Oxfam CIO on cloud, security and goats in the boardroom

Oxfam has embraced cloud computing and a strategy of buying services rather than building its own technology to help the humanitarian charity in its fight against poverty, CIO Peter Ransom said.

Ransom was talking at an event in London at the end of last month about changing the organisation’s mindset to enable the charity to deal with its unique set of challenges while working towards the goal of removing people from poverty – which can involve comparing savings to the number of goats it can buy to get governors on board when proposing transformation.

“Buy, don’t build – and keep it vanilla if you can,” Ransom said.

“Our strategy is coming off owning boxes. It’s less about box support and more about buying services, and the global nature of what we do lends itself to cloud services.”

Ransom said that when he arrived at Oxfam from the BBC in May 2010, he encountered a marketing department who had bought their own server and would not share it with the rest of the organisation.

“I had to get the organisation used to buying services and get in the mindset around that. We could get things better and at a higher quality, but it did also show me we didn’t have a service support function which was good at negotiating and managing contracts, and we have learned to get far sharper at this.”

Scalability

One of the major drivers for migrating Oxfam’s IT estate to the cloud was one of scalability. The Oxfam online store, Ransom explained, would get a 10 to 100-fold increase in demand in the run up to Christmas compared to the rest of the year, and the charity also sees a massive increase in demand for the website in the hours following major disasters.

“This can happen at any time, like the Boxing Day tsunami in 2004,” Ransom said.

“We need to have the website running so people can donate money. Following the January 2010 Haiti earthquake the Oxfam co-hosted server fell over with the demands and it was estimated we lost something like £1 million – and the organisation felt it could have saved a lot of people with that million pounds at the time.”

Security in the cloud is a concern for Ransom, but he believes buying in expertise is a more savvy move for his operation than trying to do everything in house.

Ransom said: “We’re a charity, what do we know about security and network management? I have some good people but what do I do when they leave, or when they are not around?

IT under fire

“I have to recognise we are not an IT operation so its hard to invest in my people who might not always be there.

“Do I really want to invest in a data centre again – do I need that disaster recovery site? I can’t justify that; I need the flexibility that going to services provides us.”

Ransom also explained how cloud connectivity offered other security benefits when operating in the unique environments Oxfam is involved in.

“Security is a challenge anyway when I have a militia walking into one of our local offices, pointing machine guns at my guys and saying ‘remove the disks and give them to us now’. They want the data and this happened three weeks ago – we were listening to the phoneline hearing a militia telling my guys in the office to rip the disks out,” he said.

“We had another call last week saying ‘transfer the data’ now as a group was smashing the doors in.

“That gives me a different view of what data security in the cloud really is.”

Goats in the boardroom

Ransom also discussed how to build a business case to put to the leadership board and trustees of the charity when battling for resources and change, which can take an idiosyncratic route when dealing with one of the largest charities in the world, an international confederation of 17 organisations working in approximately 90 countries.

“The first thing I had to do was get their trust, which I did through delivery,” Ransom said.

“Like the BBC its a hugely emotionally-driven organisation and you need to use your emotional intelligence to push that through.

“When it was email, we translated the savings into the number of extra goats we could buy – it was a case of finding something they could understand.

“But data security is the next thing that’s going to worry me a lot I think. We had a spam DDoS attack in Belgium a few weeks back. We’re putting 10 times more into security than previously. We’re talented and passionate amateurs compared to the security experts so they were on board with the business case to spend more on that.”