Ask the Experts Webinar Video, Slides, Transcript

Presented Wednesday, January 22, 2020 – Transcript below

To download slides:

2020 Nonprofit Technology Trends Roundtable from Community IT Innovators

Join four Community IT Innovators experts for an “ask the experts” free-wheeling discussion–a nonprofit technology trends roundtable 2020 on trends we expect to deliver new impact this year.

Of course we touch on IT Cybersecurity at nonprofits, which will continue to be of urgent importance for our community, and an essential component of any technology strategy at nonprofits large and small. Community IT Innovators’ CTO cybersecurity expert Matt Eshleman covers emerging threats and the security measures to counter them, and discusses determining the real risks to your organization and the return on nonprofit investment in security.

Community IT Chief Operating Officer Johanny Torrico discusses her work with implementation of large multi-stakeholder tech projects, the tools available to assist in successful tech transitions, and answers your technology project implementation questions.

Cloud computing trends and the ways our clients are using cloud platforms such as Office365 and SharePoint to transform their file sharing, CRM management, and productivity while lowering costs will continue to be important in 2020. Director of IT Consulting Steve Longenecker presents insights from his experience with cloud computing implementations and trouble-shooting.

We also address up and coming technologies to watch, innovations to embrace, and technology management basics for any nonprofit operating in 2020.

As with all our webinars, this presentation is appropriate for an audience of varied IT and security experience.


Johanny Torrico is currently Chief Operating Officer, leading the largest team at Community IT.  She joined Community IT in December 2006 after serving as Director of Technology for The National Association of People with AIDS (NAPWA) for nearly four years. During her tenure at Community IT, Johanny has mastered every role she took on including network administrator, network engineer, and service manager. She is currently Chief Operating Officer, leading the largest team at Community IT.  And she still enjoys providing technical support to our clients, participating in our professional services team, and implementing technical solutions.

Johanny holds a B.S. in Computer Information Systems. She is a VMWare Certified Professional and recently became a Microsoft Certified IT Professional for Office 365.

As Director of IT Consulting, Steve Longenecker divides his time at Community IT between project managing client projects and consulting with clients on IT planning. Steve’s appreciation for working at Community IT Innovators is rooted in respect for the company’s dream and vision, and for the excellent colleagues that the dream and vision attract. Steve is MCSE certified. He has a B.A. in Biology from Earlham College in Richmond, IN and a Masters in the Art of Teaching from Tufts University in Massachusetts.

Sharing expertise in the nonprofit technology trends roundtable 2020 –as every January–is always something he looks forward to.

As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy in assessing and recommending technology solutions to clients. With a deep background in network infrastructure technology he fundamentally understands how technology works and interoperates both in the office and in the cloud.

Matt has dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University and received his MBA from the Carey School of Business at Johns Hopkins University.

Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference and Non-Profit Risk Management Summit.


  1. 2020 IT Trends Webinar Series January 2020
  2. Presenter Johanny Torrico COO
  3. Presenter Steve Longenecker Dir IT Consulting
  4. Presenter Matthew Eshleman CTO
  5. About Community IT Advancing mission through the effective use of technology. 100% Employee Owned
  6. Agenda 1. Cloud/Digital Transformation 2. Office 365 trends 3. Cybersecurity trends 4. Grab bag
  7. Cloud/Digital Transformation A buzz word?
  8. Cloud Transformation Is still trending!
  9. Cloud Transformation Complexity Technology People and Process
  10. Complexity Expertise! Multi-cloud Solutions Hybrid environments Cloud Administration / Management Security and Governance
  12. Server-less Offices Azure-AD join computers Mac OS in the enterprise Email and Files in the cloud Mission critical application in the cloud
  13. Mobility Personal devices Cloud phones Video conferencing
  14. Security Identity Data encryption Cloud backups
  16. Office 365 Trends
  17. Adoption of Office 365 Services Continues to Grow Email migration projects are mostly done. Migrating file sharing to SharePoint and OneDrive is our area of greatest Office 365 project growth.* Office 365 for Single Sign-On (SSO) services is “second.” Microsoft Teams adoption is coming. *Not counting Multifactor Authentication (MFA) implementations
  18. Office 365 Licensing: A Moving Target • The 50 free EM+S licenses benefit disappeared. • Microsoft 365 Business is a new SKU we recommend. • One way or another, plan to license Office Desktop Suite through Office 365 subscriptions.
  19. Office 365 An Opportunity to Improve Security • SSO • MFA • DLP • Intune • ATP
  20. File Server -> Office 365 Migrations are Getting Easier The Microsoft provided SharePoint Migration Tool is good enough for most cases. Adoption is relatively easy. Some pain points remain: • Excel file paths longer than 218 characters are a problem • Hyperlinks between Excel workbooks are sometimes an issue • Interactions with hosted legacy systems (Raiser’s Edge, Great Plains, etc.) can require workarounds Large scale reorganization of existing SharePoint architecture still calls for 3rd party tools
  21. Microsoft Teams “Outlook for teams” Replacement for Zoom (adding callback numbers is inexpensive) Replacement for Slack Wrapper for SharePoint File Sharing Still maturing
  22. Cybersecurity Trends
  24. Maturation of Cybersecurity Platforms Lots of good tools to combat threats A couple of Sentinels • Barracuda SentinelAzure Sentinel Pricing is more competitive
  26. Grab Bag Mac support continues to be a challenge Mobility / virtual office has unique requirements State sponsored interest in Policy Organizations
  27. Upcoming Webinar Does your organization need a better technology roadmap? Tuesday February 25th 1:00 – 2:00 PM EST
  28. Questions?


Nonprofit Technology Trends Roundtable 2020

Johanny Torrico:  Well, welcome to the First Community IT Innovators’ webinar of this year. Thank you for joining us today. This month, as we have done for the past eight years now, I believe, we will review our picks for this year’s IT trends for nonprofit organizations.

My name is Johanny Torrico. I’m the Chief Operating Officer of Community IT and today’s moderator. I will join my two colleagues in presenting today’s webinar. 

Steve Longenecker: I am Steve Longenecker, Director of IT Consulting at Community IT

Johanny Torrico: We would like to tell you a little bit more about our company. Community IT is a 100% employee owned company. 

Our team of almost 40 staff is dedicated to helping nonprofit organizations advance their missions through the effective use of technology. We are technology experts and we have been consistently named a Top 200 North American Managed Service Provider by MSP Mentor. 

With that, I would like to go ahead and kind of go through our agenda. First let me just make sure we can hear Matt.

Matt Eschlemann:  All right, can you hear me now?

Johanny Torrico:  There we go, yeah.

Johanny Torrico: All right, sorry about that, you know, always you have a glitch or two, and it happened today, when it’s kind of my first time moderating the webinar but, it’s all good. 

Let me jump to the agenda: 

But, before we start, I would like you to remind you all if you have questions, that you would like us to answer or comments you’d like to share with us, please use the chat feature in GoTo webinar. We’ll try to answer them throughout the webinar. We’ll try to leave some time at the end for questions and answers. Also, just to remind you that the slides in the recording of today’s webinar will be posted on our website and uploaded to our YouTube channel.

(4:10) Let’s start by talking a little bit about digital transformation. Many of you have probably heard this term, “digital transformation,” and you are probably confused by it or tired of it. 

Digital transformation has really become a buzzword. When I was preparing for this webinar, Steve and I were talking and he mentioned that digital transformation is not new and he is right. Digital transformation, it’s a very active topic these days but, this was also true back in the 1990s and again in the mid 2000’s. 

And really if you think about it, we have started kind of making use of websites for example to connect companies and their customers. We moved to using computers, we use file servers and kind of networking instead of paper or productivity suites. Then came social media etcetera so, you see the pattern here. Digital transformation is a big term, and in this age, when you talk about digital transformation, sometimes you’re mainly talking about the internet of things or artificial intelligence. Practically all digital transformation initiatives of today are being built on different platform technologies and solutions including mobile, Cloud, Big data, Analytics.

So, I think, a more relevant term for organizations is “Cloud transformation” and I believe the definition of Cloud transformation lays on what it means for you, what it means for your organization to go through this transformation. This transformation in my mind is unique to your — to each organization’s needs; and the success of this transformation, in my opinion, depends on three key aspects: people, process and technology. 

(6:15) What is your intent? What is your goal? Is it cost savings? Is it automation of critical business processes to gain efficiencies? Is it focused on fostering better seamless collaboration among your users? Which technology or technologies, for that matter, will help you reach those objectives?

In my mind, the Cloud is still trending, as organizations continue to look at Cloud solutions as a way to respond to the organization’s strategic objectives. Be in remote access, be in collaboration, minimizing the footprint, what have you– I think, we all can agree that, the Cloud is here to stay and many items of Cloud transformation will continue to trend for years to come.

(7:00) So my opinion, the trends I’m seeing around Cloud transformation are; 

(7:34) So, let’s jump and start talking about complexity and what you mean by that. When organizations first began migrating to the Cloud, their decision-making process was a bit, kind of black and white. There were fewer vendors in the marketplace, there were ways to customize offerings. 

Now, we have options like to merge public and private Clouds into one environment like, you know, Azure or AWS or even VMware that make our Cloud environments more complex and require more resources and personnel to manage than organizations originally had expected. What we are seeing now is organizations using multiple Cloud providers to meet different technical or business requirements. 

We are seeing more and more organizations using Office 365 for email as we know, moving files to SharePoint.  Organizations are also leveraging Microsoft Azure to house critical mission services and Cloud servers in Azure.  That might be because the vendors don’t have a Cloud solution available yet or it might be because of compliance/regulations reasons, by the states or country or you know, where — based on these regulations, you need to keep your data inside your network. We have seen organizations start using more and more Salesforce, for example, or Teams or Slack for collaboration and some other Cloud applications and adding more and more Cloud services to talk to each other.

(9:17) So all these things create complexity and the need for additional expertise, that many times, organizations don’t have and they need to outsource. So given the level of complexity that Cloud transformation is adding, we’re seeing organizations looking for IT providers that can help them develop a Cloud strategy that can help them with their deployment, migrating to the Cloud or overall management capabilities. And we are also seeing that these organizations are kind of, being more thoughtful in terms of picking their providers because, they want to kind of, have a provider or prefer to have a provider, where they can keep a long term IT partnership and build trust.

I believe also that we will continue to see organizations needing Cloud expertise and Cloud generalists to help them administer their different Cloud solutions. I think another thing to keep in mind is the increasing need for Cloud security. 

So you have different Cloud services and that means different credentials. So that’s when you see single sign-on solutions come to play. That can help automate this and ease some of this friction. 

There is also the governance piece.  Without governance, you will quickly find your Cloud environment is spiralling out of control, between the pace of change environments, new services being adopted and the use of rapid growth in many Cloud environments, there is no way you and your team can keep up without a governance strategy. 

So, for example, without governance, you might keep an out-of-commission server in the Cloud unpatched and exposed to hackers or without an on-boarding, off-boarding policy, you may end up with unnecessary data from files and email from former staff.  For many nonprofit organizations, Office 365 offers some free storage, but without governance, this data can creep up adding to your costs. 

(11:44) So, there are also changes in IT infrastructure and technology overall as a result of these Cloud transformations. We are seeing more and more serverless offices as they move the critical services to the Cloud. We’re seeing some trends about users mobility needs overall and more security technologies trending as a result of this transformation. 

(12:16) So, let’s unpack the serverless offices. As I said, as critical services move to the Cloud, the footprint in an office shrinks more and more to the point where there is no need for a server. And in our experience this depends on the size and unique needs of an organization. So, there is an office where there is not a centralized authentication mechanism. 

So, that means, each user has a local access to his or her computer and now given that files, email and everything else needed is in the Cloud, there might not be a need for shared resources. The management of this type of environment, which we call work groups, the management on that can be challenging for IT. But, if you have an IT provider, they have kind of centralized tools and agents that will help automate some of the tasks in a centralized way.

There is another trend we’re seeing more and more where organizations are leveraging Office 365, Azure, active directory or directory services to play the role of an authentication server. So, with Windows 10, the process of joining workstations to a Cloud, Azure domain has gotten a lot easier. And I think Microsoft continues to improve fundings. And basically, what this means is that, instead of joining your computers to your local domain server, it is actually joining those computers to your Cloud instance and Office 365 Azure directory.

This gives organizations the ability to centralize directory services in the Cloud, just like they did in the past to manage their users, groups and passwords. 

(14:08) Another thing that we are seeing is more Macs being used in the enterprise.  The end user experience of Macs in the Windows world is better  because Microsoft and other Cloud services — providers are generally committed to Mac clients. And because, many of these Cloud services, you know, are provided through the browser anyway which work mostly the same in Windows and Macs.

We believe also that for an organization with heavy Mac usage, it might be necessary to have an IT provider that helps the organization manage all their Macs in a centralized way or have their IT department employ a Macs management solution. And again, these require a higher level expertise that we spoke about earlier. 

Mac management, I would say, it’s important because, of things like, the need for laptop encryption, managing encryption keys, patch maintenance etcetera and Mac management can be expensive in our experience. And it’s basically because there are special tools required.  Macs are meant to be for the end user and not so much for the enterprise and that makes it a little bit difficult. 

The move to the Cloud continues, you know, more organizations have already migrated email to the Cloud and I think we are now seeing organizations kind of, looking at moving their files to the Cloud especially SharePoint.  This we’ll talk more about – files and SharePoint

(15:58) All that Critical Mission Services are also making the move to the Cloud. We have seen that with Server 2008 going away, our clients are either opting for Azure 80 Joint Windows Computers or moving their servers to Azure. We are seeing more CRM and finance applications being moved to the Cloud. These transitions from legacy solutions to these Cloud Solutions can be difficult and will definitely require you to review your compliance regulations or will require planning but, we’re seeing this happening more and more.

(16:41) Some other trends we’re seeing are around mobility and I think Matt also has a slide on this.  We will talk more about it but, we’re seeing more organizations kind of, willing to allow personal devices. These organizations are focusing on, bring your own device or BYOD strategies and reviewing their IT policies and security policies to mitigate their impact especially around security risks associated with bringing personal devices to the office.

Another thing we are seeing is the evolution of VOIP Phone Providers. More organizations are making the switch to, what I call, Phone Cloud Services and I’m talking about RingCentral or Avaya.  These solutions continue to provide a desk phone, if a desk phone is needed. What we’re seeing is, the organizations are opting to use the softphone application for this, that’s our smartphones. These solutions, also include meeting platforms so, I think for example RingCentral, meeting — the meeting app for RingCentral, I think, sits on a Zoom platform so you have that capability also with this type of Cloud Phone Solution. 

Some others offer more integrated communication and collaboration and they also integrate with Salesforce.  We have seen integration with Slack, for example, with Avaya. So a lot of things pack into this Phone Cloud Services or Cloud Phone Services. 

One thing to watch out for in these types of projects though: they have a lot of things packed into them. They require a lot more project management and change management engagement than the typical phone migration.    If you’re thinking about it, make sure that you plan it out well and work with your IT provider  to help you navigate to these things. 

Lastly, with organizations well ahead of the Cloud Transformation and with a large Cloud footprint, we are also seeing users relying more and more on video conferencing. So, at Community IT for example, we have adopted Microsoft Teams. Steve is also, I think, talking about Microsoft Teams, but we use Teams, for example, for most of our team meetings. We’re seeing clients making the move to Zoom, and I think for the most part, Zoom has been dominating at least within our clients.

(19:44) Matt will talk more in-depth also about cybersecurity here and these points, but I will briefly touch on this. So, as you embark in the Cloud, I would say, mind your identity management.  With single sign-on solutions such as Azure or Okta, you can manage and automate some of the license nightmare with having multi-Cloud solutions, as well as manage the user authentication piece and the one password access. Also, Multi-Factor Authentication is another important piece to think about  and Matt will talk more about that. 

Data encryption is another item to consider. We are seeing more organizations turn this on, for Windows and Mac devices. The management of your encryption keys, I would say, can be a challenge but, there are tools that can help you with this if you have a Mac management solution or even a Microsoft Intune, I think  for Windows.

(20:52) And lastly, Cloud backups: I think for a long time, organizations thought about moving to the Cloud as also having some sort of backup solution attached to that service. And Cloud providers, let’s take Microsoft for example, will keep your data for, I don’t know, 30 days I think. But, after that period, that data is deleted.  So, if someone deletes a folder and you don’t notice after — until after six months, you’re probably out of luck.  We are seeing organizations realize a need for Cloud backups or the Office 365 Tenant or other Cloud applications that they are using that are critical. 

(21:38) And I think this is my last slide. I will briefly touch on this kind of slide, because this slide alone will probably make it for a full webinar given there is so much to unpack here. Moving to the Cloud is simple, right?  Not really, the technology piece might be simple. So, for example: enabling Multi-Factor Authentication in Office 365 is very simple, I think, two or three clicks and you’re done. But, what we have seen is the change management piece gets often overlooked because we think, the technology is so simple, it’s one, two, three and it’s done and not really. Without change management your Cloud project will fail miserably. This is definitely a trend, and something Community IT includes in Cloud projects: change management training, so don’t overlook that.

We touched briefly on governance and policy, and also on security in prior slides and Matt will add some more above that. But, I want to emphasize the importance of these two things. Especially, if anything, do these two things. Especially if you have multi Clouds: 

We are seeing slow progress on making these better in organizations but, they are catching up. Oh  and before I am going to hand over to Steve, there is a question that came in, that I wanted to take the time to answer. 

(23:40) The question was: “Should we move everything to the Cloud?” I think — and Steve you can add more during your time, but I think to me, it depends on the unique needs of the organization and the unique needs of — and data requirements of the organization. 

So for an organization where regulations are not in the way, and it’s very low key, I would say it’s a very appealing option, especially if Office 365, nonprofit pricing is at play. And there are other Cloud services offering nonprofit pricing as well; that might make this kind of, a cost-effective option. I would say, keep in mind the unique needs of the organization, don’t forget to think your Cloud strategy through and you need a good plan before, but I think it depends on the unique organization’s needs and data requirements also. 

And with that, I’m going  to hand it over to you Steve.

(24:48) Steve Longenecker:  Thanks Johanny. So, I was tasked to discuss Office 365 trends. It is a significant portion of our clients’ Cloud business.  So, the adoption of Office 365 services does continue to grow among our clients very much. I would say at this point, the email migration projects are done. We still have a handful a year, maybe even a couple a year where someone is moving from an on-premise exchange server, but that’s so seldom now.  The email migrations that we have now are more around an organization merging with another.  That happens; or an organization that for historical reasons was in Google mail and really, really wants… maybe has a new executive director… and that really wants to move to Office 365. 

So we have those kinds of migrations. But for the most part our clients have their email in either G Suite or Office 365. There’s very few that don’t at this point.  

Our big projects now or are moving file sharing from on-premise file servers to Cloud services and we do move clients not just to the Office 365, which is SharePoint OneDrive and, sometimes the Team’s wrapper on that. We also will help our clients move to Dropbox and far less frequently,  do we help clients move to G Suite and Google Drive. 

Our experience is that our clients are mostly unhappy with the experience of Google Drive. There’s a couple of exceptions: clients that are really driven by young folks, that would have grown up in the G Suite world through school are happy with G suite and certainly, the clients that we have that are schools like G suite for student use. 

But, for more traditional corporate-focused clients – not “corporate” in the sense that they’re not nonprofits –  but traditional nonprofits, particularly ones where everyone is used to using the Office Desktop Suite. Office 365, as a place to park your files is great because there’s really tight integration between Microsoft owns Office 365, they own SharePoint, they own OneDrive and they own Windows for the people that are using Windows. And, even if you’re using a Mac, as long as you’re using the Office Desktop Suite, they own the Office Desktop suite, and so they can make some very tight integrations.

The office service that we see coming on 2nd from file migrations is probably Single Sign-on. It’s a distant second I would say, but it’s coming. We’ll talk more about the benefits of Single Sign-on on the slide coming up, but that is coming.  

And I do have an asterisk on this, multi-factor authentication, I almost don’t really count it as a full-scale project. There is a fair amount of change management that needs to be done, and needs to be done carefully.  But, it’s not a big project.  It’s more a matter of making sure that everyone knows how this works and then getting buy-in.  You do need to have a mobile device handy to do the second factor, the second authentication after you put your password in.  

You also click something on your phone that says “Yes, that’s me that’s trying to login; let it happen.” And then, the last service that I see, it’s not strong yet, it is the Microsoft Teams, but I think that’s going to be a future trend, I think that’s coming. Yes.

(28:33) Just a slide about another trend that I’m seeing, that is not a new trend. It’s an ongoing trend with Microsoft.  Their marketing department continues to mess around with the way they bundle up their Office 365 services and licensed bundles. So, some things that happened this past year, where that — At the start of 2019, nonprofits were eligible for 53 Enterprise mobility and security licenses. That, that was a nice little bundle that was provided to nonprofits.  Those nonprofits that signed up for that still have it, although I don’t think that it will necessarily renew. I’m not sure how things are being grandfathered in on that, but it’s not something you can get now fresh.  Instead, they have replaced that with something called the Microsoft 365 Business and that didn’t exist until sometime this past fall.  It’s the one that we are mostly recommending to most of our clients the E3, Office 365 E3 is good. But, we’re seeing that the benefit of this Microsoft 365 Business, it’s similarly priced, it’s $5 per user per month, but it includes the Office Desktop Suite it includes some Enterprise security features and it’s all good. 

(30:16) Matt just chatted me that the EM +S licenses that nonprofits do have already are going to be grandfathered in for the foreseeable future that we’re aware of.  

Last trend or last thing that people should be planning on in terms of how to deal with Office 365 and Microsoft in general, I would tell all of our clients definitely plan on Office Desktop suite licensing being something that you plan to do through the subscription services and no longer something that you buy as the volume license through Techsoup. 

This is partly because, it’s what Microsoft is trying to get ready to do anyway, and because I have seen enough cases now where even though supposedly like, Office 2016 is fully supported with SharePoint and OneDrive file sharing, it’s just not, and I just think that they’re not putting a lot of energy into their volume license code. It does eventually catch up but, I think everybody should be planning to spend the small amount of money, charity pricing that you would have to pay, if you are a nonprofit, to have Office 365 Desktop suite through a subscription service. It allows them to install it on their work computer (your staff) not just on their work computer but, also on their home computer as well.

Another thing that we’re seeing about Office 365, a trend that we are seeing is that, Microsoft is continuing to improve their security stance vis a vis, the Office 365 suite of services and that, then benefits all of our clients if, that as long as they have hooked themselves to the Office 365 wagon, they can easily, relatively easily, improve their security posture as well. So the biggest thing that we have seen is that Microsoft is sort of rolling all this stuff into their basic services and turning it on by default. So, it used to be that, you know, Johanny’s point about benefiting from expertise of Cloud services is absolutely true.  

(31:40) But I would say that particularly on the security thing, that our expertise, Community IT’s expertise was really necessary, because we had to go in and find these settings and turn them on and make sure they were working and now a lot of them are turned on by default and already running. But, all that said, there is still expertise needed.  

Not all of the things that are on these bullet points here are automatically coming to you from the most basic nonprofit E1 charity license that you buy but some of them are included with Microsoft Business 365, it’s a mishmash but, just to quickly — Matt will talk more about all this stuff but, single sign-on SSO very useful for mediating all of your Cloud services, not just Office 365, you have a single account with Office 365, you use MFA or Multi-Factor Authentication to get into your Office 365 account. And so that’s very secured, because, it’s got a good password and it’s got a second factor authentication required, and once you are into your Office 365 account, that enables you to access other Cloud services, whatever they are, the New York Times Online or whatever those things are, as long as those services are compliant with the single sign-on protocols which more and more Cloud services want to be able to. So, that’s a great service of Office 365. 

Data loss Protection is what DLP stand for, that’s the idea that you don’t want to have data leaving, so you might want to encrypt your emails, you might want to set an email so it can’t be forwarded, you might want to set a SharePoint file so that it can’t be copied or printed. These are things that you can do with Data Loss Protection.  It does take expertise to set these policies up, but you can do it.

Intune, again something that doesn’t come with the basic E1 license but, with the Microsoft 365 Business 365, I think it does. Intune is the device management IDS, so Intune adds more than just basic authentication to it. It might allow you to set up that encryption for policies for those computers or other sort of group policies, but mediated by the Cloud instead of by the main controller on premise. 

And then, ATP stands for Advanced Threat Protection, which I won’t even discuss, but it’s yet another thing that you get with Office 365 if you have the right licensing for it and all these things allow us  to do a better job with Cloud security. 

One of our registration questions that came in was Cloud migration tips, appropriate levels of security that the person was interested in, hoping to hear about that a little bit from this trend webinar. Let me answer that real quick while I’m on this slide, first of all, I just want to say that like a lot of the traditional rules that you have with on-premise systems apply still, like you need to pay attention to the roles that you have and who has access, who’s an administrator, who’s a power user, who’s a regular user, you know, who has access to your HR System to the back end or just who has access to what is important and that’s the same as it would be with any system. 

But the biggest thing about moving things to the Cloud is that, with traditional On-premise systems, you had to sort of be physically on the network to have access.  

If your passwords weren’t super duper secured, it didn’t matter, because, you had to be physically on the network to do anything and you had physical control over who walked into your office. Of course, DPMs and remote desktop servers and so on were exceptions of those, but the general idea applied with Cloud services, they are accessible from everywhere so, the password policy is vital, that’s why a single sign-on is so useful.  You can lock down Office 365 or whatever your single sign-on provider is, with Multi-Factor Authentication. So it’s very secure and then from there people log into the other services. If you don’t use that idea you definitely want to employ your users or have a policy for your users or both? I guess that every password for every Cloud service needs to be unique. That way if one gets compromised, it’s not able to be used for others. That’s the single greatest way that we see, I think, that we see of getting in through password is when, someone using the same password that they used for some other particularly consumer service, they use their work email and their generic password they use for everything to sign up for Netflix and Netflix gets compromised, It hasn’t been as far as I’m aware of so, I don’t mean to throw Netflix under the on the bus. But, if Netflix got compromised, then that match of that work email and that password, they might try it on Office 365, login and it works and then they start sending emails out on that person’s name and phishing for financial gain.

(37:40) Next slide, the trend that file server to Office 365 file sharing is getting ever, ever easier, is definitely the case in 2019 and I expect it will continue to be the case in 2020. This time, last year, I think the SharePoint migration tool was something that we are just starting to use and they improved it a lot over the last 12 months. It now is getting even more flexible and allows you to do even more granular in how you migrate things from your On-premise server to the Cloud. The adoption I think is relatively easy.  There’s still a lot of change management in training in a successful SharePoint OneDrive migration, but it’s so much easier than it used to be.

There are some pain points, I won’t read those but, they, they exist, they are things that we need to think about when we do a file server to Office 365 migration and I will say that while Microsoft has worked hard on their SharePoint migration tool, that tool is designed for migrating files from a file server on or an On-premise SharePoint server, which none of our clients have. We used to have a couple clients that had it but they got rid of them a long time ago. 

But it’s not for — designed for migrating among your SharePoint — within your SharePoint tenant that remains something that I think, Microsoft at this point, is letting their third party partners have that market.  Maybe that will change in 2020. But at this point, let’s say you built out a SharePoint system; you were an early adopter and you built it 5 years ago according to the best practices of five years ago, and now you want to reorganize, because you see there’s a lot of better ways to do it. I think you still need a third party tool for that. There’s not really, native tools, which means, you will have to spend a little bit of money on the licensing of those tools.

Techsoup does have a product from Onpoint that we have been playing with and probably use a little bit in 2020. But it’s not something that we have done a whole lot of with yet so far. 

(39:49) And then, my last slide is about Microsoft Teams, this is a trend that’s coming on because Microsoft is pushing it very hard and I think successfully.  I think it’s been a little bit of a bumpy road for clients of ours that you Skype for business which is one of the predecessors of this product. And sometimes with less warning than we would have liked, they automatically moved our clients to Microsoft Teams and that was a little bumpy. 

And there are still lots and lots of our clients that haven’t really used Teams at all. Even though now, just in the last month or two, when you get an Office Desktop suite update you are going to get Teams. It’s going to come with it. Whether or not it auto launches on startup, I’m not sure ,but it might start for your users at some point and you can disable that. I’m not sure about that. I don’t mean to get us into the weeds on that question. But it is a product that has a lot of promise and we are — I’m excited about it, Satya Nadella has really — who is the Microsoft CEO — has characterized it as Outlook for Teams, and what he means by that is, like Outlook has everything that you need for your basic productivity under one roof:  your email, your contacts, your calendar. Some people use the tasks list from Outlook some people don’t, but most of stuff that you need to serve your basic stuff is in one place and Microsoft Teams is supposed to sort of be the Team equivalent of that.  There’s a single place that can bring together chat, meetings, notes, Office editing like, Word and Excel and so on and some Power BI and some other office Cloud services that you may or may not use, all supposed to be in one place and it supposed to be built for a relatively easy collaboration with external contacts. So, it’s not something that has to be only internally facing but you might be able to — not might be able to –  you are definitely able to invite external people to your Teams provided that that’s not turned off at the tenant level, which is a security setting. 

So it’s a great product and we are, and we are still seeing it. I would say it’s still maturing. I would say if you’re interested in adopting it, but you’re not sure if you have the bandwidth right now, waiting a little longer it isn’t a bad move because it’s still coming on, I think, and getting to be a more solid product.  At the same time, if now is the time when your organization does have bandwidth, it would not be a bad thing to roll out. I think you get a lot of value out of it right now, certainly Community IT does.  We use Teams all the time and when I said that Matt, chatted me EM+S was grandfathered in, that was the Teams chat that he chatted me with. 

(42:48) Last before I give the baton up to Matt, we got another registration question, which was:  What are nonprofits using for intranet services? and I mentioned that here because, I think Microsoft Teams somewhat services as an intranet for a small group of people. SharePoint definitely has intranet functions and so, SharePoint could be serviced as an intranet for an entire organization, it’s built for that. And then we see a lot of our clients using — depending on what the intranet is for, if it’s for it like HR stuff, for serving up HR forms and so on, that we see being done through browser-based HR systems like we, Community IT, we use Paylocity. That’s the one we use. That’s a browser-based platform and it has intranet functions that meet the HR internet needs.

I would say in general, this idea of an Intranet is something that probably we are seeing less traditional intranets than we used to, Community IT  gave up its formal intranet many years ago. So I would say if you are an intranet business, probably your market is shrinking right now just because there’s all these other ways of delivering that information and because, while they are nice, they also require constant care and feeding and in some ways there are different ways to disseminate all of that information whether it’s through your HR platform or through SharePoint or through Teams.  And I think that’s it from me.  

Matt, take it away on security.

Johanny Torrico:  Hey Matt, You are muted.  

(44:39) Matt:  All right, thank you. All right. Now that I have got everything sorted out, before I talk about cyber security, I did want to go ahead and just kind of, get the sense of where folks are at in terms of the number one initiative that you are going to tackle in 2020. We talked a little bit about some of the trends that we are seeing. So if you can, you know, go ahead and check some of the boxes in terms of the projects that’s going to be your number one initiative. 

I’m just curious to see where folks are at, in terms of cyber security or Cloud migrations or policy work, I mean, that would make me very happy if the number one initiative the people were going to do was IT policy. And so, I’ll just leave this open for another second and go ahead and flip this around and also as you are responding also, just in case, if you do have any questions, you can go ahead and either chat them in or use the question feature to ask them and if we don’t get to your questions during the webinar, we will have some time at the end.  We’re going to have some follow-up so, I want to make sure that everybody who’s got questions, that we make sure to get them answered. 

(45:55) So looks like it’s fairly evenly distributed with no clear winners and although I must say, hey, updating IT policies, that’s fantastic, I’m really excited to see that so high.  Looks like lots of folks have website or CRM projects as well. 

(46:14) So, let’s go ahead and move into the next slide and talk a little bit about cyber-security. 

I think Johanny and Steve both did a good overview of talking about some of the things that we are seeing and I would just continue that by saying that, top level, I would say there is increasing awareness around cybersecurity and the need for nonprofit organizations to pay attention. You can’t go online without seeing the news of another data breach, or a database being exposed with information being released. 

And I just think that that’s the reality of the world that we live in and our environment. So I think data breaches are going to continue and so, for organizations, it’s not necessarily a question of, if your data is going to be breached? But, it’s a question of when.  So, I think having that framework would lead organizations to make maybe some different choices or, focus on investing in those, incident response plans from a policy perspective.  Yes, it’s important investing in good security but, you are investing in a big fortified shell without any follow-up or plan for what happens if something does get released or conscientious assessment of: What is the data that we are keeping about our members?  Do we need it?   Do we need that bit of personal information?

So again, I think, understand that we live in a world where a data breach is not, an if question, but a when and making sure that there’s process and policies in place to support that response is important. 

(47:52) Moving on, MFA Multi Factor Authentication adoption rates are increasing. I think it’s something that we are seeing more and more, I think in our personal lives, you know, if you log into your bank website, they are implementing these multi-factor challenges. So again, you use your password to log in and then, maybe there’s a secondary prompt for a text message or a phone call or some other process to complete the authentication. You know, this has been a big initiative for us, probably going on three years now, and I think we’re just seeing it. Microsoft has made it easier to implement. So from a technology perspective, it is just a couple of checkboxes. It does require a lot of end user adoption training. 

Organizations are I think, wrestling with the fact that we have been assuming and relying on staff to provide their own personal devices and there has been a convenience that they can use them to access work email. But, I think organizations from a trend perspective are also recognizing that that’s a liability. And so, now you can get everything on your phone but, your phone is your personal phone and maybe you are sharing that device or it’s outside the bounds of what is normally used. This means organizations need to take a harder look at their policies. So what are we going to ask in terms of the devices that staff carry? What’s the requirement? Are we reimbursing for that? Are we going to provide devices? I think in the corporate world, maybe attorneys all carry two phones, because there is a work phone and a personal phone. That is really clear delineation. I think for many organizations of the nonprofit world, that delineation doesn’t exist until, in general, it’s a convenience.

 I think now that we are seeing more and more MFA projects require the use of a smartphone, maybe those folks that don’t have an up to date smartphone and the smart phone is low on space. Maybe they don’t like the idea of the organization requiring them to install an app on their personal device to access work information. You know, all these things I think are coming together and the pendulum is swinging back a little bit from, “Hey, this is great! I have a smartphone, I can do all this work on it.” to wait, This is my personal phone, what are the boundaries that I need to have in place or the organization needs to have in place, to ensure that access is secured and maintained? What if somebody leaves the organization?  Is there data that might be sensitive and can be pulled off of it, storage is lost or stolen, can get pulled off of it. So I think there it is again, which is we started on in 2019, making some real inroads in terms of policy templates and frameworks and I think that’s going to continue into 2020. 

And then finally, this topic of Cyber Liability Insurance. And we first talked about it last year, 2019 and there’s been a lot of interest coming to us in terms of learning more about it. I will actually be doing an in depth course, TechSoup courses that should be out here in the first quarter that will be a deep dive into Cyber Liability Insurance: what it is, do you need it? how much? kind of all those details. But again, organizations are recognizing that traditional insurance, from a liability perspective,  doesn’t really extend into the cyber world. 

So again, if your organization is affected by a data breach or if you have ransomware somewhere or if you have a successful spear-phishing attack, those are not covered by your traditional liability insurance. And so, additional policies that are specifically tailored for the Cyber liability makes a lot of sense. So again, I think, this is just an increasing awareness about the challenges and complexities around managing and supporting a network in this digital world.

(51:39) So, let’s go ahead and look at the next slide. I think there’s a lot of good news in terms of the maturity of the cybersecurity platforms. It still feels a little bit like the Wild West or maybe Gold Rush with just so many different technology solutions out there, I think we are starting to see some consolidation and streamlining of those solutions.  Yes, of course, the big players are kind of moving in and making acquisitions and consolidating the stack and streamlining the stack. 

So I think there are a lot of good tools out there to combat the threats. So, from a technology perspective, you have got tons of options to react to the responses. Microsoft has really built out their tool set and as nonprofits, I think that’s a tremendous benefit and that we get the benefit from these kind of enterprise-grade tools that are available to nonprofits and then are available at a very steep discount so, I think that’s great. There’s a couple of good sentinels that are available. Barracuda Sentinel is a tool that we added in 2019 to combat the dramatic spike that we were seeing in business email compromise. So, again, those emails that try to trick you into buying a gift card or updating wire transfer information.  Stuff that kind of gets through regular spam filters. So Barracuda Sentinel is a good tool, I think there are other vendors that make business email compromise protection. So that’s great. 

Azure has recently introduced their own sentinel tool, it’s called Azure Sentinel. And this is basically Microsoft’s implementation of a security information and event monitoring system in Azure. So, it is really enterprise grade. I think, for those organizations of  maybe a hundred seats and up. It will be something that’s worth looking into. A little bit of a build your own model, but, again, very powerful.  Microsoft built it.  They kind of buildings for a million end point size, right?

So, it’s just, massively scaled.  But I think there will be some specific things that small and mid-size organizations can really take advantage of, so I think we’ll see the maturation of those tools by the end of 2020. 

And then again, pricing is more competitive. Microsoft is again, with heavy discounting benefits to the nonprofit sector and then, even some other big brand-name tools, like the Crowd Strikes of the world. I think their solutions are becoming more attainable as they have reached maturation or, they have had a good deployment into the enterprise phase. And so, now they are looking to expand their market. So, they have the big players of the world. They are going to go to small organizations. And probably adjust pricing, you know, as part of that. So again, I think there’s a lot of great tools out there and I think in general the pricing is coming down which, which is good.

(54:46) Great. You know, my downside, my negative view here is that, I still think IT is still seen as a cost center in many organizations. And so, if it’s not related to support the mission it maybe doesn’t get funding, the never-ending battle against overhead. It’s a bad word, so investing in operations is a challenge. So, I think there is slow progress on the funding side, to fund secure and scalable operations and focus on impact as opposed to cost. So, I would say, IT is still seen as a cost center and that’s something that we need to always continue to advocate for.  Effectively using technology, as opposed to reducing the cost of technology. Of course, you want to implement things as efficiently as possible, but not concerning the big picture. I think it disadvantages many organizations.

And again, end user adoption and change management is just difficult. You know, many organizations have limited capacity on the operation side and so, when it comes to a new MFA project or a file migration project or something else, that really represents a big change in how organizations need to implement and recognize that there’s a relatively small technology change but, there’s a large organizational change associated with implementing a lot of these solutions.

You could chat in or ask a question about how your organization is dealing with that. And again, I think as we wrap up here, I had a couple of things that didn’t necessarily fit in some of the buckets above, but I would say the grab bag. 

(56:40) The Mac support in a managed environment continues to be a challenge. Apple has continued to lock down Mac OS. And so, the changes that are in High Sierra and now, in Catalina really make it difficult for centralized management and administration of those computers. 

We had to invest in a separate tool that was focused on Mac management so that we could do the things that were important for us in terms of inventory, being able to do Key Escrow for FileVault, to do remote support. All of those things are much more difficult in the Mac world than  the Windows world and so, we still haven’t seen kind of a runaway change for nonprofits adopting Macs as their primary computers. But it’s a slow and steady penetration in terms of organizations adding at least a couple of Macs into the world if not the whole organizations shifting.

They won’t touch on, we are also seeing some trends with mobility.  Just before this, I was talking to my colleagues and the default computer purchase for most organizations now is a laptop as opposed to a desktop. We almost budget twice as much and plan to replace them on a three-year cycle as opposed to a four-year cycle. So, it was recognized it represents a significant cost increase, but I think the trade-off is certainly flexibility and so between preference for mobility and more organizations adopting, you know, either 100% virtual office, or having a more flexible work environment. I think it adds some additional security consideration.  That’s important to think about as we shift around from showing up to the office and connecting to the server down the hall.

And then finally, it wouldn’t be a presentation in 2020, without the mention of what the current political environment can have on cybersecurity. I think  particularly those organizations, that  are in the policy realm, I think attract a lot of attention from state-sponsored actors. So again, that would be China, Russia, North Korea trying to understand and not necessarily subvert but again, understand what the policy analysts are saying before they are saying it. So, organizations that are in that world, I think, have a lot more work to do on the security front than other organizations.  I also think organizations that work on elections and good governance are also going to be special targets as we have the run-up to the election. I think there are a number of things to be considered, especially in these specific verticals. 

(50:40) Johanny Torrico:  Yeah, thank you Matt and Steve, that was very, very informative and a very thorough overview of the technology trends that we are seeing for nonprofit organizations. 

Let me advertise our next webinar. We partner with Build Consulting. Build Consulting focuses on information strategy and information management for nonprofit organizations. Peter Mirus from Build Consulting will present next month’s webinar: Does Your Organization Need a Better Technology Roadmap? 

He will help you identify gaps in leadership operations of business process and data management capacity that have prevented your organization from effectively selecting and implementing technologies to serve your entire organization and its mission. 

So I think it’s a minute past 4, so we’re out of time. I want to thank everyone for joining us today.  Thank you Steve and Matt, again, for your time and being thorough, we invite you all to return next month for Build’s webinar. 

Thank you again and enjoy the rest of your month.  Take care.