As UK CIO for the Christian homelessness charity The Salvation Army, Martyn Croft knows the importance of getting the most from a lean IT budget.
The Salvation Army is one of the 10 largest charities in the UK and is primarily focused on providing shelter and help for the homeless, typically aiding about 6,000 people in Britain at any one time.
Croft’s mission is to squeeze every bit of value from an IT budget that accounts for no more than one to two per cent of the charity’s UK income, which stood at £237m for the 2008/09 financial year.
“A lot of charity IT departments are very good at doing their best with little resource,” he told silicon.com at the recent Infosecurity Europe 2010 conference in London.
“The trick is always to deliver value for money because if you can’t deliver that value for money, then we are diverting funds away from the mission,” he said.
The charity has already heavily invested in server virtualisation – a process that has allowed The Salvation Army to minimise its datacentre footprint.
“The majority of our social services operation, which has about 2,000 thin client users, is served by a server farm with about 10 servers in it. It’s a good rate of return,” he said.
With thrift the order of the day and 4,000 staff within the charity using desktops or laptops to carry out their work, Croft is considering whether the charity could reduce the amount of computers it buys by letting staff use their own machines at work.
It’s an approach that Croft anticipates could yield a hefty saving.
“We are getting into the area where computers are commodity items – as a CIO should I be spending my pounds on providing desktops and laptops? The rule of thumb is that a laptop’s lifetime is about 18 months, so that becomes an expensive resource,” he said.
Apart from the cost savings, Croft said staff are increasingly frustrated at having to use work PCs that are less powerful and capable than the machines that they have at home.
“You have people asking ‘What’s this on my desk? I’ve got something five times better at home’. That’s difficult to defend these days,” he said.
“There is a coming day where we will say, ‘If you want to bring your own computer with you, we will facilitate that access’.”
For Croft the main hurdle stopping him from routinely allowing staff to use their own PCs at work today is…
…the danger of sensitive data leaking outside the organisation’s boundaries.
“Traditionally people have used VPNs and connected their machines to an organisation’s network. What’s the first thing they will do? Download a spreadsheet or a copy of a report and now all of a sudden there’s a copy of the organisation’s data on their home PC. That’s not security 101 is it?” he said.
The Salvation Army has already invested in a SSL-VPN, a secure network connection that allows staff to remotely access the corporate network, and one that is set up to only allow staff to read files and not to save them to their home machine.
If all goes to plan Croft wants charity staff to be able to start using their own computers at work on a regular basis by the end of the year.
Croft plans to make it easy for staff to use their own PCs at work by introducing a virtual desktop infrastructure – where staff use the internet to log onto a virtual desktop that is hosted on a server within The Salvation Army’s datacentres.
Staff will be able to load programs and save files as they would on a physical PC, but instead of saving files to the hard drive of the machine being used, they are saved to The Salvation Army’s servers.
Not all security concerns for The Salvation Army are internal, however – fraudsters also have their eye on the organisation.
Like many charities, The Salvation Army’s online donation service finds itself being used by cybercriminals to check whether stolen credit card details can still be used to make purchases.
Croft says the cybercriminals will make small online donations of a couple of dollars at a time to the charity on a “daily basis” as they test out financial details.
“You see repeated donation attempts from the same IP address and see the result from the card verification service that says declined, declined, declined, accepted – you see the same patterns,” he said.
“Talk to anyone who works in charities and they are all aware of it. Occasionally some of the crooks are quite generous, giving $100 or $200 – after all, it’s not their card is it?” he said.
Despite the patterns Croft said it’s difficult for the charities and the authorities to weed out every bogus transaction of this nature, because the donations are so many and varied that “they are under the radar”.
However Croft believes that more could be done by authorities to…
…make use of this information to flag up card fraud at an early stage.
“It could be harnessed as an early warning system – it’s almost a precursor to card fraud,” he said.
To try and tackle the information security issues facing charities in the UK, Croft has co-founded the Charities Security Forum, a group where CIOs and chief security officers can share good security practice in the third sector.
Croft’s tech work is not just confined to charity staff, however: as more and more services move online, The Salvation Army sees providing education about how to access the web and find help online as being a core part of its mission.
“These days if you are not e-literate, if you can’t get onto the internet then you haven’t got a life – that’s the stark reality,” Croft said.
Computer access centres have been established at about 10 per cent of the charity’s 83 UK hostels, now known as LifeHouses.
Each access centre has about six PCs that tenants can use, and the charity is starting to train staff how to teach tenants basic computer and web skills during their stay, which typically lasts up to six months.
“For example we want to show them how to find out what housing benefits they are entitled to or how to register to vote,” Croft said.
Top of Croft’s to-do list is to start working with the digital inclusion champion, Martha Lane Fox, who has set the government a target of getting an additional 10 million people online by 2012.
“I think that the whole digital inclusion agenda is very important and that we have a duty to get these people on the internet,” he said.
Despite the security challenges and the need to make a small amount of money go a long way, Croft says he enjoys working in a sector where the goal is about more than just guaranteeing a return for shareholders.
“The unique thing about the charity sector is that we will take your credit card number and in return we will give you a warm, fuzzy feeling,” he said.