Just because the United Way for Greater Dayton is a non-profit organization, that does not mean the well-known community solutions provider can do without a business-class infrastructure.
The United Way’s IT department helps the organization generate some US$13 million a year in donations which is then distributed amongst 72 partner organizations like the American Red Cross and local community centers.
The IT department also provides support for the Dayton’s urban development department and technical support for other small United Way branches in the surrounding area.
All of this put added pressures on the organization’s IT staff to keep the infrastructure robust enough to keep things running smoothly, and to take on added responsibilities such as the Untied Way’s move to electronic pledging.
However, as the infrastructure began to grow, the organization’s IT department found it needed to do a better job tracking and documenting problems, identifying security issues and improving such mundane things as the backing up of data.
“And then our financial auditors began asking some Sarbanes-Oxley questions,” said Bruce Brown, vice-president of information and technology with the United Way of the Greater Dayton Area. “As we began answering some of those questions, we noticed that while we did a lot of those things, we could not prove them as we did not write things down.”
Brown decided to use Symantec Corp.’s Symantec Systems Continuity Service (SSCS) to help his IT department not only better document what was happening on the network, but to also identify problems with the network and to prepare ways of fixing them.
The SSCS provides IT departments with audits of the infrastructure to help identify security, network and storage risks. The service also provides documentation of systems procedures and security policies that must be in place in order to meet the requirements under Sarbanes-Oxley and other regulatory measures.
Brown said the documentation part of the service was a real eye-opener, helping find problems from the serious to ones that were rather embarrassing.
“Embarrassing things with our wiring and electrical systems, that have now been fixed, to not doing enough to protect our data,” Brown added. “If people left, we were not doing enough to protect our data by making sure they were not doing anything to it or even making sure we got the keys back for the building.”
Part of the documentation Symantec provides through the SSCS is a set of best practices for vulnerability management. This includes the establishment of a baseline discovery to create a business impact and risk analysis, prioritization of risk and the outlining of a recovery strategy.
Brown said that having such a report helped him get the United Way’s CFO and CIO to better understand the financial cost of not tackling the security issues the SSCS found.
“I had mentioned firewall and other issues for some time,” Brown added. “I had been trying to find the money to do some of that stuff for about a year and a half. Then the report that came out of Symantec helped us show why such things were a top priority and all of a sudden the money was there.”