meets the challenge by taming and centralizing what runs on the desktop. All three aim to reduce the capital expense footprint of IT. There is more to say. (For one thing, I've oversimplified a bit what Acquia and Salesforce offer). In part II (yes, sorry, there is a part II of this), I’ll assess these three a bit more.
Meaningful shared data, like the Miles Per Gallon ratings on new car stickers or the calorie counts on food packaging help us make better choices;
But not all data is as easy to interpret;
Nonprofits have continually been challenged to quantify the conditions that their missions address;
Shared knowledge and metrics will facilitate far better dialog and solutions than our individual efforts have;
The web is a great vehicle for sharing, analyzing and reporting on data;
Therefore, the nonprofit sector should start defining and adopting common data formats that support shared analysis and reporting.
I've made the case before for shared outcomes reporting, which is a big piece of this. Sharing and transparency aren't traditional approaches to our work. Historically, we've siloed our efforts, even to the point where membership-based organizations are guarded about sharing with other members.
The reason that technologists like Marnie and I end up jumping on this bandwagon is that the tech industry has modeled the disfunction of a siloed approach better than most. early computing was an exercise in cognitive dissonance. If you regularly used Lotus 123, Wordperfect and dBase (three of the most popular business applications circa 1989) on your MS-DOS PC, then hitting "/", F7 or "." were the things you needed to know in order to close those applications respectively. For most of my career, I stuck with PCs for home use because I needed compatibility with work, and the Mac operating system, prior to OSX, just couldn't easily provide that.
The tech industry has slowly and painfully progressed towards a model that competes on the sales and services level, but cooperates on the platform side. Applications, across manufacturers and computing platforms, function with similar menus and command sequences. Data formats are more commonly shared. Options are available for saving in popular, often competitive formats (as in Word's "Save As" offering Wordperfect and Lotus formats). The underlying protocols that fuel modern operating systems and applications are far more standardized. Windows, Linux and MacOS all use the same technologies to manage users and directories, network systems and communicate with the world. Microsoft, Google, Apple and others in the software world are embracing open standards and interoperability. This makes me, the customer, much less of an innocent bystander who is constantly sniped by their competitive strategies.
So how does this translate to our social service, advocacy and educational organizations? Far too often, we frame cooperation as the antithesis to competition. That's a common, but crippling mistake. The two can and do coexist in almost every corner of our lives. We need to adopt a "rising tide" philosophy that values the work that we can all do together over the work that we do alone, and have some faith that the sustainable model is an open, collaborative one. Looking at each opportunity to collaborate from the perspective of how it will enhance our ability to accomplish our public-serving goals. And trusting that this won't result in the similarly-focused NGO down the street siphoning off our grants or constituents.
As Marnie is proposing, we need to start discussing and developing data standards that will enable us to interoperate on the level where we can articulate and quantify the needs that our mission-focused organizations address. By jointly assessing and learning from the wealth of information that we, as a community of practice collect, we can be far more effective. We need to use that data to determine our key strategies and best practices. And we have to understand that, as long as we're treating information as competitive data; as long as we're keeping it close to our vests and looking at our peers as strictly competitors, the fallout of this cold war is landing on the people that we're trying to serve. We owe it to them to be better stewards of the information that lifts them out of their disadvantaged conditions.
Last week, I shared my impressions of Google Wave, which takes current web 2.0/Internet staple technologies like email, messaging, document collaboration, widgets/gadgets and extranets and mashes them up into an open communications standard that, if it lives up to Google's aspirations, will supersede email. There is little doubt in my mind that this is how the web will evolve. We've gone from:
The Yahoo! Directory model - a bunch of static web sites that can be catalogued and explored like chapters in a book, to
The Google needle/haystack approach - the web as a repository of data that can be mined with a proper query, to
Web 2.0, a referral-based model that mixes human opinion and interaction into the navigation system.
For many of us, we no longer browse, and we search less than we used to, because the data that we're looking for is either coming to us through readers and portals where we subscribe to it, or it's being referred to us by our friends and co-workers on social networks. Much of what we refer to eachother is content that we have created. The web is as much an application as it is a library now.
Google Wave might well be "Web 3.0", the step that breaks down the location-based structure of web data and replaces it completely with a social structure. Data isn't stored as much as it is shared. You don't browse to sites; you share, enhance, append, create and communicate about web content in individual waves. Servers are sources, not destinations in the new paradigm.
Looking at Wave in light of Google's mission and strategy supports this idea. Google wants to catalog, and make accessible, all of the world's information. Wave has a data mining and reporting feature called "robots". Robots are database agents that lurk in a wave, monitoring all activity, and then pop in as warranted when certain terms or actions trigger their response. The example I saw was of a nurse reporting in the wave that they're going to give patient "John Doe" a peanut butter sandwich. The robot has access to Doe's medical record, is aware of a peanut allergy, and pops in with a warning. Powerful stuff! But the underlying data source for Joe's medical record was Google Health. For many, health information is too valuable and easily abused to be trusted to Google, Yahoo!, or any online provider. The Wave security module that I saw hid some data from Wave participants, but was based upon the time that the person joined the Wave, not ongoing record level permissions.
This doesn't invalidate the use of Wave, by any means -- a wave that is housed on the Doctor's office server, and restricted to Doctor, Nurse and patient could enable those benefits securely. But as the easily recognizable lines between cloud computing and private applications; email and online community; shared documents and public records continue to blur, we need to be careful, and make sure that the learning curve that accompanies these web evolutions is tended to. After all, the worst public/private mistakes on the internet have generally involved someone "replying to all" when they didn't mean to. If it's that easy to forget who you're talking to in an email, how are we going to consciously track what we're revealing to whom in a wave, particularly when that wave has automatons popping data into the conversation as well?
The Wave as internet evolution idea supports a favored notion: data wants to be free. Open data advocates (like myself) are looking for interfaces that enable that access, and Wave's combination of creation and communication, facilitated by simple, but powerful data mining agents, is a powerful frontend. If it truly winds up as easy as email, which is, after all, the application that enticed our grandparents to use the net, then it has culture-changing potential. It will need to bring the users along for that ride, though, and it will be interesting to see how that goes.
--------
A few more interesting Google Wave stories popped up while I was drafting this one. Mashable's Google Wave: 5 Ways It Could Change the Web gives some concrete examples to some of the ideas I floated last week; and, for those of you lucky enough to have access to Wave, here's a tutorial on how to build a robot.
Google is on a fishing expedition to see if we're willing to take web-surfing to a whole new level. My colleague Steve Backman introduced us to Google Wave a few months ago. I attended a developer's preview at Techsoup Headquarters last week, and I have some additional thoughts to share.
Google's introduction of Wave is nothing if not ambitious. As opposed to saying "We have a new web mashup tool" or "We've taken multimedia email to a new level", they're pitching Wave as nothing less than the successor to email. My question, after seeing the demo, is "Is that an outrageous claim, or a way too modest one?".
The early version of Google Wave I saw looked a lot like Gmail, with a folder list on the left and "wave" list next to it. Unlike Gmail, a third pane to the right included an area where you can compose waves, so Wave is three-columner to Gmail's two.
A wave is a collaborative document that can be updated by numerous people in real-time. This means that, if we're both working in the same wave, you can see what I'm typing, letter by letter, as I can see what you add. This makes Twitter seem like the new snail mail. It's a pretty powerful step for collaborative technology. But it's also quite a cultural change for those of us who appreciate computer-based communications for the incorporated spell-check and the ability to edit and finalize drafted messages before we send them.
Waves can include text, photos, film clips, forms, and any active content that could go into a Google Gadget. If you check out iGoogle, Google's personal portal page, you can see the wide assortment of gadgets that are available and imagine how you would use them -- or things like them -- in a collaborative document. News feeds, polls, games, utilities, and the list goes on.
You share waves with any other wave users that you choose to share with. User-level security is being written into the platform, so that you can share waves as read-only or only share certain content in waves with particular people.
Given these two tidbits, it occurred to me that each wave was far more like a little Extranet than an email message. This is why I think Google's being kind of coy when they call it an email killer - it's a Sharepoint killer. It's possibly a Drupal (or fill in your favorite CMS here) killer. It's certainly an evolution of Google Apps, with pretty much all of that functionality rolled into a model that, instead of saying "I have a document, spreadsheet or website to share" says "I want to share, and, once we're sharing, we can share websites, spreadsheets, documents and whatever". Put another way, Google Apps is an information management tool with some collaborative and communication features. Google Wave is a communications platform with a rich set of information management tools. It's Google Docs inverted.
So, Google Wave has the potential to be very disruptive technology, as long as people:
Adopt it;
Feel comfortable with it; and
Trust Google.
Next week, I'll spend a little time on the gotcha's - please add your thoughts and concerns in the comments.
Even if you will never tweet, it's obvious that Twitter is a source of useful information, and, in some cases, a more timely source than traditional search engines and media. If you use Firefox as your main web browser, and have the popular Greasemonkey add-on installed, which serves as a kind of macro language for the web, then the Twitter Google Results script adds some real power. Any Google search you perform will also search Twitter, posting the top five relevant results. Why is this useful? Well, when we heard rumors that a bomb had gone off somewhere near our Bozeman, Montana office, the Twitter results had current info and links that weren't indexed by Google yet
Namechk checks for your preferred username on a slew of Web 2.0 sites, from Bebo to Youtube. I found this useful to reserve peterscampbell at a few sites that I want to use but hadn't signed up for, and to learn that some other guy named peterscampbell had already grabbed it at Youtube, where I had used a different loginname... snap!
This is a tip, not a tool - if you've been stymied by Facebook's recent changes to how it handles updates, you can make a lot more sense of it by making lists of related friends, and then filtering the updates by group. Click on Friends and the "Create New List" button is at the top of the screen. I have lists for family, nptech, Boston friends, SF Friends, and a special one called "no tweets", which filters out everyone who cross-posts all of their Twitter updates to Facebook (my default view). Keeping up with all of this info is always a challenge, so the ability to filter out the echoes is a must.
Exhibit is a web site that lets you upload spreadsheets, maps and other data to an information rich, filterable, active web page that can then be shared. If your org works with a particular environmental cause, seeks a cure for a disease, or supports a particular community, you can share data about your cause dynamically and expressively with this amazing site.
Google revolutionized email with GMail, the first email platform in decades to question the basic assumptions about how email should work (by filing important email into folders). They're about to do the same thing with Voicemail. A year or two ago, they purchased Grandcentral, a service that allowed you to route multiple phone numbers to one shared voicemail box. A few months ago, they opened the revamped Google Voice to existing Grandcentral customers, and, surprise, it looks a bit like GMail.
When I look at GMail, Google Voice, and the recently announced Google Wave, a real-time communication and collaboration platform, and then picture these all integrated into a Google Apps account, it becomes clear that our phone systems are moving into the cloud as fast as our servers are, and, while it is always that controversial proposition of Google giving you stuff in return for the right to market to you based on all of your data, it still looks like they are poised to offer one of the most powerful, integrated communication platforms that the world has ever seen.
Have you run into any awesome things lately worth sharing? Leave a comment!
Steve, Lucy and Lalithia painted a pretty visionary picture of what it would be like if all nonprofits standardized and aggregated their outcome reporting on the web. Lalithia had a case study that hit on the key levels of engagement: shared measurement systems; comparative performance measurement and a baked in learning process. Steve made it clear that this is an iterative process that changes as it goes -- we learn from each iteration and measure more effectively, or more appropriately for the climate, each time.
I'm blogging about this because I'm with them -- this is an important topic, and one that gets lost amidst all of the social media and web site metrics focus in our nptech community. We're big on measuring donations, engagement, and the effectiveness of our outreach channels, and I think that's largely because there are ample tools and extra-community engagement with these metrics -- every retailer wants to measure the effectiveness of their advertising and their product campaigns as well. Google has a whole suite of analytics available, as do other manufacturers. But outcomes measurement is more particular to our sector, and the tools live primarily in the reporting functionality of our case and client management systems. They aren't nearly as ubiquitous as the web/marketing analysis tools, and they aren't, for the most part, very flexible or sophisticated.
Now, I wholly subscribe to the notion that you will never get anywhere if you can't see where you're going, so I appreciate how Steve and crew articulated that this vision of shared outcomes is more than just a way to report to our funders; it's also a tool that will help us learn and improve our strategies. Instead of seeing how your organization has done, and striving to improve upon your prior year's performance, shared metrics will offer a window into other's tactics, allowing us all to learn from each others' successes and mistakes.
But I have to admit to being a bit overwhelmed by the obstacles standing between us and these goals. They were touched upon in the talk, but not heavily addressed.
Outcome management is a nightmare for many nonprofits, particularly those who rely heavily on government and foundation funding. My brief forays into shared outcome reporting were always welcomed at first, then shot down completely, the minute it became clear that joint reporting would require standardization of systems and compromise on the definitions. Our case management software was robust enough to output whatever we needed, but many of our partners were in Excel or worse. Even if they'd had good systems, they didn't have in-house staff that knew how to program them.
Outcomes are seen by many nonprofit executives as competitive data. If we place ours in direct comparison with the similar NPO down the street, mightn't we just be telling our funders that they're backing the wrong horse?
The technical challenges are huge -- of the NPOs that actually have systems that tally this stuff, the data standards are all over the map, and the in-house skill, as well as time and availability to produce them, is generally thin. You can't share metrics if you don't have the means to produce them.
A particular concern is that all metrics are fairly subjective, as can happen when the metrics produced are determined more by the funding requirements than the NPO's own standards. When I was at SF Goodwill, our funders were primarily concerned with job placements and wages as proof of our effectiveness. But our mission wasn't one of getting people jobs; it was one of changing lives, so the metrics that we spent the most work on gathering were only partially reflective of our success - more outputs than outcomes. Putting those up against the metrics of an org with different funding, different objectives and different reporting tools and resources isn't exactly apples to apples.
The benefits of shared metrics that Steve and crew held up is a worthwhile dream, but, to get there, we're going to have to do more than hold up a beacon saying "This is the way". We're going to have to build and pave the road, working through all of the territorial disputes and diverse data standards in our path. Funders and CEOs are going to have to get together and agree that, in order to benefit from shared reporting, we'll have to overcome the fact that these metrics are used as fodder in the battles for limited funding. Nonprofits and the ecosystem around them are going to have to build tools and support the art of data management required. These aren't trivial challenges.
I walked into the session thinking that we'd be talking about cloud computing; the migration of our internal servers to the internet. Instead, I enjoyed an inspiring conversation that took place, as far as I'm concerned, in the clouds. We have a lot of work to do on the ground before we can get there.
My esteemed colleague Michelle Murrain lobbed the first volley in our debate over whether tis safer to host all of your data at home, or to trust a third party with it. The debate is focused on Software as a Service (SaaS) as a computing option for small to mid-sized nonprofits with little internal IT expertise. This would be a lot more fun if Michelle was dead-on against the SaaS concept, and if I was telling you to damn the torpedos and go full speed ahead with it. But we're all about the rational analysis here at Idealware, so, while I'm a SaaS advocate and Michelle urges caution, there's plenty of give and take on both sides.
Michelle makes a lot of sound points, focusing on the very apt one that a lack of organizational technology expertise will be just as risky a thing in an outsourced arrangement as it is in-house. But I only partially agree.
Security: Certainly, bad security procedures are bad security procedures, and that risk exists in both environments. But beyond the things that could be addressed by IT-informed policies, there are also the security precautions that require money to invest in and staff to support, like encryption and firewalls. I reject the argument that the data is safer on an unsecured, internal network than it is in a properly secured, PCI-Compliant, hosted environment. You're not just paying the SaaS provider to manage the servers that you manage today; you're paying them to do a more thorough and compliant job at it.
Backups: Many tiny nonprofits don't have reliable backup in place; a suitable SaaS provider will have that covered. While you will also want them to provide local backups (either via scheduled download or regular shipment of DVDs), even without that, it's conceivable that the hosted situation will provide you with better redundancy than your own efforts.
Data Access: Finally, data access is key, but I've seen many cases where vendor licensing restricts users from working with their own data on a locally installed server. Being able to access your data, report on it, back it up, and, if you choose, globally update it is the ground floor that you negotiate to for any data management system, be it hosted or not. To counter Michelle, resource-strapped orgs might be better off with a hosted system that comes with data management services than an internal one that requires advanced SQL training to work with.
Where we might really not see eye to eye on this is in our perception of how 'at risk" these small nonprofits are, and I look at things like increasing governmental and industry regulation of internal security around credit cards and donor information as a time bomb for many small orgs, who might soon find themselves facing exorbitant fines or criminal charges for being your typical nonprofit, managing their infrastructure on a shoestring and, by necessity, skimping on some of the best practices. It's simple - the more we invest in administration, the worse we look in our Guidestar ratings. In that scenario, outsourcing this expertise is a more affordable and reliable option than trying to staff to it, or, worse, hope we don't get caught.
But one point of Michelle's that I absolutely agree with is that IT-starved nonprofits lack the internal expertise to properly assess hosting environments. In any outsourcing arrangement, the vendors have to be thoroughly vetted, with complete assurances about your access to data, their ability to protect it, and their plans for your data if their business goes under. Just as you wouldn't delegate your credit card processing needs to some kid in a basement, you can trust your critical systems to some startup with no assurance of next year's funding. So this is where you make the right investments, avail yourself of the type of information that Idealware provides, and hire a consultant.
To me, there are two types of risk: The type you take, and the type you foster by assuming that your current practices will suffice in an ever-changing world (more on this next week). Make no mistake, SaaS is a risky enterprise. But managing your own technology without tech-savvy staff on hand is something worse than taking a risk - it's setting yourself up for disaster. While there are numerous ways to mitigate that, none of them are dollar or risk free, and SaaS could prove to be a real bang for your buck alternative, in the right circumstances.
Google often figures in discussion about use of free or low cost software as well as of what are the boundaries of corporate commitments to Open Source. The uniformity and simplicity of Google applications give them a seductive appeal. Yet in my own use of them and in discussions with clients, they also carry with them a sense of unease.
How much can we count on Gmail, Google Docs, Calendar and the rest when their free or low cost availability depends almost entirely on Google’s continued domination of web search? “Do no evil” notwithstanding, how much can we count on Google’s commitment to privacy and security? While providing many Open Source tools, how much can we count on software whose core remains entirely closed and proprietary? Is migration of software to the cloud inevitable and a Good Thing?
These questions come up about other corporate leaders that figure large in software selection and strategy these days. Google fascinates us because it has become ubiquitous and the issues easier to grasp.
The report assesses internal weaknesses, as well as legal, strategic, and other threats. The strategic threats category caught my eye. Google faces challenges from both its large, global competitors as combined with possibilities at the other end of “disruptive technologies” from new companies. Things in software will keep changing. Time frames that you can expect a given software strategy to last continues to shrink.
Likewise, though the authors did not give it high priority, they noted that competition from Open Source alternatives could have a high impact. This in combination with the reports assessment of privacy concerns make for a large potential threat. This is likely true for most all corporate software systems, including others straddling the Open Source/proprietary fence.
Last, the report notes recent interruptions in Gmail and problems with other Google services, which many of us experienced. Yet the authors do not connect this with the difficulty or impossibility most Google users have in getting customer service. As I mentioned in this space some time ago about using free Gmail without a backup plan, this falls into the category of “no free lunch.”
Many idealware blog readers would benefit from viewing these slides, both to ponder Google as well as a framework for considering where we all stand with other corporate software providers.
Say you sign up for some great Web 2.0 service that allows you to bookmark web sites, annotate them, categorize them and share them. And, over a period of two or three years, you amass about 1500 links on the site with great details, cross-referencing -- about a thesis paper's worth of work. Then, one day, you log on to find the web site unavailable. News trickles out that they had a server crash. Finally, a painfully honest blog post by the site's founder makes clear that the server crashed, the data was lost, and there were no backups. So much for your thesis, huh? Is the lesson, then, that the cloud is no place to store your work?
Well, consider this. Say you start up a Web 2.0 business that allows people to bookmark, share, categorize and annotate links on your site. And, over the years, you amass thousands of users, some solid funding, advertising revenue -- things are great. Then, one day, the server crashes. You're a talented programmer and designer, but system administration just wasn't your strong suit. So you write a painful blog entry, letting your users know the extent of the disaster, and that the lesson you've learned is that you should have put your servers in the cloud.
My recent posts have advocated cloud computing, be it using web-based services like Gmail, or looking for infrastructure outsourcers who will provide you with virtualized desktops. And I've gotten some healthily skeptical comments, as cloud computing is new, and not without it's risks, as made plain by the true story of the Magnolia bookmarking application, which recently went down in the flames as described above. The lessons that I walk away with from Magnolia's experience are:
You can run your own servers or outsource them, but you need assurances that they are properly maintained, backed up and supported. Cloud computing can be far more secure and affordable than local servers. But "the cloud", in this case, should be a company with established technical resources, not some three person operation in a small office. Don't be shy about requesting staffing information, resumes, and details about any potential off-site vendor's infrastructure.
You need local backups, no matter where your actual infrastructure lives. If you use Salesforce or Google, export your data nightly to a local data store in a usable format. Salesforce lets you export to Excel; Google supports numerous formats. Gmail now supports an Offline mode that stores your mail on the computer you access it from. If you go with a vendor who provides virtual desktop access (as I recommend here), get regular snapshots of the virtual machines. If this isn't an over the air transfer, make sure that your vendors will provide DVDs of your data or other suitable medium.
Don't sign any contract that doesn't give you full control over how you can access and manipulate your data, again, regardless of where that data resides. A lot of vendors try and protect themselves by adding contract language prohibiting mass updates and user access, even on locally-installed applications. But their need to simplify support should not be at the expense of you not having complete control over how you use your information.
Focus on the data. Don't bend on these requirements: Your data is fully accessible; It's robustly backed up; and, in the case of any disaster, it's recoverable.
Technology is a set of tools used to manage your critical information. Where that technology is housed is more of a feature set and financial choice than anything else. The most convenient and affordable place for your data to reside might well be in the cloud, but make sure that it's the type of cloud that your data won't fall through.
My big post contrasting full blown Microsoft Exchange Server with cloud-based Gmail drew a couple of comments from friends in Seattle. Jon Stahl of One/Northwest pointed out, helpfully, that MS sells it's Small Business Server product to companies with a maximum of 50 employees, and that greatly simplifies and reduces cost for Exchange. After that, Patrick Shaw of NPower Seattle took it a step further, pointing out that MS Small Business Server, with a support arrangement from a great company like NPower (the "great" is my addition - I'm a big fan), can cost as little as $4000 a year and provide Windows Server, Email, Backup and other functions, simplifying a small office's technology and outsourcing the support. This goes a long way towards making the chaos I described affordable and attainable for cash and resource strapped orgs.
What I assume Npower knows, though, and hope that other nonprofit technical support providers are aware of, is that this is the outdated approach. Nonprofits should be looking to simplify technology maintenance and reduce cost, and the cloud is a more effective platform for that. As ReadWriteWeb points out, most small businesses -- and this can safely be assumed to include nonprofits -- are completely unaware of the benefits of cloud computing and virtualization. If your support arrangement is for dedicated, outsourced management of technology that is housed at your offices, then you still have to purchase that hardware and pay someone to set it up. The benefits of virtualization and fast, ubiquitous Internet access offer a new model that is far more flexible and affordable.
One example of a company that gets this is MyGenii. They offer virtualized desktops to nonprofits and other small businesses. As I came close to explaining in my Lean, Green, Virtualized Machine post, virtualization is technology that allows you to, basically, run many computers on one computer. The environmental and financial benefits of doing what you used to do on multiple systems all on one system are obvious, but there are also huge gains in manageability. When a PC is a file that can be copied and modified, building new and customized PCs becomes a trivial function. Take that one step further - that this virtual PC is stored on someone else's property, and you, as a user, can load it up and run it from your home PC, laptop, or (possibly) your smartphone, and you now have flexible, accessible computing without the servers to support.
For the tech support service, they either run large servers with virtualization software (there are many powerful commercial and open source systems available), or they use an outsourced storage platform like Amazon's EC2 service. In addition to your servers, they also house your desktop operating systems. Running multiple servers and desktops on single servers is far more economical; it better utilizes the available server power, reducing electricity costs and helping the environment; and backups and maintenance are simplified. The cost savings of this approach should benefit both the provider and the client.
In your office, you still need networked PCs with internet access. But all you need on those computers is a basic operating system that can boot up and connect to the hosted, virtualized desktop. Once connected, that desktop will recognize your printers and USB devices. If you make changes, such as changing your desktop wallpaper or adding an Outlook plugin, those changes will be retained. The user experience is pretty standard. But here's a key benefit -- if you want to work from home, or a hotel, or a cafe, then you connect to the exact same desktop as the one at work. It's like carrying your computer everywhere you go, only without the carrying part required.
So, it's great that there are mission focused providers out there who will affordably support our servers. But they could be even more affordable, and more effective, as cloud providers, freeing us from having to own and manage any servers in the first place.
Subscribe through Feedburner
