Transcript below

View Video

Subscribe to our Youtube Channel here

Listen to Podcast

Like podcasts? Find our full archive here or anywhere you listen to podcasts: search Community IT Innovators Nonprofit Technology Topics on Apple, Spotify, Google, Stitcher, Pandora, and more. Or ask your smart speaker.

Nonprofit Technology Trends Roundtable 2021

Join four Community IT Innovators executive experts for an “ask the experts” discussion. Hear about nonprofit technology trends we expect to deliver new impact this year.

Community IT Innovators’ CTO and cybersecurity expert Matt Eshleman covers emerging threats and the security measures to counter them, and discusses how to determine the real risks to your organization and the return on your nonprofit’s investment in security. He also touches on cybersecurity training for your staff, and emerging security concerns for online collaboration and remote workers. Does your organization need a cybersecurity assessment or cybersecurity insurance? Find out!

Community IT has worked with several clients this past year on implementation of nonprofit tech projects that impacted the entire organization, and required engaged change management from leadership. Our Chief Operating Officer, Johanny Torrico, discusses our work with implementation of large multi-stakeholder tech projects, and the tools available to assist in successful tech transitions. Do you have a major tech project coming up?

Cloud computing trends and platforms such as Office365 for nonprofits, Microsoft Teams, and SharePoint will continue to be important in 2021. Our clients are using cloud-based tech to transform their productivity, remote work, and file sharing while lowering costs. Director of IT Consulting Steve Longenecker presents insights from his experience with cloud computing implementations and trouble-shooting. Remote work specifically has put new pressure on cloud solutions to deliver for productivity – is your team utilizing the tools that you have? Do you need to learn about new tools?

We also address seven up and coming technologies to watch, innovations to embrace, and technology management basics for any nonprofit operating in 2021.

CEO Johan Hammerstrom moderates the discussion, drawing on his decades of experience in nonprofit technology work.

We know our nonprofit colleagues are going to be asked to go above and beyond for the foreseeable future, as we grapple with enormous changes and upheaval. We hope this webinar on using technology will put your organization in a good place to deliver on your mission in 2021 and beyond.

As with all our webinars, this presentation is appropriate for an audience of varied IT and security experience.


nonprofit technology trends 2021

Community IT Innovators CEO Johan Hammerstrom has always been interested in using technology as a force for good that can improve our world. 

He pursued a career in Information Technology, with the express goal of improving our communities and our world.  He started at Community IT in 1999 as a Network Administrator.  Since that time, Johan has been a Network Engineer, a Team Lead, the Director of Services, Vice President of Services, Chief Operating Officer, and beginning July 2015 President and CEO. Working directly with over 200 nonprofit organizations, to help them plan around and use technology to accomplish their missions, has been one of the most positive and rewarding experiences of his life.

Johan has a long experience in the nonprofit technology community and always looks forward to sharing tech tips for staff and leadership at your nonprofit.

nonprofit technology trends 2021

Johanny Torrico is currently Chief Operating Officer, leading the largest team at Community IT.  She joined Community IT in December 2006 after serving as Director of Technology for The National Association of People with AIDS (NAPWA) for nearly four years. During her tenure at Community IT, Johanny has mastered every role she took on including network administrator, network engineer, and service manager. She is currently Chief Operating Officer, leading the largest team at Community IT.  And she still enjoys providing technical support to our clients, participating in our professional services team, and implementing technical solutions.

Johanny holds a B.S. in Computer Information Systems. She is a VMWare Certified Professional and recently became a Microsoft Certified IT Professional for Office 365. She always enjoys discussing our nonprofit technology trends 2021

nonprofit technology trends 2021

As Director of IT Consulting, Steve Longenecker divides his time at Community IT between project managing client projects and consulting with clients on IT planning. Steve’s appreciation for working at Community IT Innovators is rooted in respect for the company’s dream and vision, and for the excellent colleagues that the dream and vision attract. Steve is MCSE certified. He has a B.A. in Biology from Earlham College in Richmond, IN and a Masters in the Art of Teaching from Tufts University in Massachusetts.

Sharing expertise in the nonprofit technology trends roundtable 2021 –as every January–is always something he looks forward to.

nonprofit technology trends 2021

As the Chief Technology Officer at Community IT, Matthew Eshleman is responsible for shaping Community IT’s strategy in assessing and recommending technology solutions to clients. With a deep background in network infrastructure technology he fundamentally understands how technology works and interoperates both in the office and in the cloud.

Matt has dual degrees in Computer Science and Computer Information Systems at Eastern Mennonite University and received his MBA from the Carey School of Business at Johns Hopkins University.

Matt is a frequent speaker at NTEN events and has presented at the Inside NGO conference and Non-Profit Risk Management Summit.


Johan Hammerstrom:  Welcome to the January 2021, Community IT Innovators Webinar. I’d like to wish everyone a Happy New Year. And thank you all for joining us today for our webinar on IT Trends for 2021. Today, we’re going to be going over about seven of the most interesting and exciting new developments in IT that are going to impact nonprofit organizations in the coming year. We’re going to discuss 

Good afternoon. My name is Johan Hammerstrom. I’m the CEO of Community IT and the moderator for this series. The slides and recording for today’s webinar will be available on our website and YouTube channel later this week. And if you registered for the webinar, we’ll be sending you those links later on. If you happen to be watching this right now on YouTube, we encourage you to subscribe to our YouTube channel so that you can receive automatic updates when we post our new webinar recordings.

Finally, I’d like to ask that you all use the chat feature if you have any questions during the webinar today. And we’ll do our best to respond. 

Before we begin, we’d like to tell you a little bit more about our company. Community IT is a 100% employee owned company. Our team of 36 staff is dedicated to helping nonprofit organizations advance their missions through the effective use of technology. We’re technology experts. And we have been consistently named a top 501 managed services provider by Channel Futures. And that’s an honor we were pleased to receive again in 2020. And now, it’s my pleasure to welcome our panel of experts. And I’d like to invite them to introduce themselves. Johanny?

Johanny Torrico:  Yes. Yep. Good afternoon. Thank you for having me here today Johan. Johanny Torrico and I’m the Chief Operating Officer at Community IT. And it’s my pleasure to be here with my two colleagues, Matt and Steve, and you too, Johan of course, and we’ll see where this takes us.  Thank you.

Steve Longenecker:  I’m Steve Longenecker. I’m the Director of IT Consulting at Community IT and yeah, I’m pleased to be here as well and share the things that I’ve observed in the last year and what I expect to have coming forward in the year to come.

Matthew Eshelman:  Great. Thanks, everybody. My name is Matthew Eshleman. And I’m the Chief Technology Officer at Community IT.  In my role, I’m responsible for overseeing the platform development of the tools that we use to support the nearly 5000 devices that we support, and then also working with clients on developing their Technology Roadmap. So I learn a lot from the clients that I get to work with. And we’ll get to reflect that back here, today. So looking forward to the conversation.

Steve:  So here’s our agenda. First of all, Matt’s going to look back on the year. This is an annual event. Welcome to those of you who’ve joined us in the past Januarys. He’ll look back at the predictions we made about the year just past and assess how we did on those. And then these are the trends that we’re expecting to talk about. That we’re going to try to look at the trends through three different lenses, the technology itself, which I guess I’m going to try to take responsibility for.  Security, when that is appropriate to talk about, Matt will talk about that. And then if there’s operations focus, it’ll be primarily Johanny. But it’s going to be a free flowing conversation. And each of us have expertise and things to say about all of those different lenses. So it’s not like we’re limiting ourselves to one or the other. I also want to acknowledge that there’s overlap in these agenda items. So you’ll definitely notice that like, there’s a point about the Microsoft Stack versus best of breed. I’m looking forward to talking about that. But I can’t talk about telephony without talking about the fact that Microsoft is now offering a telephony solution, which is now part of their stack. So there’s overlap, but it’ll be a good conversation.

Matt:  All right, well, let’s start off here, looking back at 2020 and making sure that we see where we are at.  As Steve mentioned, this is something that we have done on an annual basis for the last couple of years. And so I went through our presentation from last year to look at what we said and then lined that up with what actually happened. 

So last year, we talked about trends around the cloud and digital transformation.

I think in terms of what happened, none of us could have predicted the impact that that COVID would have on the world and on us as an organization that supports nonprofits. I think from a technology aspect, I think that certainly accelerated a lot of cloud adoption as organizations were forced to work all virtually. So I think best laid plans all went out the window, organizations really scrambled and were successful, I think, in large part in adopting the cloud. And so I think, we were on the mark in terms of making sure that that was a priority for organizations, I think the same thing – the serverless office, we’ll talk about that a little bit more detail today, as well, again really accelerated by the work from home requirements through COVID. 

And mobility, again, focusing more on services in the cloud video conferencing supporting personal devices. Again, I think COVID really accelerated that a lot. 

One case I like to share, as a good example of this was in December of 2019, we worked with an organization that was due to replace about 60 of their devices. They had iMac desktop computers. And they were trying to decide between replacing them with the same or going to laptops. And after talking with us and looking through some scenarios, made the decision to switch to going with Mac laptops. And so that was in December of 2019, they replaced all the devices, followed all our cloud and Device Management best practices, and then they were in a very good position to be able to transition to work from home, because they all had secured laptops that they were able to connect to work resources from. So again, I think that’s a good transition and these may not be necessarily cutting edge recommendations, but they are really going to focus on what’s the essential elements of having a good IT strategy that’s going to be flexible and adaptive to respond to whatever may come?

Again, security is a theme, I think there’s always security recommendations for every year. And I think what happened in 2020, was that we saw that there continued to be just an enormous amount of data breaches. This year, there were a number that really affected the nonprofit, so called supply chain, Blackbaud, their data breach, there were a number of others where nonprofit vendors were impacted. So I think that was a real wake up call for a lot of nonprofit organizations to realize that, hey, it’s not just something that happens to somebody else, but something that can happen to my organization.

I think we also talked about Office 365 and licensing the best mix and again, I think Microsoft continued in 2020, to have a lot more options. I think that’s consolidating. Now, in terms of what are the best options for nonprofits to take advantage of the pricing I think is solidified. And that there’s some new stuff, we weren’t quite aware of what Microsoft was going to do with the nonprofit common data model. It’s a little bit afield from what we get into. But it does seem from our perspective that Microsoft is making a big push into the data side of nonprofit organizations and providing that tool and platform through Dynamics to really take on the traditional big names in that space.  Then finally, yeah, video conferencing everywhere that sure happened so all right, I’ll hand it back over.

Steve: Yeah, we made a lot of predictions about mobility and cloud and thanks to COVID we got them all right. So kudos to us! 

Larger Organizations are Going Serverless

The first trend that we’re expecting in 2021 is what we already said in 2020, that organizations are going serverless. In 2021, we’re expecting that more of that will happen, for sure. And that larger organizations that in the past, we would have said, “Oh, you got to have a server, right?” are going serverless. And we’re seeing that happen. We’ve seen it happen already. We’ve helped clients just this fall that have quite a few staff people that just say like, “We don’t need servers anymore. We’re going to move everything to the cloud.”

In the past, servers provided file storage, printer management, you definitely did Device Management and group policies from a Windows Server. In the deeper past, email was something that you’d see on a server. That’s been in the cloud for a while now. And then I think the last and hardest thing is that the servers that are hosting on premises line of business apps, the databases, the financial platforms, and so on that are running on on-premises servers, those are harder sometimes to figure out how to move to the cloud. But the cloud can do all of it now and it’s just getting better and better. 

The latest thing for us is that we’ve signed a contract with a vendor that provides printer management, cloud printer management, and we’re really excited about it and it’s not expensive, either.  And so we’re really excited about offering that to Community IT clients. This is something that was still difficult. If you want to get rid of your server, you have 30 computers in your office. You get rid of your server and then you get a new printer, and you have to walk around to every single computer and say, “Here’s our new printer,” and do a 10-minute configuration job.  It doesn’t scale very well. But with cloud printer management that’s no longer a big issue.  You make one change on your cloud admin interface and it drums down through the cloud, an agent to all of your 30 computers and right away they all get updated. So it’s really exciting. 

The downside of the servers, we really saw it in 2020, Matt was talking about the client that was really happy, they had gotten MacBooks for everyone, instead of the iMac desktop system.

We had real variation in the experience of people, dealing with COVID-19, closure of offices. The clients that worked on laptops and had their data in the cloud were really in a good place for that and didn’t struggle.  For the clients who had laptops that they were domain joined, they were really configured for that experience of needing to talk to a domain controller regularly. And a VPN was necessary to have that line of sight, you call it, to the server.  That’s difficult. 

And then, if you have compliance requirements to change your password every 90 days, you’re changing your password, the VPN breaks, because you’ve changed your passwords.  You have to go into the VPN setting to update that configuration. And it’s difficult and it’s a lot less difficult if you can get moved to a serverless operational model. So it’s not going to be something that every client is going to be done with by the end of the year, but we definitely see it happening more and more and with larger and larger organizations.

Matt:  Yeah, I think in terms of how that gets operationalized, I think the key determinant now in terms of, can we go serverless or not, is really more driven by, what on-prem or legacy business applications do you have, as opposed to how big your organization is.  We can support organizations that are 100 staff that basically have no servers, because all of their applications are in the cloud.  I think it’s really impactful for those organizations that still have the accounting database in the office.  At Community IT, we have our privileged access management tools on-prem, we have our client management databases on premises. So we’re tied to some physical infrastructure and migrating that into the cloud right now is a cost prohibitive or feature parity issue right now for us. 

So, going to the cloud, just for the sake of it may not be the best move, but I think the real driver right now is applications. I think last year, we certainly saw the acceleration of files going into the cloud.  And I think that was the big thing tying organizations to their on premises infrastructure. 

Now that files are largely in SharePoint or Dropbox or Google Drive. It certainly opens up a lot more use cases for getting rid of that server. I think certainly, as we prepare and deploy new computers, they’re almost entirely going to be Azure AD joined, for the most part in terms of being connected to the Microsoft Azure Active Directory as opposed to being tied to an on premises directory. 

As Steve mentioned, the other thing that really ties you to on-prem infrastructures are just little things like printer sharing. So if you can find a solution, like we have with a third party printer management, that makes it a lot easier and removes one of those barriers to adopting into the cloud. I think the transition for serverless is not so much how many nodes you have, but the reliance and how many people are tied to on-prem servers just because of the authentication requirements. 

Steve mentioned, if you have to reset your password in a domain joined computer, there’s an update that your computer needs to make as well. It’s not just your cloud based account. Disconnecting those two things really allows you to get rid of the servers.

Johanny:  Mm hmm. Yeah. So just to add to your first slide there about the predictions, Matt, thank you for putting that together. As I was preparing for this webinar, and I was listening to the 2019 version of this, it just struck me how we sounded so hopeful about how nonprofit organizations were slowly embarking on moving things to the cloud, like files to the cloud or all of those things. We were hopeful that that was going to happen in 2020. And little did we know that that whole transformation was going to be accelerated so rapidly because of the pandemic. So thank you for putting that together.

I think going back to trends, something that I see, two things that I saw happening in terms of operations and moving from physical office to remote is that 

So Microsoft Autopilot, in simple terms, is a self service deployment service. And it basically auto provisions a set of capabilities and then lets you customize the Windows 10 out of the box experience. 

So you don’t need to create a custom image as we needed to do before and you don’t need to waste resources on manually reimaging, computer and computer and computer and computers. So I think the promise for autopilot I see as two: one is it will help reduce the deployment costs of workstations and two, it will definitely create a better end user experience. And especially now that everything is remote, it’s actually making it much easier for our users in the IT department to deploy those new workstations. 

(Community IT discusses the savings when using Autopilot to deploy laptops in a Remote Learning Implementation Case Study )

So, you need to do some configurations in the back end. And I’m not going to talk about that, because I’m not that technical and that’s Matt and Steve’s arena, but I can talk about the user experience when Autopilot is actually deployed for the organization. 

So with Autopilot in place, once the PC arrives at the end user, the employee, all they need to do is unbox the computer, power it up, connect it to the internet, and then they will be presented with a customized login screen.  The employee then will use their company credentials and Autopilot will configure their PC.  That PC will automatically be joined to Azure Active Directory; they will be enrolled in Intune; they will upgrade to Windows 10 Enterprise; install the latest Windows versions; updates apply. 

And again all this will need to be configured in the backend with Microsoft 365 and Azure Active Directory. But once it’s in place, all that user experience will be definitely elevated. And because of the integration with Intune, all personal settings that apply, the corporate policies are pushed through.  If your users for example, need local admin access or it’s an admin role, you could manage all that in the backend with Microsoft 365 and make those changes automatically with Autopilot. 

You can also install all the Office 365 applications, any line of business applications that need to be installed and for us, it’s actually even allow us to push our Community IT’s monitoring engine, so they don’t even need to call our help desk to help them install the agent, because that will be taken care of with Autopilot.

Steve: Yeah, it’s really great. This year, especially, a client wants to replace a third of their laptops and instead of having them all shipped to the office and then having Community IT dispatch someone out to unbox them all and set them all up. If you’re doing 10 laptops that might be a day’s work. Instead, we just had Dell ship them directly to the users.  We got the end users home addresses and the box arrived.  They unboxed them and logged in with their organization’s Office 365 credentials, their username and password, email address and password. And the rest was just how Johanny described it. It’s pretty amazing. 

The downside that I really noticed, and it’s because I’m such a penny pincher in my personal life, is we’re out of DC. So, if the client had a DC office, and they’re nonprofit, they would have a sales tax exemption for shipments to DC, but then they might have staff in Maryland, Virginia. And so they decide, Oh, do I want to save a lot of trouble? Or do I want to save $75 in sales tax? And pretty much exclusively went with save a lot of trouble. But, that’s the incentive to have all your staff work in the same jurisdiction.  This doesn’t apply to nonprofits in California or whatever, probably, but it definitely impacted DC where a lot of staff don’t live necessarily in DC.  They might live in Maryland or Virginia, it was kinda funny.

Johanny:  Yeah, sorry.

Steve:  I didn’t mean to hijack that. But yeah, it’s really cool.  Autopilot is really cool.

Johanny:  Yep, no, this is so great. 

I think that the next trend that we see was about company-owned computers versus personal devices. And I’m going to pass it to Matt, so that he can walk us through the differences in areas, where we want to do that, and talk about security and other considerations to keep in mind.

BYOD vs. Company-owned Computers

Matt:  I think also on the COVID trend, if organizations didn’t have laptops and that wasn’t an easy transition for staff to make, obviously work was still getting done. I think we have been very fortunate that the vast majority of our clients have continued to operate and to continue to operate at the same staffing level during COVID, as they did at the beginning of the pandemic. 

We’re very fortunate in that regard. We’re supporting the same number of staff, the number of “organizational managed devices” has been reduced.  Not every organization had laptops to hand out to staff. The desktops that people had been using that were in the office are still sitting there turned off as of March 13. And so, obviously, the work continued, and people were using personal devices to do that I think out of necessity.  I think, for most organizations, that is an okay decision to make. But I think there’s some really important realizations that organizations need to acknowledge, if that is going to be the case in terms of bringing your own device – BYOD.

It’s allowing personal devices to connect to “corporate or organizational data.” I think policy is really important in this regard. We talk about a lot of that in the security context, what is the organizational framework for making decisions? I think, in general, lack of the so-called insider threat of nonprofits is perhaps a benefit. 

I think people work in nonprofit organizations because of the mission fit, because of the alignment in general. We’re not so concerned about people working and being malicious internally in terms of sabotaging the organization. But with that being said, I think it is a worthy thought exercise to go through and ask that question:  “What happens if our internal planning documents, that we have, end up on the cover of Breitbart or Newsmax and what controls do we want to have in place so that we can protect our organizational data?” And if that data is being accessed on a personal laptop and then that staff person leaves and they’ve downloaded a copy of all your synced files that were in SharePoint or Dropbox or OneDrive, what risks does that put the organization in, just having that data walk out the door? 

Again, if you’re in a compliant industry, like HIPAA compliance or even PCI compliance, that can be a real significant security threat to the organization. just allowing that to happen. So again, I think the flexibility of nonprofit technology is great. But at the same time, I think a lot of nonprofit organizations have just kind of, not really acknowledged the risk of using personal devices in a corporate setting or organizational setting.

Steve: It’s not just the data leakage, Matt. I’m not suggesting that he thought that’s all it was. But there’s also just the simple technical risks of personal devices, maybe being used by the teenager in the family.  Also, who knows what malware is on them? And they’re connecting to your resources and potentially bringing bad stuff in. It’s a hole in your security posture from that perspective as well. 

I think Community IT definitely still strongly recommends that company owned devices are the way to go.  You have control.  You can feel good knowing that whatever policies apply to those devices are well enforced.  The antivirus is up to date, that the Windows patching is up to date.

Johanny: Right, right. Right. Right.

Steve: But we have to acknowledge that sometimes BYOD is a policy of necessity.

Johanny:  Right, right. Right. Right. And it’s interesting, because as we were putting these slides together, we went actually back and forth, the four of us, if we should include personal devices as a trend or not, because we don’t know.  I think something that you mentioned Matt, is we’ve seen a decrease on the active devices that we monitor.  We also talk about organizations still working or having, prior to COVID, desktops instead of laptops. So that mobility piece was not there. 

They were forced to work remotely and then use their laptops or their personal devices. And then that caught out organizations without well planned out policies in place to safeguard their data and go about thinking about all the considerations and risks that using personal devices implies. And like you mentioned, Steve, Community IT’s stance continues to be on emphasizing the use of company owned devices that are monitored, managed by the organization. Because of all the things that you mentioned: patching and making sure the hardware is new, being patched and all of those things that actually protect the integrity of the data that the organizations should be thinking about. 

And I think the main risk in my mind that the use of personal computers presents has to do with the organization’s data. The other one is also what is that level of risk tolerance they are willing to take about data loss or data compromise. And another thing also to consider, as I’m thinking about this is, does the organization abide by any compliance required regulations? 

I think that it’s an important piece and it’s something that Matt has touched upon in some other webinars when he’s talked about IT policy and there are technical controls that you could put in place.  

Matt or Steve can talk a little bit more on that.  Especially if you’re within the Microsoft 365 umbrella, there’s something that you can do on the back end to control access to the data and manage some of those devices.

Steve:  Right. That’s a good point. Yeah, I think Matt’s point that acknowledging what you’re getting into at BYOD and then mitigating what you need to mitigate, or if you’re not going to mitigate everything, at least having your eyes open on what the risks are.  

That point about using some of the things that Office 365, some of the handles that it gives you.  Just the other day a senior engineer and I were setting up a policy on a SharePoint library for a client that allows that SharePoint library to be accessed in the browser from any device, personal or company owned.  But in order to actually download from it, or sync it, it had to be basically managed by Microsoft.  The device had to be owned by the company and there’s ways that it can check on that. So there are things that we can do to make BYOD acceptable. And, we’ll see.  

It might be that we’ll get back to regular life after COVID is over.  We’ll see much less use of personal devices. I think it’ll be better if we do.  But if we don’t, we want to try to make sure that we manage BYOD appropriately.

Johanny:  Mm-hmm, Mm-hmm.


Matt: Cool. Should we change gears a little bit now to talk a little bit about telephony? I think the picture is perfect. 

Last year, we talked about video conferencing and that being ubiquitous that certainly occurred. I mean, Zoom was incredibly highly adopted. It’s easy to use. I think they made it free. I know, my partner was in lots of Zoom.  Happy hours with friends, never done that before. So Zoom, I think took over. 

Telephony on the other hand, I think people are asking questions, like “Who needs a phone?” 

The only people that call me are either salespeople and Microsoft calling back about technical support tickets. So, I think the need for a traditional phone system and the financial investment that entails has really dropped off precipitously. Microsoft has also added in phone capability within Microsoft Teams, as a licensed feature.  The telephone system is a licensed feature of E5 and now they’ve made calling plans. So the ability to actually call regular telephone numbers available as well. And so I think that’s an affordable option. So for most organizations, if you need to have an organizational phone number and be able to call out and be reached by that number, if you’re spending more than $15 a license, you’re probably paying too much. 

And I feel bad for all these telephony vendors that have built up their own practice and they’ve got their own collaboration tools. I just see them getting blown out of the water because organizations are either in Zoom and they’ll just add the phone calling on Zoom or they’re in Teams and they’ll add it on Teams. Phone calls are over. 

So, I think nobody’s used their phone in the office for a long time. And if you had a traditional phone system, you redirect calls. I think organizations that were using voice systems, obviously you’re able to redirect that. But yeah, I think 2021, no more phones.

Johanny:  Yeah, that’s interesting. I worked with an organization that took their system to a cloud based provider a few months before COVID hit. Before this new cloud based phone system, they had an old fashioned phone and they were doing the traditional features and the physical phones and the basic voicemail to mail, and phone forwarding, those types of things. But they were looking for an easier way to manage and provision the user accounts and something that was more friendlier and plug and play physical phones and all of those types of things. They found a vendor that they liked that actually checked all of those boxes. And at that time before COVID, Microsoft Team wasn’t what it is now. So they also offer video conferencing capabilities and they also offer that instant communication, the mural of Slack capabilities. And at that time, this organization really…

Steve: It was only a year ago, that’s the crazy thing, right?

Johanny:  Yeah, it’s crazy! They really liked a piece of the video conferencing and the Slack capabilities because they were paying for a Slack account and they were using Zoom for meetings. And so they were seeing this cloud provider as a replacement to that and some cost savings in the long run. So this new phone system was put to the test last year and it’s very interesting to look back actually to the full utilization of the new system while everyone was remote.  They didn’t handle all the virtual phone connections in the meetings as well as they had advertise and this organization realized that they no longer needed the physical phones they really, really, really didn’t use or need the additional features or videoconference and Slack like communications because they were not as rich as Zoom or Slack or even Microsoft Teams now. So it was an interesting case study.  These are interesting things for me to see that progression of the cloud base, then COVID, where they landed and the lessons learned for them. 

And I know, Steve, that you actually had a flood of requests for training for Teams and Zoom, as well, right?  Zoom to a larger extent, maybe, but I know that you were doing a lot of trainings on… 

Steve:  Yeah, 2020 saw me do a lot of Teams trainings, for sure. Yeah. I remember sending out our Teams meeting requests to clients. And it always includes, because we buy the extra thing that allows for you to provide a dial in number as well. And I was frequently getting people dialing in.  It just never happens anymore; everyone’s familiar now with the virtual conferencing approach. Yeah, it’ll be interesting. I mean, telephony is a hard one to totally get rid of especially for the International set. Although, especially for the International set, doing it over the internet is so much more cost effective. 

But it is definitely happening. No more telephones in 2021, or it’s not going to be really gone until later. But it’s definitely the trend. I’m totally with you, Matt. Let’s go on, we got to keep time sensitive here. 

Data Reporting and Business Automation (36:20)

What’s our next slide? Oh, yeah, this one, I think this is a little bit more of a stretch prediction. I mean, it’s definitely going to happen, I just don’t know whether it’s going to really take off now, but we’re definitely starting to see it. And that’s this idea that so much more of IT is going to be focused on automation and bringing together disparate data sources into single dashboards.

We’re definitely having to do more of that at Community IT, because we have so many different data sources for different parts of our client activities and our billing and all that as well. And we need to evaluate our clients in a single pane of glass. And so we’re focused on that data reporting and there’s (I don’t want to step on Johanny and Matt’s toes on here), but there’s different ways that we can do it. 

I’ve most recently seen it in requests for building out Power Automate, they’re called flows, but it’s this codeless workflow automation. And this is basic stuff. But the idea of Microsoft’s vision is that the citizen developers are able to work with the professional developers to just build out little mini workflows to make things easier to get. So someone updates a file in a library, I want an email to be delivered to someone. Or, a sign off approval mechanism should happen where it’s all automated and not required for everybody to always click three different buttons to make things happen. We’re seeing it, just the trickle of it. But we think it’s going to be a part of our business going forward and it’s just going to catch energy going downhill, but it’s definitely the future.

Johanny: Yeah, it’s a lot of business process automation that Microsoft is trying to do. As you mentioned, Steve, at Community IT, I definitely started using Power BI, and some other folks in the company, to track KPIs (Key Performance indicators) that were important to look at weekly as a result of the pandemic. 

And I can just speak about Power BI in general. Microsoft invested a lot of resources in this platform last year. There were some headaches with Power BI, like consuming a lot of competing resources on your computer.  There’s a version of Power BI Desktop and Power BI online, and there was a big gap between those two – what we can do in one and not the other one.  I think that gap has been closing down, it’s nice to see that.  Also, the added technical capabilities and more things that you could do; they are always updating their platform. And so it was nice to see. 

I integrated Power BI with our ticketing system in several Excel spreadsheets and automated data gathering reports and dashboards. It is a very powerful tool and requires some learning; it requires some getting used to it. It’s a little bit complex. 

Steve: Yeah, same with Power Automate. 

Johanny: Yeah, there are some out of the box things you could do. But if you want to get into the weeds and do more advanced stuff, there’s a learning curve there. But just as everything, once you learn and understand the logic behind it, things come easier, easier to do and so there’s a level of analysis that you can get once everything is set up. It’s just, it’s great. 

And I know, Matt, you also have. I use Power BI, the out of the box reporting and things like that. But I know that you or your team has also done some really cool stuff and more complex applications and integrations last year, as well.

Matt:  Yeah, on our team, we’re doing a lot more with API integration, which I think has been an area of tremendous growth. And I think it’s an area that we’ll see a lot more growth. API is Application Programming Interface. It’s a way to pull data and manipulate it between disparate systems. We have some extra capabilities in our team. We’re able to pull data from our backup reporting system, from various security tools that we have and combine and analyze the data there. And I think that’s really been a differentiator for us to be able to get information out of systems. And it’s also been a way for us to push data into other systems and really increase our efficiency.

So API’s, we made extensive use of in 2020. And I only see that increasing as we go into 2021. 

I think the other thing around this data reporting, and business automation is the proliferation of apps.  That’s the one thing.  We have our main core systems, which are great, we’re heavily invested in, but it’s clear that they have some gaps. So, for each of those gaps we’ve got a custom code development or we’ve got a third party application to do it. And so I think that’s a challenge that I assume many other organizations face.  You need this $99 a month tool to do this job, or maybe the $79 month tool to do that job. Those things can really add up. Proliferation of the systems can be a challenge. But yeah, I don’t necessarily foresee that going away. I think that extensibility through API’s is only going to increase.  You need to pull data between different systems to either get reporting and metrics out of it or to increase your efficiency and automate some of your organization’s processes.

Microsoft Stack Vs. Best of Breed Approach (42:33)

Steve:  Yeah, it’s a trend for sure. Let’s talk about the Microsoft stack versus the best of breed approach. 

I’ll start by saying that we’ve been pretty impressed, I’d say, with the benefits of staying in the Microsoft stack. I think Microsoft nonprofit pricing that they’ve been committed to historically for so long, has definitely helped tip those scales. Especially for clients who’ve gotten used to the basic Microsoft products, like the desktop suite that’s always a starting place. 

If you have staff that live in Word and Excel already, it just builds out from there. And Microsoft’s very effective at leveraging all their touch points within this stack and integrating between them. And it ends up building a really compelling case for staying in their world. Just one example, if you are a Microsoft Word user, the fact that you can actually co author, have two people editing a Word document at the same time in Microsoft Word; you can actually see their cursor moving around.  You can do that if you have the Word documents stored in Office 365. In other words, in Microsoft’s data center, you can’t do it if it’s stored in Box or Dropbox. So just staying in their little world, you don’t get to do anything necessarily exciting. But you have Microsoft building out the experience that’s good enough on all fronts. And it’s not expensive and it works. And that’s the compelling case. But yeah, there’s something to be said for the best of breed approach, as well. Johanny, do you want to talk about that?

Johanny:  Mm-hmm. Yeah, yeah, there is definitely an advantage on standardization in Microsoft 365 stack for sure, Steve, I agree with that. But there are some organizations that we work with, either they’re either totally outside the Microsoft ecosystem, or they are running some sort of hybrid, where we have email and files and 365. And then they’re using Slack for instant communication collaboration instead of Teams or they use Zoom for phones and video conferencing and then other things, Azure, those types of things. 

I would say I want to give a shout out to Microsoft for focusing on bringing their similar apps to parity with these three and especially the growth that we have seen with Microsoft in the past few months.  Just briefly talking about Slack, because I think both Slack and Microsoft Teams definitely are excellent chat applications for companies. But I think ultimately, the choice between the two depends on what you’re looking for in a collaboration app. If you need a specific type of app integration or if you want to have that seamless integration within Microsoft apps.  

From what I have learned from recent discussions that I had with Slack users, is that the familiarity that they have on the platform, given that Slack has been the leader for so many years and Teams is just catching up in the past few months after COVID. So, the other thing is also that Slack is platform agnostic. And it works great if organizations are outside, like I mentioned, the Microsoft ecosystem. If they are using G Suite, Box or Dropbox, Slack definitely integrates better with that. 

I think Microsoft Teams wins, as you mentioned, to your point, Steve, whenever they’re using everything under the 365 umbrella; Teams is definitely a winner there. And the other thing to note here is that Microsoft Teams is included in the nonprofit price, the free subscription.  That is also something that has given them an edge when you compare them to Slack. 

The same thing applies to Azure. Azure is part of the Microsoft 365, in the Windows world. And so if you have Windows computers, then there is a seamless integration with Azure, your single sign on your multi factor authentication.  

But Octa does a great job, it’s a strong product, especially if you’re outside, if you have Macs and and you’re outside that Microsoft stack.  They also provide nonprofit pricing. I know that it’s not as generous as Microsoft, but it’s definitely there.

Steve:  While this is set up as a bifurcation of either Microsoft or best of breed, I think at the end of the day, maybe the evolution is that you actually need both.  You need it all.  

Organizations are going to need a Microsoft 365 or Azure AD account, because you’re going to use Office products.  Maybe you’re going to be in Gmail for collaboration with external partners. You’re going to use Slack for your chat tool; you’re going to use Teams because there’s some internal communications and video calling. You can use it all. 

I think the integrations are now at a really mature point where you’re going to be able to tie all those systems together with a single username and password and multi factor identity, so that it’s easy to use and it’s secure and you don’t have to pick. I think just going to the cloud, it’s not necessarily an all or nothing strategy.  Recognize you don’t have to pick just one or the other. You can do it all. I think it is important to have a good IT governance perspective in terms of identifying where data is and when to use what, but you can certainly be flexible and incorporate a wide range of tools in your toolkit to be a productive organization.

Johanny:  Yeah, yeah, I think what I like, on the Microsoft stack, when you have all those applications is the ease of management. So it’s easier to administrate because you have everything there.  If you go with a multi cloud solution, the management of all of those solutions can become a challenge.

Cybersecurity Trends (49:06)

Steve:  Matt, you want to talk about security?

Matt:  Hey, I always love to talk about security. And I’m glad there are so many people here asking questions. And again, I encourage you if you’ve got questions, go ahead and use the chat. I see Johan is diligently responding to some of those. I’m in there chatting as well. So thanks for those questions. Go ahead and send more and we will probably have a couple minutes to get to it. 

Before I really get rolling, next month we will be releasing what will be our third annual nonprofit cybersecurity incident report. That’s where we look at the security incidents that our team analyzes and responds to.  We work with about 5000 users, so we have a pretty good perspective on the types of security risks that nonprofit organizations face. We’ll reflect back during next month’s webinar.

I think in terms of the trends, there’s just a lot of stuff out there and 2020 was no different.  It’s more of everything.

More targeted spear phishing, more account compromises, more big vendors getting compromised. The risks are out there, the risks affect all organizations.  Nonprofits aren’t too small or too insignificant to be impacted by these cyber events. The trend, and I think it continued, I’ve probably been saying it for three years, but organizations continue to invest more and more time and energy and thought around protecting themselves. I’ve probably filled out more cyber liability insurance applications on behalf of our clients this year than any year before. And it’s because I think organizations realize the impact that cybertech can have on their organization.

The good news is the tools are out there to have a really well run and really secure organization. I think the shift to the cloud has improved that security. There’s a question in the chat, “Is going serverless going to help my security?” I think, yes, to an extent.  You’re going to reduce surface area, that’s the name of the game.  Reduce the number of ways bad guys can get into your network.  

If the server is hosting critical services and you move to cloud vendors that are going to be better able to protect and report access to your data, I think that’s all the better.  I think probably a big trend is our ability to identify and respond to security incidents a lot quicker.  With legacy on-prem systems, it could take a while to figure that out.  With cloud tools, the turnaround is a lot quicker. But, again, there’s lots of great tools out there protecting the endpoints. 

Multi factor authentication is now ubiquitous, it’s available on every platform, everybody needs to turn it on.  That’s the number one thing that you can do to protect your organization and your data. 

And then, as I said before, I think attackers are out there and nobody’s immune to this. They’re financially motivated. I think we saw that particularly in the nonprofit sector with Blackbaud’s data breach, breached a significant portion of their online or hosted resources. Blackbaud themselves paid a ransom to the bad guys, to make sure that they deleted the data. And so, this is big money. This isn’t just a hacker, with an IQ of 197, sitting in their parents basement messing around for fun. These are organized crime entities for the most part.  I think that’s referenced in the Verizon data breach incident report.

And otherwise, it’s state sponsored actors. So if you’re a policy, Think Tank group, you’re going to come under their watchful eye. I think the pressure on organizations to get their house in order from a cybersecurity perspective is certainly strong.  

There was a question in the chat, “Are we seeing organizations shift to Chromebooks, or Chrome OS from a security perspective?” I would say, no.  No, we are seeing use of more Chrome OS in data collection operations.  We are supporting more charter schools as they support education from home. So I think that’s in play in the education sector. I think still, at the end of the day, most of the clients that we’re working with, the focus is on performance and productivity. And that still is something that requires a Windows computer or a Mac OS computer.  You can install software, a web application from a management perspective is nice. But it doesn’t meet all the use cases for most organizations.  Certainly if you can do it, that’s great. But what we’re finding is that, even with the shift of a lot of things to the cloud, there’s still things that need to be installed or things need to be run locally on a device. So, again, there’s lots of great tools on the cybersecurity front to protect organizations. And we’ll talk actually more about that in the webinar next month.

Virtual Organizations (54:56)

Matt:  Let’s see, last one. So last slide, we have here, in this round of virtual organizations.  Community IT, we were a distributed organization for a long time and more so this year. And I think that’s a trend that we see here to stay.  We work with a lot of organizations, a number of their leases expired in 2020. And they’ve decided to go virtual for the time being and I think, there’s going to be a lot of discovery about what organizations need to be successful and does physical presence come into that?  I’m curious, for folks that are on, chat in or describe, how’s your organization been successful?

Steve:  I think another thing that we talked about on this slide, Matt, that you suggested bringing up, which I think is an interesting one in the nonprofit space is:  along with virtual organizations, the fact that a lot of our clients have run virtual conferences, which have pros and cons.  People found they had better reach and potentially more registrations when a conference was virtual and therefore easy to commit to. 

There’s no travel involved and maybe you didn’t charge as much for the tickets because it was hard to charge a lot for the tickets. But it was hard to make money from them.  That was some of the things one of the clients that I talked to about it informally.  I was just curious. Yeah, no vendor hall; we made a lot of money off of our vendor hall. Now, we didn’t have that. So that’s an interesting part of this whole virtual organization piece as well. 

And I don’t know if that’s going to be a trend or not, if as soon as people can go back to regular conferences, are virtual conferences really going to become a thing? More and more, I want to see how that plays out.

Matt:  Yeah, I would say, personally I did a fair amount of conferences in 2019.  I really enjoy that experience. I think it gives me time away; it gives me perspective. This year, I’ve signed up for a bunch of virtual conferences. I’ve spoken at some virtual conferences, but in terms of attendance, I just find it really hard to carve out the time, and to get that separation to really be attentive and learn at it. So, I think in terms of access, yeah, I think it’s great. I think people are going to have a lot more reach. I am curious to see what happens in terms of long term, how those two things blend.  It may not be that an organization just has a big annual conference once a year. And that’s what they do. Yeah, I think there’ll probably be some evolution and learning in terms of what works for each organization and their group of constituents.

Steve:  Johan, do you want to talk about Community IT and its experience being a virtual organization this year?  Not because we stopped, we still have an office, it’s just empty all the time. Right now.

Johan Hammerstrom:  For the most part, yeah.  We have had staff going in every once in a while, if they just need a change of scenery they’ll go in.  We’ve been very diligent about scheduling it so there’s only one person in the office at a time. But we have had that option. 

I know that a number of the organizations we work with, if their lease came up for renewal, they opted not to renew it and they just went completely virtual. So I know that’s been something that a number of organizations have done. And I think all of us have found ways to keep working as organizations in this virtual capacity.  

I know that we were fortunate at Community IT in that a lot of our staff were already working remotely from around the country. And we had a number of tools and processes in place to support that. I think one of the most challenging things, and it’s not technology, it doesn’t have to do with technology. But one of the most challenging aspects of running a virtual organization is maintaining a positive workplace culture.  Your workplace is now virtual in some ways and a lot of the things that you can create culturally in an office, you now have to find ways to create virtually and I think that’s something that organizations are going to need to continue focusing on in 2021. 

I think there was a real feeling that we just need to get through this in 2020. It’s this unusual, very strange circumstance that we find ourselves in, and now that it’s sort of become the new normal and as fatigue sets in, organizations are going to have to find ways to build and maintain and grow their culture in a virtual, and largely IT mediated environment. 

I think for us, one of the advantages that we’ve had or one of the strengths that we’ve really been able to build on is our employee ownership culture.  As an employee owned company, we’ve really, over the years, tried to empower our staff to feel like they’re part owners of the company, which in fact they are, and to really take ownership and create a very collegiate environment as a result. And so that’s something.  We’ve held employee ownership happy hours. I’ve tried to find ways to connect with staff throughout the company individually. I’ve actually interacted in some ways with a lot more staff than I normally would have through Teams and through one on one meetings. And so, I think being more intentional about maintaining and growing company culture is something that is really essential to running virtual organizations. And that’s something that I would encourage organizations to do.

I see we are at time. And Matt just texted me, “Hey, we went the entire way, the entire time with only saying ‘new normal’ once.” I swore I wasn’t going to say “new normal,” and at 59 minutes, I almost made it. 

Thank you all so much for joining us today. 

I do want to remind you of the next webinar, which Matt had mentioned during the cybersecurity portion: Nonprofit Cybersecurity Incident ReportThis is our third one, now. It’s a great look into the kinds of risks that nonprofit organizations face.  I encourage you to download and read the report. It’s going to be available in the next week or two. 

And I encourage you to sign up for the webinar next month, where we’re going to go over the report. We’re going to answer any questions that you have and really take a deep dive into nonprofit cybersecurity. 

So again, thank you all for joining us today. We are at time, I don’t know if there are any remaining questions that we want to take a little bit of extra time to answer but I’ve got a few more minutes. I can stay on if Matt, Steve and Johanny, if there are any final points or questions you want to answer.

Steve:  Looks like we answered the ones that were chatted in. I’m just scrolling through them now.  Okay. Yeah, it was fun.

Johan:  Great. Yeah. Well, thank you all so much. I learned a lot. I always learn a lot. This is one of my favorite webinars every year. I appreciate your time and my thanks to all the attendees for joining us today. Have a great afternoon.

All: Thank you.