Just because the United Way of the Greater Dayton Area is a non-profit organization, that doesn’t mean the well-known community solutions provider can do its job without a business-class infrastructure.
The United Way’s Dayton, Ohio IT department helps the organization generate some US$13 million a year in donations, which is distributed among 72 partner organizations including the American Red Cross and local community centres.
The IT department also supports Dayton’s urban development department and offers technical support for other United Way branches in the area.
All of this put pressure on the organization’s IT staff to maintain a robust infrastructure, keep things running smoothly and take on more responsibilities such as the United Way’s move to electronic pledging.
However, as the infrastructure began to grow, the organization’s IT department found it needed to do a better job tracking and documenting problems, identifying security issues and improving such mundane things as data backup.
“And then our financial auditors began asking some Sarbanes-Oxley questions,” said Bruce Brown, vice-president of information and technology with the United Way of the Greater Dayton Area. “As we began answering some of those questions, we noticed that while we did a lot of those things, we could not prove them as we did not write things down.”
Brown decided to use Symantec Corp.’s Symantec Systems Continuity Service (SSCS) to help his IT department not only better document what was happening on the network, but also identify problems with the network and to prepare ways of fixing them.
The SSCS provides IT departments with audits of the infrastructure to help identify security, network and storage risks. The service also provides documentation of systems procedures and security policies that must be in place in order to meet the requirements under Sarbanes-Oxley and other regulatory measures.
Brown said the documentation part of the service was a real eye-opener, helping find problems ranging from “embarrassing things with our wiring and electrical systems that have now been fixed, to not doing enough to protect our data….If people left, we were not doing enough to protect our data by making sure they were not doing anything to it or even making sure we got the keys back for the building.”
Part of the documentation Symantec provides through the SSCS is a set of best practices for vulnerability management. This includes the establishment of a baseline discovery to create a business impact and risk analysis, prioritization of risk and the outlining of a recovery strategy.
Brown said having such a report helped him get the United Way’s CFO and CIO to better understand the financial cost of not tackling the security issues the SSCS found.
“I had mentioned firewall and other issues for some time,” Brown added. “I had been trying to find the money to do some of that stuff for about a year-and-a-half. Then the report that came out of Symantec helped us show why such things were a top priority and all of a sudden the money was there.”