I’m at an interesting intersection in my career path. I just concluded eight years at a small, statewide health care reform nonprofit in Massachusetts called Community Partners. I was Technology & Strategy Director there. Like so many orgs around us, we went under a month ago due to the bad economy. Though I am sad to lose my wonderful co-workers, it was coming for a long time, so I was somewhat prepared. A long time ago, other organizations and foundations started asking me lots of technology questions. This has naturally parlayed into consulting.
At this juncture where I have a sense of what it's like to work in a small org and am also looking at and helping larger orgs and foundations to make decisions about tech and use it in smart ways, I’m thinking a lot about something I call "supported open source."
"How do I choose a CMS?" is one of the most frequent questions I get. "Should I go with a closed but well-supported system or should I venture out into the Badlands of Open Source?" There is another way! That is supported open source.
The perception is often that if you choose open source—even if you hire additional expertise to initially build your site—you have to have skills in-house to keep it going after launch. I think the perception that you're on your own with open source is one of the barriers to its adoption for many businesses and nonprofits. But there are companies and consultants that will stick around, long after your site is launched, to give you the help and support you need. And there are different ways of doing this based on your org's budget.
At Community Partners, we ran things on a shoestring. I build web sites, but I don't write custom PHP code. When we wanted to use a profile module to collect contact information from users on our Drupal site and sync it with our Access mailing list database (yes, I know... Old Skool...), I found the module. It didn't work right. This functionality was a priority for us, though. Luckily, we maintained a contractual relationship with a Drupal consultant who would help us out with our site when our budget allowed. We only paid him to help us when something was broken, or when we wanted a new feature we couldn't implement ourselves and we had the funds to do it.
Having someone you can pay to give you support only when you need it is clearly cheapest way to go. If you're rolling in money, however, having a company on-call 24-7 to support you with anything you need is the other end of the spectrum. And everything in between exists. I want to disclose here that at present, I have a paid relationship with a consulting firm called OpenIssue LLC, which offers a spectrum of services for open source CMS platforms. I am working with them because I am becoming increasingly convinced that supported open source is has some serious advantages for our sector.
I am dogmatic about not being dogmatic, and the needs and mission of an org should always determine what technology they choose, not the other way around. You're never married to a piece of software and you should change platforms if and whenever it serves you. But particularly during this time of economic uncertainty, there is something comforting to me about software that's being developed by a worldwide brain trust. Open source software can't be yanked out from under you if funds (temporarily) disappear, or if a contract expires, because we all own it.
Though this community code base can be messy, open source development specialists know how to clean it up for you. So you get that worldwide scope of innovation, plus the focused attention on your org's particular needs. For orgs that want to stay innovative but don't always have cash flow, this can be a great solution. Ongoing support can be stopped and re-started as needed when there are budget troubles.
I know of a few companies out there that explicitly offer ongoing support for open source platforms. My fave among these is PICnet. Non-Profit Soapbox is designed to be an affordable, fully hosted, software-as-a-service (SaaS) way for nonprofits to build sites quickly and easily in the Joomla! CMS. PICnet has been around for a long time, and honestly I don't know why more companies aren't offering open source SaaS for nonprofits. Seems like a great idea to me. Here are a couple more companies that offer ongoing support:
I predict more of these companies will emerge in the coming year, and I think it will be a great leap forward for our sector. Do you know of a company or a consultant that offers ongoing support for open source software platforms? If so, I'd love to know about them. Please add them in the comments.
Sometimes it feels like the bane of my existence is my office phone. It's so bad that I rarely answer it, preferring to forward it to Google Voice where I can peruse the barely readable transcripts just well enough to filter out the 90% cold sales calls I receive. So what a pleasure it was to answer my desk phone on Thursday and have an illuminating conversation with my Microsoft Licensing representative. He called to tell me that I own some awesome benefits that come with my Software Assurance program. I'm betting that I'm not the only one who was clueless about these benefits.
Microsoft Licensing, as you know, is the little-known tenth circle of hell. It's a conceptual labyrinth of terms and conditions that was likely conceived by a team of the writers of the original "Prisoner" series with the advice of contract attorneys that graduated from law school 30 years ago and have never since seen the light of day.
Software Assurance is the tax we pay on our MicroSoft purchases that allows us to upgrade to the newest versions without paying upgrade fees (as long as we've paid our software assurance fees, of course). I assume that this is of interest to Idealware readers because most of us pick up a lot of our MS software from Techsoup Stock, and the Techsoup Stock donations come with Software Assurance, not without.
But Microsoft isn't evil; they're just bureaucratic, and every now and then a few smart people step up out of the morass and do things that I appreciate. These Software Assurance benefits include:
The Microsoft Home Use Program provides staff with ridiculously steep discounts on MS Office. Register this benefit, and the allowed number of users (which I'm unclear as to how they calculate) at your company can purchase MS Office 2007 Ultimate Edition (or Office 2008 for Mac) for $9.95. That's not a trial edition, and it's the opposite of crippled -- Ultimate is the "everything but the kitchen sink" edition and it comes with a license key.
Microsoft ELearning is a series of online classes in standard MS products like Word and Excel, and Server products like MS SQL Server or Windows 2003. I did note that the list of available classes that my rep sent me looked a little behind the times; no 2008 or 2010 products covered, but many of us aren't on the bleeding edge anyway.
Microsoft Technet gives you access to forums and experts, as well as evaluation copies of new technologies. For example, as I write this, I just learned that I can pick up Office 2010 and Sharepoint 2010 betas via my MSDN or Technet subscriptions to try.
This isn't fluff. We've been paying full price for Office at home (more than we do at work) and I've purchased E-Training on MS products and an MSDN subscription (fairly equivalent to Technet) because I had no idea that I already owned them. It makes me feel much better about what seemed like a pre-emptive insurance program that makes me commit to the next version of MS products before I'm ready to make that commitment, at times.
Of course, this is smart business for Microsoft. With Google announcing that their Google Apps offering will be on a feature par with Office within a year, and OpenOffice under active development as a pretty comparable alternative, you don't want your business customers to get too comfortable with those free alternatives at home. It's just surprising to me that, for years, this was buried in the small print section of eOpen, and not broadcast widely. So I'm doing MS a favor and blowing the horn on this one.
To access these benefits, log onto eOpen (which I hope you're using to manage MS licenses!) and once you've signed in and clicked "unhide licenses", find your last Techsoup order (or a similar large purchase) and open it up. The very first link in the license detail should be "Start and Manage your Software Assurance Benefits". Clicking on that will pop you to a paragraph that includes a link to the "Software Assurance Benefits Management Tool". Click on that to get the benefits. The more MS software you've bought, the more tedious this will be: there are benefits associated with each Software Assurance purchase, so you'll need to register this way for every relevant order. But it sure beats paying for these things at Best Buy!
The credit card industry is doing the right thing by consumers and enforcing proper security measures regarding the handling of credit card information. You might have heard about this - a number of the popular vendors of donor databases are recommending upgrades based on their compliance with these regulations. The "Payment Card Industry Data Security Standard", commonly known as PCIDSS, is a set of guidelines for securely handling credit card information. The standard has been around for about four years, but early enforcement efforts focused on companies with a high volume of credit card transactions. Now that they're all in compliance, they've set their sites on smaller businesses and nonprofits. So, what does this mean? Here's the simplest F.A.Q. that you're likely to find on the topic:
Do you ever process online, phoned in, or mailed-in credit card donations in-house? e.g., do you maintain the credit card number, expiration date and name of a donor?
If no, you don't have to worry about this.
If yes, do you have more than 20,000 such transactions annually?
Well, if you do, congratulations! Most nonprofits don't, so they qualify for level 4 of the PCI Compliance scale. That results in a Self Assessment Questionnaire (SAQ) Validation type of "4". Higher validation types are subject to stricter security standards.
The Self-Assessment Questionnaire will ask you all sorts of technical questions about your network and security procedures. Do you have a firewall? Are all of your transactions encrypted? Do you use anti-virus software? Is credit card information properly restricted to authorized staff?
Depending on your network, you might already comply with a lot of the requirements. If you don't, then it might require a significant investment to get there.
What will happen if I ignore this?
This isn't government regulation (although your state might have laws in place that do mandate some similar response). participation is mandatory. But, should your security be breached, two things will happen:
1. The compliance requirements for your organization will be reassessed to level one or two, and they'll be much more costly and complicated to meet. The credit card companies might decline to do business with you if you don't comply. Can you afford to not take Visa?
2. You will likely be indirectly fined for non-compliance. The credit card companies will hold your bank liable for losses due to credit card theft in situations where your security was substandard. Your bank will likely pass that fine on to you.
So what's the easiest way to deal with this?
Simple: don't handle credit cards. There are a number of services that, for a price, will do this for you, from Paypal and Google Checkout to CharityWeb and Blackbaud's BBNow. Outsourced ECRM software (NetCommunity, Convio, Democracy in Action, etc.) will also handle it. The cost is likely not as significant as that of maintaining compliance or suffering the consequences of a non-compliant breach.
I'll share that, at the Goodwill where I used to work, outsourcing wasn't an option, because we were both a charity and a retailer. Our frustration was not that we didn't have good security in place. It was that there were differences in how we had set up our security and the PCIDSS requirements. So, while we had done a lot of work and made significant investments, we still had to reconfigure things and spend more in order to be compliant. In addition to making our internal IT changes, we had to switch software programs in order to avoid storing credit cards unencrypted in our database, a typical problem. We also engaged a consultant. Once you are reasonably sure that you comply, then you must pay a security service to verify your efforts, another non-trivial expense.
Blackbaud has put together some good further reading on this topic (and they are one of the vendor's whose latest software is compliant; ask your eCRM vendor!).
In 2000, after spending 15 years at corporate law firms, I made a personal choice to start working for organizations that promote social good by reducing poverty and protecting our planet. I understood that this career move would put some serious brakes on what was a fairly spiraling rise in compensation - my salary tripled from 1993 to 2000. And that was fine, because, as I see it, the privilege of being compensated for doing meaningful work is compensation in it's own right.
We all know that we make less in this industry than we might in the commercial world, and we're all pretty okay with that. But how much, or how little, the discrepancy between "real world" and nonprofit salaries should be is a metric with little established thought behind it. We don't base our pay scales on any rationale other than what we determine others are paying and what we can afford. My concern is that, by not taking a strategic, reasoned approach to compensation, nonprofits are incurring far more unnecessary expense than they might, particularly when it comes to technology support, although these thoughts apply across the org chart.
The problem is that, when it comes to determining the market value of a nonprofit employee, we often go to nonprofit salary surveys, such as the one put out by NTEN and the Nonprofit times. But job seekers don't read those surveys. In San Francisco or New York, a good System Administrator can make $70-80k a year at a for-profit. Even if they come in to your org understanding that they aren't going to be offered the market pay ($75k), they have an expectation that they'll either be on the low end of it ($70k), or within 10% of it ($67.5k). The recent NTEN Staffing Survey puts the average nonprofit Sysadmin salary at $52k, which is about 75% of that market. So, given this scenario, here are my questions:
How many excellent candidates are eliminated from consideration because they can't afford to take a 25% pay cut?
Of the ones who can afford that pay, how many can afford it because they aren't qualified for the work required?
How many can afford it because they have other primary income sources, and therefore can take a low paying job and not feel very committed to it?
If a good Sysadmin takes a job at that rate, how long will it be before they decide that they need more money and leave?
What is the impact of having a heavy rotation among the staff that maintain and upgrade your technology?
What is the impact of having of having often empty critical IT positions?
But, let's get really into this. Unless the IT people that are hired at the 75% rate are extremely mature, then they might have some of the common failings of immature Sysadmins:
Many are often controlling and secretive. I've been in multiple situations where I've come into an organization and learned that the prior IT staff left with the key system passwords. I've also seen numerous situations where the IT staff left en masse.
Most Sysadmins are lousy about writing things down. What is the ramp-up time for your new staff when they have to research and guess how everything works on arrival?
The general instinct of a new IT person is to rip everything out and install their favorite things. Got Windows? They like Linux. Got Word? They like Google Docs. They don't necessarily understand that one platform is much like another, but imposing massive change on an organization can be dangerously disruptive.
Technology candidates need to be assessed not only for their technical skills, but also for their attitude and maturity. A very sharp tech, who can answer all of your Outlook questions, might have little patience for documenting his or her work or sharing knowledge with other technical staff. And those skills are the ones that will allow you to transition more smoothly when the tech leaves.
Mission is a motivator, and it has value that can be factored in to overall compensation, but not to the point where it's so unattractive that it knocks the pool of candidates down to a pool of uncommitted or desperate ones. The impact of paying poorly isn't isolated to the salary bucket on the balance sheet. In many cases, particularly with technology, it's tied directly to the ability to operate.
My esteemed colleague Michelle Murrain lobbed the first volley in our debate over whether tis safer to host all of your data at home, or to trust a third party with it. The debate is focused on Software as a Service (SaaS) as a computing option for small to mid-sized nonprofits with little internal IT expertise. This would be a lot more fun if Michelle was dead-on against the SaaS concept, and if I was telling you to damn the torpedos and go full speed ahead with it. But we're all about the rational analysis here at Idealware, so, while I'm a SaaS advocate and Michelle urges caution, there's plenty of give and take on both sides.
Michelle makes a lot of sound points, focusing on the very apt one that a lack of organizational technology expertise will be just as risky a thing in an outsourced arrangement as it is in-house. But I only partially agree.
Security: Certainly, bad security procedures are bad security procedures, and that risk exists in both environments. But beyond the things that could be addressed by IT-informed policies, there are also the security precautions that require money to invest in and staff to support, like encryption and firewalls. I reject the argument that the data is safer on an unsecured, internal network than it is in a properly secured, PCI-Compliant, hosted environment. You're not just paying the SaaS provider to manage the servers that you manage today; you're paying them to do a more thorough and compliant job at it.
Backups: Many tiny nonprofits don't have reliable backup in place; a suitable SaaS provider will have that covered. While you will also want them to provide local backups (either via scheduled download or regular shipment of DVDs), even without that, it's conceivable that the hosted situation will provide you with better redundancy than your own efforts.
Data Access: Finally, data access is key, but I've seen many cases where vendor licensing restricts users from working with their own data on a locally installed server. Being able to access your data, report on it, back it up, and, if you choose, globally update it is the ground floor that you negotiate to for any data management system, be it hosted or not. To counter Michelle, resource-strapped orgs might be better off with a hosted system that comes with data management services than an internal one that requires advanced SQL training to work with.
Where we might really not see eye to eye on this is in our perception of how 'at risk" these small nonprofits are, and I look at things like increasing governmental and industry regulation of internal security around credit cards and donor information as a time bomb for many small orgs, who might soon find themselves facing exorbitant fines or criminal charges for being your typical nonprofit, managing their infrastructure on a shoestring and, by necessity, skimping on some of the best practices. It's simple - the more we invest in administration, the worse we look in our Guidestar ratings. In that scenario, outsourcing this expertise is a more affordable and reliable option than trying to staff to it, or, worse, hope we don't get caught.
But one point of Michelle's that I absolutely agree with is that IT-starved nonprofits lack the internal expertise to properly assess hosting environments. In any outsourcing arrangement, the vendors have to be thoroughly vetted, with complete assurances about your access to data, their ability to protect it, and their plans for your data if their business goes under. Just as you wouldn't delegate your credit card processing needs to some kid in a basement, you can trust your critical systems to some startup with no assurance of next year's funding. So this is where you make the right investments, avail yourself of the type of information that Idealware provides, and hire a consultant.
To me, there are two types of risk: The type you take, and the type you foster by assuming that your current practices will suffice in an ever-changing world (more on this next week). Make no mistake, SaaS is a risky enterprise. But managing your own technology without tech-savvy staff on hand is something worse than taking a risk - it's setting yourself up for disaster. While there are numerous ways to mitigate that, none of them are dollar or risk free, and SaaS could prove to be a real bang for your buck alternative, in the right circumstances.
Last week I had the thrill of visiting a normally closed-to-the-public Science Building at UC Berkeley, and getting a tour of the lab where they examine interstellar space dust collected from the far side of Mars. NASA spent five or six years, using some of the best minds on the planet and $300,000,000, to develop the probe that went out past Mars to zip (at 400 miles a second) through comet tails and whatever else is out there, gathering dust. The most likely result of the project was that the probe would crash into an asteroid and drift out there until it wasted away. But it didn't, and the scientists that I met on Saturday are now using these samples to learn things about our universe that are only speculative fiction today.
So, what does NASA know that we don't about the benefits of taking risks?
In my world of technology management, it seems to be primarily about minimizing risk. We do multiple backups of critical data to different media; we lock down the internet traffic that can go in and out of our network; we build redundancy into all of our servers and systems, and we treat technology as something that will surely fail if we aren't vigilant in our efforts to secure it. Most of our favorite adages are about avoiding risk: "It it ain't broke, don't fix it!" and "Nobody was ever fired for buying IB.. er, MicroSoft."
On Monday, I'll be presenting on my chapter of NTEN's Book "Managing Technology to Meet Your Mission" at the Nonprofit Technology Conference in San Francisco. My session, and chapter, is about mission-focused technology planning and the art of providing business-class systems on a nonprofit budget. That's certainly about finding sustainable and dependable options, but my case is that nonprofits, in particular, need to identify the areas where they can send out those probes and gamble a bit. For many nonprofits, technology planning is a matter of figuring out which systems desperately need upgrading and living with a lot of systems and applications that are old and semi-functional. My case is that there's a different approach: we should spend like a regular business on the critical systems, but be creative and take risks where we can afford to fail a bit, on the chance that we'll get far more for less money than we would playing it "safe" with inadequate technology. It's a tough sell, yes, but I frame it in my belief that, when your business is changing the world, your business plan has to be bold and creative. As I mention often, the web is, right now, a platform rife with opportunity. We will miss out on great chances to significantly advance our missions if we just treat it like another threat to our stability.
We need stable systems, and we often struggle with inadequate funding and the technical resources simply to maintain our computer systems. I say that, as hard as that is, we need to invest in exploration. It's about maximizing potential at the same time as you minimize risk. And its all about the type of dust that you want to gather.
My big post contrasting full blown Microsoft Exchange Server with cloud-based Gmail drew a couple of comments from friends in Seattle. Jon Stahl of One/Northwest pointed out, helpfully, that MS sells it's Small Business Server product to companies with a maximum of 50 employees, and that greatly simplifies and reduces cost for Exchange. After that, Patrick Shaw of NPower Seattle took it a step further, pointing out that MS Small Business Server, with a support arrangement from a great company like NPower (the "great" is my addition - I'm a big fan), can cost as little as $4000 a year and provide Windows Server, Email, Backup and other functions, simplifying a small office's technology and outsourcing the support. This goes a long way towards making the chaos I described affordable and attainable for cash and resource strapped orgs.
What I assume Npower knows, though, and hope that other nonprofit technical support providers are aware of, is that this is the outdated approach. Nonprofits should be looking to simplify technology maintenance and reduce cost, and the cloud is a more effective platform for that. As ReadWriteWeb points out, most small businesses -- and this can safely be assumed to include nonprofits -- are completely unaware of the benefits of cloud computing and virtualization. If your support arrangement is for dedicated, outsourced management of technology that is housed at your offices, then you still have to purchase that hardware and pay someone to set it up. The benefits of virtualization and fast, ubiquitous Internet access offer a new model that is far more flexible and affordable.
One example of a company that gets this is MyGenii. They offer virtualized desktops to nonprofits and other small businesses. As I came close to explaining in my Lean, Green, Virtualized Machine post, virtualization is technology that allows you to, basically, run many computers on one computer. The environmental and financial benefits of doing what you used to do on multiple systems all on one system are obvious, but there are also huge gains in manageability. When a PC is a file that can be copied and modified, building new and customized PCs becomes a trivial function. Take that one step further - that this virtual PC is stored on someone else's property, and you, as a user, can load it up and run it from your home PC, laptop, or (possibly) your smartphone, and you now have flexible, accessible computing without the servers to support.
For the tech support service, they either run large servers with virtualization software (there are many powerful commercial and open source systems available), or they use an outsourced storage platform like Amazon's EC2 service. In addition to your servers, they also house your desktop operating systems. Running multiple servers and desktops on single servers is far more economical; it better utilizes the available server power, reducing electricity costs and helping the environment; and backups and maintenance are simplified. The cost savings of this approach should benefit both the provider and the client.
In your office, you still need networked PCs with internet access. But all you need on those computers is a basic operating system that can boot up and connect to the hosted, virtualized desktop. Once connected, that desktop will recognize your printers and USB devices. If you make changes, such as changing your desktop wallpaper or adding an Outlook plugin, those changes will be retained. The user experience is pretty standard. But here's a key benefit -- if you want to work from home, or a hotel, or a cafe, then you connect to the exact same desktop as the one at work. It's like carrying your computer everywhere you go, only without the carrying part required.
So, it's great that there are mission focused providers out there who will affordably support our servers. But they could be even more affordable, and more effective, as cloud providers, freeing us from having to own and manage any servers in the first place.
If your nonprofit has 40 or more people on staff, it's a likely bet that you use Microsoft Exchange as your email server. There are, of course, many nonprofits that will use the email services that come with your web hosting, and there are some using legacy products like Novell's Groupwise or Lotus Notes/Domino. But the market share for email and groupware has gone to Microsoft, and, at this point, the only compelling up and coming competition comes from Google.
There are reasons why Microsoft has dominated the market. Exchange is a mature and powerful product, that does absolutely everything that an email system has to do, and offers powerful calendaring, contact management and information sharing features on top of it. A quick comparison to Google's GMail offering might look a bit like "Bambi vs. Godzilla". And, as Michelle pointed out the other day, GMail might be a risky proposition, despite it being more affordable, because it puts your entire mail store "in the cloud". But Gmail's approach is so radically different from Microsoft's that I think it deserves a more detailed pro/con comparison.
Before we start, it's important to acknowledge that the major difference is the hosted/cloud versus local installation, and there's a middle ground - services that host Exchange for you - Microsoft even has their own cloud service. If you are evaluating email platforms and including GMail and Exchange, hosted Exchange should be weighed as an additional option. But my goal here is to contrast the new versus the traditional, and traditional Exchange installations are in your server room, not someone else's.
Server Platform
Installing Exchange is not a simple task. Smaller organizations can get away with cheaper hardware, but the instructions say that you'll need a large server for mail storage; a secondary server for web and internet functions, and, most likely, a third server to house your third party anti-spam and anti-virus solutions. Plus, Exchange won't work in a Linux or Novell network - there has to be an additional server running Microsoft's Active Directory in place before you can even install it. It can be a very stable product if you get the installation right, but getting it right means doing a lot of prep and research, because the slim documents that come in the box don't prepare you for the complexity. Once you have it running, you have to run regular maintenance and keep a close watch - along with mailbox limits - to insure that the message bases don't fill up or corrupt.
GMail, on the other hand, is only available as a hosted solution. Setup is a matter of mapping your domain to Google's services (can be tricky, but child's play compared to Exchange) and adding your users.
Win - GMail. It saves you a lot of expense, when you factor in the required IT time and expertise with the hardware and software costs for multiple servers.
EMail Clients
Outlookhas it's weaknesses - slow and obtuse search, poor spam handling, and a tendency toward unexplained crashes and slowdowns on a regular basis. But, as a traditional mail client, it has a feast of features. There isn't much that you can't do with it. One of the most compelling reasons to stick with Outlook is it's extensibility. Via add-ons and integrations, Outlook can serve as a portal to applications, databases, web sites and communications. In a business environment, you might be sacrificing some key functionality without it, much as you often have to use Internet explorer in order to access business-focused web sites.
But where Outlook is a very hefty application, with tons of features and settings buried in it's cavernous array of menus and dialog boxes, Gmail is deceptively uncluttered. The truth is that the web-based GMail client can do a lot of sophisticated tricks, including a few that Outlook can't -- like allowing you to decide that you'd rather "Reply to All" mid-message -- and some that you can only do with Outlook by enabling obscure features and clicking around a lot, like threading conversations and applying multiple "tags" to a single message. Gmail is the first mail client to burst out of the file cabinet metaphor. Once you get used to this, it's liberating. Messages don't get archived to drawers, they get tagged with one or more labels. You can add stars to the important ones. It's not that you can't emulate this workflow in Outlook, it's that it's fast and smooth in GMail, and supported by a very intelligent and blazingly fast search function. Of course, if that doesn't float your boat, you can always use Outlook - or any other standard POP3 or IMAP client - to access GMail.
Win - GMail. It's more innovative and flexible, and I didn't even dig deep.
Availability
Exchange, of course, is not subject to the vagaries of internet availability when you're at the office. Mind you, much of the mail that you're waiting to receive is. And Outlook - if you run in "Cached mode" - has had offline access down for ages. GMail just started experimenting with that this week. If you're not in the office, Exchange supports a variety of ways to get to the mail. Outlook Web Access (OWA) is a sophisticated web-based client that, with Exchange 2007 and IE as the browser, almost replicates the desktop Outlook experience. OMA is a mobile-friendly web interface. And ActiveSync, which is supported on many phones (including the iPhone) is the most powerful, stable and feature-rich synchronization platform available. Exchange can do POP and IMAP as well, and also supports a VPN-like mode called Outlook Anywhere (or HTTPS over RPC).
GMail only supports web, pop and IMAP. There's a mobile GMAIL app which is available on more phones than Activesync is, but it isn't as robust or full featured as Microsoft's offering.
So, oddly, the Win for remote access goes to Microsoft over Google, because Microsoft's offerings are plentiful and mature.
Business Continuity
So, not to belabor this, Exchange is well supported by many powerful backup products. In cached mode, it mirrors your server mailbox to your dektop, which is additional redundancy.
GMail is in the cloud, so backup isn't quite as straightforward. Offline mode does some synchronization, like Exchange's cached mode, but it's not 100% or, at this point, configurable. Prudent GMail users will, even if they don't read mail in it, set up a POP email program to regularly download their mail in order to have a local copy.
Win - Microsoft
Microsoft also Wins the security comparison - Google can, and has, cut off user's email accounts. There seem to have been good reasons, such as chasing out hackers who had commandeered accounts. But keeping your email on your backed-up server behind your firewall will always be more secure than the cloud.
But I'd hedge that award with the consideration that Exchange's complexity is a risk in itself. It's all well and safe if it is running optimally and it's being backed up. But most nonprofits are strapped when it comes to the staffing and cost to support this kind of solution. If you can't provide the proper care and feeding that a system like Exchange requires, you might well be at more risk with an in-house solution. The competence of a vendor like Google managing your servers is a plus.
Finally, cost. GMail wins hands down. The supported Google Apps platform is free for nonprofits. Microsoft offers us deep discounts with their charity pricing, but Dell and HP don't match on the hardware, and certified Microsoft Administrators come in the $60-120k annual range.
So, in terms of ease of management and cost, GMail easily wins. There are some big trade-offs between Microsoft's kitchen sink approach to features and Google's intelligent, progressive functionality, and, in well-resourced environments, Microsoft is the secure choice, but in tightly resourced ones - like nonprofits - GMail is a stable and supported option. The warnings about trusting Google -- or any other Software as a Service vendor -- are prudent, but there are a lot of factors to weigh. And it's going to come down to a lot of give and take, with considerations particular to your environment, to determine what the effective choice is. In a lot of cases, the cloud will weigh heavier on the scale than the colossus.
Ah, it's the eternal question: how much should I expect to pay for a website? And how can I find out some answer other than "it depends" without actually building the sucker? It can be really difficult to define what communications approaches make sense for you when website costs appear to be all over the map.
Well, it does depend. If you want to hone in on a price, the best way is probably to get proposals from consultants or firms - not a fast process, but a pretty accurate one. But the general magnitude depends on factors that are knowable, so I thought I'd take a crack at defining what you could expect at each price level based on my experience. Note that this prices are approximate US market rate - so you might be able to find folks who will discount or volunteer for less, but these are what someone who's doing this full time might charge.
$1000 This is around the lowest market rate you're likely to find, and it won't buy you a lot. At this price, you might be able get an independent consultant, probably without a ton of experience, to whip out a 10-30 page static site, based on a templated graphic design and a very straightforward navigation scheme. You won't get something very branded to your organization, and you'll likely have to define precisely what you want up front, as this price wouldn't cover time to help you work through your needs to any substantial degree. You may well have trouble finding someone to work at this low end.
$5000 At this level, you could get a jack-of-all-website-trades independent consultant who makes a living building website to build a simple site tailored to your needs. It might cover a simple, custom graphic design, and potentially one or two simple features (like a simple event calendar). There still wouldn't be a lot of time for strategy or feature definition, but you could expect a bit more customer service from the consultant. Note that a jack-of-all-website-trades consultant is likely to be, as the aphorism says, a master of none. Top quality websites are typically designed and built by a team of people - perhaps a graphic designer, a navigation expert, a content specialist, a design implementer, and an serious programmer. A jack-of-all-trades isn't likely to be an expert in all of those things, so it will be important to see a portfolio to judge their skills in the areas important to you.
$15,000 We're now getting into the realm of solid, scalable, strategic websites. It would cover an independent consultant, a team of consultants working together, or a small firm, in building a site on a solid infrastructure (like a content management system) with some strategically chosen features beyond simple text and images. It also might cover a very simple, basic site from a top consultant or firm - something very small but expertly crafted and designed. The budget would now cover some up-front help from the consultant in figuring out your needs.
$50,000 A lot opens up in this price range. This could be a fairly sophisticated site from a small firm, or a straightforward site by one of the top firms in the country, with some substantial strategic guidance.
$100,000 This is a solid budget for most large websites. Very sophisticated web applications or huge sites could certainly cost more (potentially much more!), but for $100,000 you could hire a top nonprofit internet consulting firm to create a robust site. At this level, your consultants can also help guide you through decision making, and shepherd decisions through internal politics and disputes - you're getting a strategic partner in addition to just someone to implement a site.
So that's my experience with website costs. Others want to share their experience?
Subscribe through Feedburner