Everyone is talking about data in the cloud and cloud computing in general. The cloud is nothing more than a location and the business processes on the ground are just as important.
Speaking today during the 2013 Risk Summit, presented by the Nonprofit Risk Management Center, Peter Persuitti of Arthur J. Gallagher and Deacon Bill Koniers of CathoNet explained that the decision is only partially about technology. The key is the ability to benchmark across multiple offices and even multiple people in the same building and develop the analytics needed for decision-making.
There is a fine line, Persuitti said, of “where you can build capacity and where you should align with others” such as third-party providers of technical services. Said Koniers, “all it takes is one embezzlement to lose the trust of donors.”
The decision nonprofit managers have to make is whether cloud computing is a nice to have or need to have proposition, said Koniers. While it can save an organization a lot of up-front costs, he also cited complexities of the new healthcare rules as a reason to outsource via the cloud to a payroll firm.
Cloud processes should put an end to what they called “pain points.” One such pain point is the need to physically assist an affiliate miles away or delayed data which stalls decisions. Another issue is inconsistent data.
Security is always questioned when talking about cloud computing, a process in which data and often applications reside elsewhere. There are at least two items to determine. First, make sure that the provider is Payment Card Industry-Data Security Standard (PCI DSS) compliant. That is a stand that allows for safe transfer of not just currency, but also data. The other question is the tier level of the data center’s security, with those consumer levels running from I to IV, with IV being the most secure.
Make sure that the provider does penetration testing. That’s a process where hackers are paid by the firm to try to find weaknesses.
When it comes to risk issues, Persuitti said that risk is more than doing something wrong. It is also not doing something that put an organization at a competitive disadvantage. He suggested that insurance policies be examined to determine coverage of data loss and breaches not just by the organization but also the cloud provider.