Nonprofits and Data

last person joined: yesterday 

This group is for those interested in learning and sharing about all things data-related for nonprofits. The Nonprofits and Data group is for people using data to serve a mission, either directly or by improving nonprofits and the nonprofit sector. That includes everything from collecting data and managing databases to analytics, data visualization and data mining. Here are some examples of topics we discuss: using data to improve organizational effectiveness, measuring impact, using data for storytelling, tools for data management and analysis, figuring out the “right” data to collect, and learning skills to help us use data better.

Best practices for external Collaboration using cloud-based file management system

  • 1.  Best practices for external Collaboration using cloud-based file management system

    Posted Dec 13, 2019 14:33
    We recently launched our cloud-based file management system (Box.com), Staff members at my organization collaborate heavily with people outside the organization. While staff are learning the new tool, we are asking them to request system admin help in sharing folders or files for external collaboration. (Staff currently don't have permission to do this.)

    This isn't a sustainable method and we want more staff to have permission to do this for themselves and their teams.

    I was wondering if anyone can recommend best practices for external collaborations: giving staff more autonomy and also protecting security. ( For example, we want to be sure staff don't accidentally grant external access to more folders than intended.)

    ------------------------------
    Ilene Weismehl
    Knowledge and Data Manager
    Providence, RI
    ------------------------------
    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 2.  RE: Best practices for external Collaboration using cloud-based file management system

    Posted Dec 14, 2019 09:16
    Ilene,

    I'm not sure there is a simple answer to this. In my experience, managing collaboration both internally and externally is a combination of practices, technology, policy and training. For the problem you cite specifically, I think you could leverage Box folder-level settings to give specific people permission to share specific folders with accounts outside your organization. You could make a short (easy) form for non-admins to fill out requesting permission for this privilege on a specific folder or set of folders, with a business case for why they need it. Perhaps include whether it's time limited or not. Once granted the privilege, they can manage the shares on their own. Combine this with training and policy to support it and you would be in pretty good shape, I think.

    Here's a short article on best practices on Box specifically: http://www.resilient-networks.com/box-security-best-practices-external-sharing-content-collaboration-platforms/

    It also depends on how deep down the rabbit hole of file sharing, permissions, security, DLP (Data Loss Prevention), BYOD, etc. you want to go. You cite concerns about files/folders within Box being shared more broadly (or for a longer time span) than is appropriate, but there are also risks around access your Box content from personal devices, insecure networks, etc. If you want to explore that, I'm less familiar with tools for Box than other platforms, but here is an article and video from SkyHighNetworks, a CASB (Cloud Access Security Broker) that supports Box. https://www.skyhighnetworks.com/cloud-security-blog/real-time-visibility-and-control-for-box/

    I hope that helps, Ilene. Good luck!

    -JP

    ------------------------------
    Joshua Peskay
    Vice President of Technology Stratefy
    joshua@roundtabletechnology.com
    www.roundtabletechnology.com
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 3.  RE: Best practices for external Collaboration using cloud-based file management system

    Posted Dec 16, 2019 06:55
    @Joshua Peskay Thank your for your detailed response. We are in good shape on the second part of your answer (aka the rabbit hole). Still the reminders are important.  I appreciate your providing a broad stroke framework for thinking about the external collaborations. That is very helpful!  ​​We have a form for our ticketing system, but had not incorporated external collaborations as a particular kind of request. I can see how that would be very valuable, especially since it requires a specific kind of training. I especially like your suggestion to ask people to provide a business case for why they need the permission. That will ensure that all of us are being thoughtful and responsible about the collaborations. Thank you again!

    ------------------------------
    Ilene Weismehl
    Knowledge and Data Manager
    Providence, RI
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 4.  RE: Best practices for external Collaboration using cloud-based file management system

    Posted Dec 17, 2019 11:49
    Edited by Medha Nanal Dec 17, 2019 11:52
    Completely agree with Joshua in that, it's a combination of practices, technology, policy and training. For a complete and successful solution, all must be given due importance.

    Adding to what Joshua said: if your concern is that internal staff members might accidentally share private folder access, then in addition to Box platform level settings, it's also helpful to carefully determine the file/folder structure carefully.

    -- Develop guidelines for your staff regarding separating out the internal-only and external content into separate folders,
    -- Develop guidelines or a checklist, for a staff member to check before sharing the content with external parties,
    -- In organizations where this type of access control is crucial, document-level access policies are set up and enforced.
    -- Just like data governance processes, all the policies need to be "owned" by an oversight team of some sort. This ensures accountability and can identify process leak (!!) -- meaning holes in existing processes that leads to unintended sharing due to confusions etc.
    -- Last but not the least: the platform you work with (in this case Box), will have its own supported security model. The key to successful implementation is to know the sweet spots of this model and complement it with process layers or oversight etc.

    The important thing to note here is that the scale of this needs to suit your team's size and needs. Applying a process that is unnecessarily bulky to a small organization will be too restrictive and time-consuming, but not having sufficient granularity will leave holes in the framework.

    Happy to connect privately for further conversations.

    ------------------------------
    Medha Nanal
    Strategic Technology Consultant for Nonprofits (Fundraising, Operations, Programs)
    www.topcloudconsult.com
    medhananal@topcloudconsult.com
    650.600.9374
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 5.  RE: Best practices for external Collaboration using cloud-based file management system

    Posted Jan 13, 2020 18:05
    A little late to this thread but in addition to my total agreement with Josh and Medha, I would add that if you want to open up your system so that people can do more sharing without putting in a request, you can alsostart a practice of regular monitoring of permissions changes on folders. It can be as simple as a report that lists any folders that have been opened up to external users over a period of (for example) the last month, and the person charged with maintenance/governance can look it over monthly. If anything looks anomalous or there are shares that seem inappropriate or risky, that person can verify intent with sharers.
    --
    Lisa Jervis
    Principal
    Information Ecology: Strategic technology for progressive organizations
    https://iecology.org/

    My pronouns are she/her.
    I am in the Pacific time zone.

    Want to send me encrypted email? Use our form at https://iecology.org/contact/ or get my public key from https://ecl.gy/lj-gpg.



    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline