Another Cloud Is Possible

(1)

Another Cloud

Is Possible

Allen Gunn, Aspiration

[email protected]

Twitter: @aspirationtech

aspirationtech.org/publications/manifesto aspirationtech.org/publications/manifesto

This material licensed Creative Commons Attribution Share Alike 2.5+

(2)

What are we talking about?

►

What is “The Cloud” and why care?

►

What I love (and love less) about cloud

►

Case studies on the same

►

Pictures real and imagined

►

Control of destiny in the cloud

►

Security issues in the cloud

►

NGO solidarity in the cloud

(3)

Who is Aspiration?

►

We work with stakeholders across the

nonprofit software supply chain:

 _{We advise NGO technology decision}_{We advise NGO technology decision}

makers on how to employ tech sustainably makers on how to employ tech sustainably and affordably

and affordably

 _{We advise vendors and developers on how}_{We advise vendors and developers on how}

and what to build for NGO users and what to build for NGO users

 _{We advise grantmakers on technology}_{We advise grantmakers on technology}

strategies strategies

(4)

Who is Aspiration?

►

Most importantly, we support & advise

 _{Nonprofit and Foundation Staff}_{Nonprofit and Foundation Staff}

on how to apply technology on how to apply technology

 _{On Their Terms}_{On Their Terms}

to to

 _{Achieve Impact}_{Achieve Impact}

in their in their

(5)

What is this talk about?

►

Movement Solidarity

►

Collective Buying Power

►

Shared Responsibility

►

Paying Attention to Infrastructure

►

Looking more than one step ahead

►

In short, doing the cloud on your terms,

not somebody else's terms

(6)

What Is the “IT” Problem?

►

IT is damn hard and ever-changing

 _{And it's probably not your core mission}_{And it's probably not your core mission}

►

IT is expensive, hard to cost manage

 _{Tough to budget stuff that keeps changing}_{Tough to budget stuff that keeps changing}

►

IT staffing is too often a struggle

 _{Tough to find and retain talent}_{Tough to find and retain talent}

 _{Social and communications skills an issue}_{Social and communications skills an issue}  _{Personal hygene also a risk factor}_{Personal hygene also a risk factor}

(7)

What Is the “IT” Problem?

►

(Sound of trumpets!)

►

“

The Cloud” to the rescue!!!

 _{"The Cloud Is Easier"}_{"The Cloud Is Easier"}

 _{"The Cloud Saves Time and Money"}_{"The Cloud Saves Time and Money"}  _{"The Cloud Reduces Staffing Needs"}_{"The Cloud Reduces Staffing Needs"}  _{"The Cloud is More Secure"}_{"The Cloud is More Secure"}

 _{"The Cloud Tucks Me In At Night"}_{"The Cloud Tucks Me In At Night"}

(8)

What is the Cloud to Us?

►

Apps running online, available remotely

 _{Maintained, improved by somebody else}_{Maintained, improved by somebody else}

►

Data stored on web-accessible servers

 _{Collaboratively edited and curated by}_{Collaboratively edited and curated by}

permissioned folks permissioned folks

►

Access to all of the above from

anywhere you have internet access

 _{Client devices play a simpler role}_{Client devices play a simpler role}

(9)

Things I Love About the Cloud

►

Real time collaboration

 _{...co-creating documents on a call...}_{...co-creating documents on a call...}

►

Open-ness

 _{Inviting others into my work and thinking}_{Inviting others into my work and thinking}

►

Focus-ability

 _{Someone else manages technology pieces I}_{Someone else manages technology pieces I}

don't want to think about don't want to think about

(10)

Things I Love About the Cloud

►

Availability

 _{e.g. when my primary device and I are in}_{e.g. when my primary device and I are in}

separate locations separate locations

 _{Rich support for “oops, I forgot to bring...”}_{Rich support for “oops, I forgot to bring...”}

►

Serendipity

 _{Due to all of the above, interesting things}_{Due to all of the above, interesting things}

just happen just happen

(11)

Cloud Changes the Game

►

Establishes new collaboration zones

 _{Private places to throw it all together}_{Private places to throw it all together}

 _{Relatively “organizational culture neutral”}_{Relatively “organizational culture neutral”}

►

Reduces collaboration boundaries

 _{No fighting firewalls for access to servers}_{No fighting firewalls for access to servers}

►

Preserves organizational memory

 _{Across fire drills and turnover}_{Across fire drills and turnover}

►

Drives accountability and transparency

(12)

Case Study - Mozilla Etherpad

►

Etherpad is a collaborative text editor

 _{Like Google Docs without the overhead}_{Like Google Docs without the overhead}

►

Mozilla uses it for conference call notes

 _{Call host sets up template, shares link}_{Call host sets up template, shares link}

 _{Notes are available in real time, no waiting}_{Notes are available in real time, no waiting}  _{Call participants can contribute notes, fixes}_{Call participants can contribute notes, fixes}  _{Chat feature enables parallel commenting}_{Chat feature enables parallel commenting}

(13)

(14)

Case Study: SF BART Protests

(15)

2011 SF BART Protests

►

Activists used social media and other

cloud platforms to organize, coordinate

 _{Enabled rapid turnout, adaptation of tactics}_{Enabled rapid turnout, adaptation of tactics}  _{Dramatic (annoying) successes achieved}_{Dramatic (annoying) successes achieved}

 _{So the next time around...}_{So the next time around...}

►

SF Police cut off internet in stations

 _{Instantly eviscerated the network}_{Instantly eviscerated the network}

 _{Neutralized rapid response, coordination}_{Neutralized rapid response, coordination}

(16)

Let's get conceptual...

►

There are 2 ways of envisioning Cloud

 _{The way it is sold}_{The way it is sold}

 _{The way it works in practice}_{The way it works in practice}  _{...and we've got pictures}_{...and we've got pictures}

►

We look at cloud through a lens of

organizational development

 _{Goal: .orgs control their technology destiny}_{Goal: .orgs control their technology destiny}  _{The path to the same is workflow-driven}_{The path to the same is workflow-driven}

(17)

The Cloud of Lore

(18)

Our Cloud of NPTech Reality

(19)

Control in the NPTech Cloud

►

NGOs should follow cloud strategies

that maximize their control over

long-term destiny

term destiny

►

Much comes down to what routes

through your domain name

 _“_“_{Why Facebook=Enterprise #FAIL for us”}_{Why Facebook=Enterprise #FAIL for us”}

 _{http://www.politico.com/news/stories/0910/42364.html}_{http://www.politico.com/news/stories/0910/42364.html}

►

The game is figuring out what makes

sense to store at what layer of control

(20)

It's all about the Data

►

Tragedy of the NGO financial reality

 _{There are budget line items for software}_{There are budget line items for software}  _{There are budget line items for hardware}_{There are budget line items for hardware}  _{There are budget line items for labor}_{There are budget line items for labor}

 _{There are rarely line items for DATA}_{There are rarely line items for DATA}

►

Tech is a vessel to story & carry data

 _{As you consider cloud, it's about the DATA}_{As you consider cloud, it's about the DATA}  _{Your DATA is your digital power}_{Your DATA is your digital power}

(21)

►

We look at the cloud as 4 layers of

enterprise leverage

►

(1) Stuff behind your domain name on

remote servers you own and administer

 _{Outside of your walls, it's the highest level}_{Outside of your walls, it's the highest level}

of control of control

 _{eg, cloud CRM at civicrm.aspirationtech.}_{eg, cloud CRM at civicrm.aspirationtech.}_org_org  _{Cloud factor: “meh”, but an essential}_{Cloud factor: “meh”, but an essential}

option to know you have option to know you have

(22)

Control in the NPTech Cloud

►

enterprise leverage

►

remote servers you contractually

control on terms you like

 _{Someone else handles the lower levels}_{Someone else handles the lower levels}

 _{e.g. our Drupal and Wordpress sites hosted}_{e.g. our Drupal and Wordpress sites hosted}

at www.rochen.com at www.rochen.com

(23)

►

We look at the cloud as 4 layers of

enterprise leverage

►

application servers you don't control

 _{e.g. Wordpress.com, Google for Domains}_{e.g. Wordpress.com, Google for Domains}  _{The idealized cloud of “I don't think about}_{The idealized cloud of “I don't think about}

IT or hosting hassles”; limited control IT or hosting hassles”; limited control

 _{Concerns: Redundancy, long-term support}_{Concerns: Redundancy, long-term support}  _{You “retain” your ability to migrate}_{You “retain” your ability to migrate}

(24)

Control in the NPTech Cloud

►

enterprise leverage

►

(4) Behind “their” domain/”the rest”

 _{A.K.A. “minimal control of your destiny”}_{A.K.A. “minimal control of your destiny”}  _{Basecamp, Facebook, Bit.ly, YouTube …}_{Basecamp, Facebook, Bit.ly, YouTube …}  _{Your mileage is guaranteed to vary}_{Your mileage is guaranteed to vary}

 _{If you love yourself, keep local copies of}_{If you love yourself, keep local copies of}

anything that matters anything that matters

(25)

How Most Cloud Companies

See Their Priorities

►

#1 Major investors/shareholders

►

#2 Major revenue sources

►

#3 Primary user bases who drive major

revenues

►

#4 Data gleaned from users, revenue

sources to drive follow-on revenues

►

…

(26)

Moral: Don't Get Locked Out

(27)

Aspiration's Cloud Fatalism

►

All tech relationships should be

predicated on divorce

►

Apply the “Hollywood Marriage” rule:

 _{Nothing tech lasts forever. Nothing.}_{Nothing tech lasts forever. Nothing.}  _“_“_{Pre-nup thinking” becomes critical}_{Pre-nup thinking” becomes critical}

 _{Model for eventual (or sudden) migration}_{Model for eventual (or sudden) migration}  _{Verify data export on a regular basis}_{Verify data export on a regular basis}

(28)

Aspiration's Cloud Checklist

►

Relationship questions to ask about

cloud options

 _{Can we put it behind our (sub) domain?}_{Can we put it behind our (sub) domain?}  _{Can we talk to other clouds in this}_{Can we talk to other clouds in this}

relationship? relationship?

 _{Who else is this cloud hanging out with?}_{Who else is this cloud hanging out with?}  _{Can we leave when we want?}_{Can we leave when we want?}

(29)

Aspiration's Cloud Checklist

►

Asset questions to ask...

 _{Can we export our data on demand in}_{Can we export our data on demand in}

open, complete formats? open, complete formats?

 _{Is our data really our data?}_{Is our data really our data?}

 _{Is our data secure, encryptable, private?}_{Is our data secure, encryptable, private?}  _{Who else can look at our data?}_{Who else can look at our data?}

 _{In what legal jurisdiction is our data stored?}_{In what legal jurisdiction is our data stored?}  _{What is your policy regarding government}_{What is your policy regarding government}

requests for data? requests for data?

(30)

Aspiration's Cloud Checklist

►

Why ask all these questions???

 _{Because “Single Points of Failure” are not}_{Because “Single Points of Failure” are not}

as cool as they used to be as cool as they used to be

 _{Most cloud solutions represent uniquely}_{Most cloud solutions represent uniquely}

un-leveraged relationships un-leveraged relationships

 _{There's “looking”, there's “leaping”, and}_{There's “looking”, there's “leaping”, and}

there's “having a Plan B”, and the there's “having a Plan B”, and the

sequencing of those matters sequencing of those matters

(31)

Security in the Cloud(s)

►

Security of cloud-based systems

 _{There is no simple yes/no answer to the}_{There is no simple yes/no answer to the}

question of “is it more/less secure?” question of “is it more/less secure?”

 _{The only safe statement is “it is a tradeoff”}_{The only safe statement is “it is a tradeoff”}

►

Security is a process, not a state

 _{Redundancy is the golden rule}_{Redundancy is the golden rule}

 _{Develop cloud competency before putting}_{Develop cloud competency before putting}

mission critical data there mission critical data there

 _{Take a “threat matrix” approach when}_{Take a “threat matrix” approach when}

assessing risk and security assessing risk and security

(32)

Cloud Security: Threat Matrix

►

Threat: Data loss

 _{Is your data redundantely backed up? S3?}_{Is your data redundantely backed up? S3?}  _{Have you practiced test restores?}_{Have you practiced test restores?}

►

Threat: Governments

 _{Who are your grantees, where are they?}_{Who are your grantees, where are they?}  _{What jurisdiction does your data live in?}_{What jurisdiction does your data live in?}  _{Are you funding in areas of “national}_{Are you funding in areas of “national}

security”? e.g. Immigration? security”? e.g. Immigration?

(33)

Cloud Security: Threat Matrix

►

Threat: Intelligence seekers

 _{Who are your opponents and assailants?}_{Who are your opponents and assailants?}  _{Who wants to know more about how and}_{Who wants to know more about how and}

with who you are working? with who you are working?

►

Threat: Disgruntled staff

 _{Have a proactive password policy}_{Have a proactive password policy}

 _{Have a smart account ownership protocol}_{Have a smart account ownership protocol}  _{Staff turnover should trigger thorough}_{Staff turnover should trigger thorough}

password changes password changes

(34)

Paths to Cloud Security

►

Employ redundant multi-vendor backup

 _{And don't forget local download}_{And don't forget local download}

►

Force SSL connections or VPN access

 _{Preclude "snooping" of data and passwords}_{Preclude "snooping" of data and passwords}  _{Assert your expectation of privacy}_{Assert your expectation of privacy}

►

Have well-thought-out data policies

 _{Have clear and enforced exclusion and}_{Have clear and enforced exclusion and}

retention policies for cloud retention policies for cloud

(35)

Empower Yourself on Privacy

►

Mozilla for User Sovereignty

 _{Collusion - www.mozilla.org/en-US/collusion}_{Collusion - www.mozilla.org/en-US/collusion}  _{Firefox Browser Sync}_{Firefox Browser Sync}

 _{Mozilla Social Share}_{Mozilla Social Share}

►

TOR for anonymity

 _{www.torproject.org}_{www.torproject.org}

 _{Make sure your site works with TOR}_{Make sure your site works with TOR}

►

Off-The-Record Messaging

(36)

Mozilla Collusion

(37)

The Other Thing: The Big “I”

►

Online enterprise identity is unsolved

 _{We all manage dozens of credentials}_{We all manage dozens of credentials}  _“_“_{Fragmented” is an understatement}_{Fragmented” is an understatement}

 _{Battle for control of online identity rages}_{Battle for control of online identity rages}

►

The other other “I” thing online

 _{Org identity and individual identity blur}_{Org identity and individual identity blur}

 _“_“_{Can you invite my @GMail, not my @.org”}_{Can you invite my @GMail, not my @.org”}  _{You need clear policies for distinguishing}_{You need clear policies for distinguishing}

(38)

The Other Thing: The Big “I”

►

Judge cloud companies by their primary

unit of identity

 _{Google, Facebook: Centered on The}_{Google, Facebook: Centered on The}

Individual, aka The Consumer Individual, aka The Consumer

 _{Basecamp, Salesforce: Centered on The}_{Basecamp, Salesforce: Centered on The}

Organization Organization

►

Is your cloud platform using you as a

gateway to your users?

►

Favor cloud providers that give The Org

their due

(39)

So What to Do?

►

Focus on three poles of NPTech

 _{First People}_{First People}  _{Then Process}_{Then Process}

 _{Last Technology}_{Last Technology}

►

Do incremental research and migration

 _{Acknowledge that cultural change is hard}_{Acknowledge that cultural change is hard}  _{Leverage opportunity to improve processes}_{Leverage opportunity to improve processes}  _{Don't make any big cloud bets right away}_{Don't make any big cloud bets right away}

(40)

The NPTech Cloud is young

►

Enterprise data management

 _{We need more than just newer data silos}_{We need more than just newer data silos}  _{Many apps don't understand how NGOs}_{Many apps don't understand how NGOs}

and nonprofits work and nonprofits work

►

Identity, identity, identity

 _{Stuff needs to talk to stuff on OUR terms}_{Stuff needs to talk to stuff on OUR terms}  _{It's a tough, unsolved problem}_{It's a tough, unsolved problem}

(41)

The NPTech Cloud is young

►

Interoperability, interoperability, inter...

 _{Prioritize open standards, long-term APIs,}_{Prioritize open standards, long-term APIs,}

free/open source-based solutions free/open source-based solutions

 _{Don't adopt anything browser-specific}_{Don't adopt anything browser-specific}

►

Establish rich offline synchronization

 _{Single-points-of-failure are}_{Single-points-of-failure are}_so_so_1970's_1970's

►

Don't trailblaze

 _{Copy/model others' successes, learnings}_{Copy/model others' successes, learnings}  _{Unless you're a trailblazer}_{Unless you're a trailblazer}

(42)

The Outlook for Cloud

►

Cloud is not a fad

 _{And it really can deliver benefits}_{And it really can deliver benefits}

►

Intentionality is key to migration

 _{Involve all users in process from Day 0}_{Involve all users in process from Day 0}  _{Base migration on workflows, not tools}_{Base migration on workflows, not tools}

 _{Assert control and portability of your data}_{Assert control and portability of your data}  _{Maximize control of your online identity}_{Maximize control of your online identity}  _{Have fallback plans at the ready}_{Have fallback plans at the ready}

(43)

The Outlook for Cloud

►

The cloud gets NGOs to better places

 _{Innovative ways of engaging supporters}_{Innovative ways of engaging supporters}  _{New modes for building allies, support,}_{New modes for building allies, support,}

awareness awareness

 _{Collaboration, cost savings, convenience}_{Collaboration, cost savings, convenience}  _{Ability to focus on impact, not on IT}_{Ability to focus on impact, not on IT}

(44)

Another Cloud is Possible

►

Technology Decisions are Political

Decisions

 _{You are what you use}_{You are what you use}

►

Don't let your organizational tech

knowledge atrophy

 _{Don't let cloud tactics sap tech vitality}_{Don't let cloud tactics sap tech vitality}

►

Demand cloud tools that meet NGO

needs on our terms

(45)

►

Prioritize values-aligned hosting

 _{Store your data with people in solidarity}_{Store your data with people in solidarity}

with your causes with your causes

 _{ElectricEmbers.org, NPOGroups.org}_{ElectricEmbers.org, NPOGroups.org}  _Riseup.net_Riseup.net

 _{FluxxProject.org}_{FluxxProject.org}

►

Practice Sector-Level Solidarity

 _{"First they came for the communists, and I}_{"First they came for the communists, and I}

didn't speak out because I wasn't a didn't speak out because I wasn't a

communist..." communist..."

(46)

►

These are exciting times for new

paradigms

 _{There is more than one way to get there}_{There is more than one way to get there}  _{The journey should be the .org reward}_{The journey should be the .org reward}  _{Make your organization's path one of}_{Make your organization's path one of}

greatest sustainability, not least greatest sustainability, not least

resistance :^) resistance :^)

(47)

Thank You!

(48)

Questions?