Jun 16 2022

Classy Collaborative 2022: How to Strengthen Your Nonprofit Technology Stack

Whether the goal is implementation or security, stakeholders using the technology tools daily need a place at the table.

Whether you’re fundamentally improving your approach to technology use or ensuring that your security doesn’t get compromised (creating problems for both you and your donors), it’s important to remember the human elements of technology strategy.

Bells and whistles may sound great, but ultimately the technology is used by people who may have needs beyond innovation. Those users were top of mind at this year’s Classy Collaborative conference, the in-person portion of which took place in Philadelphia this week.

Security Starts with Your Team

During a session on nonprofit security, Classy Vice President of Product Marketing Chris Silver highlighted the importance of building a strong security stack, speaking with officials from some of the company’s partners, including Stripe, GoFundMe, and Amazon Web Services (AWS).

“It’s really important that we have this whole layered system where we have many different angles on security, and everyone here provides a piece of that,” she said.

Click the banner below to receive exclusive industry content when you register as an Insider.

GoFundMe, a dominant player in the crowdfunding space, acquired Classy earlier this year.

GoFundMe Chief Information Security Officer John Downey explained that while there are some genuine security concerns for nonprofits, the issue can get overemphasized in the media due to improved messaging on the part of the security industry. He cited the marketing-heavy approach to widespread security vulnerabilities like Heartbleed and noted that solving these problems requires a methodical approach.

In terms of bad actors, “It’s kind of like people walking down the street, jiggling the handles on doors, checking and seeing if one is unlocked,” he said.

“What you need to do is look out for the opportunistic attacker who’s doing that to your organization. If you can do that, then you’re in a better place than a lot of people in the industry.”

Patrick O’Brien, a member of Stripe’s platforms team, pointed to the role that insider threats can play in damaging organizations, including leaking personally identifiable information (PII) onto the internet.

WHITE PAPER: Learn more about what mission-focused IT can do for your organization.

“Think about how your hiring practices are and how you can instill security in the teams that you’re hiring,” O’Brien said. “And then, when people leave, how do you contain all of that PII data that you have? Because a lot of times, what we end up seeing is things start to leak out when there’s attrition.”

Technology certainly plays a role in encouraging security. But the speakers emphasized being strategic with tech deployments — for example, implementing multifactor authentication for employees. (For those working within a tight budget, Google’s authentication system was cited as an effective choice.) Madhu Bussa, a senior solutions architect with AWS, noted that the risk of misconfiguration within infrastructure could compromise security.

Partnerships are also important to consider, O’Brien added, especially when working within regulations like the Payment Card Industry Data Security Standard or the General Data Protection Regulation.

“What I would probably do if I was in that same situation is probably try to partner with users and platforms that have the same values, and make sure that from a value perspective, security is something that they care about,” O’Brien said.

Building Strong Nonprofit Technology Stacks

Davis Moten, director of enterprise sales at Classy, led his own session at the conference, where speakers emphasized the need for close involvement in the tech implementation process.

Robbie Rusbuldt, vice president of marketing and business operations for the humanitarian aid organization Concern Worldwide, emphasized that organizational infrastructure should create efficiencies, not simply exist as an opportunity to use technology. “If you can’t connect it back to a business case, then why are you even doing it in the first place?” he said.

Rusbuldt and Caitlin Thomas, director of sales for the technology firm Arkus, each said that decisions about implementing customer relationship management systems and enterprise resource planning systems no longer rest solely with the IT department.

READ MORE: Learn why nonprofits should consider restructuring to support recurring donations.

This involves more stakeholders in the process, but it can also mean that leadership (who may not be as well-versed in the technology) may want buy-in. Thomas noted that it helps to discuss solutions with them in nontechnical terms.

“You want to go in to hear from them what they think the issues are, and then incorporate the technology into that, as opposed to ‘technology is going to solve all the problems,’ because it’s not. It's just a pretty big problem if you look at it that way,” Thomas said.

Rusbuldt added that it is important to find solutions that are built for long-term evolution.

“Your technology should allow you to be able to adapt,” Rusbuldt said. “If you’re spending all this time working things in and you find that your system can’t adapt, how are you going to be able to grow a business? It should have the capability to grow with you and not just be overly developed.”

Keep this page bookmarked for coverage of the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @ConnectAtCollab.

Photography by Ernie Smith

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.