Evolving and Strengthening Organizational Security
By Sylvia Acevedo, CEO, Girl Scouts of the USA
In our ever-more data-driven world, information security is everyone’s problem-from individuals navigating the web who need to understand how to protect their personal information online, to businesses-large and small - protecting their own internal enterprise security. Also, guarding their customer data, to our own government, which has an even more fundamental security issue: keeping citizens and institutions safe from those who would do us harm.
In our second century of serving girls, families, and communities across the country, Girl Scouts is always evolving and strengthening our organizational security so that nothing gets in the way of our ability to deliver on our mission: building girls of courage, confidence, and character, who make the world a better place.
From an IT perspective, we deal with all of the issues that any other organization deals with, including securing our enterprise-wide IT infrastructure and customer information. Also, we’ve done a few things in the past few years that make us stand out among nonprofits.
Ten years ago we maintained our own servers and ran own applications but today our business model has evolved, first to hosted solutions and now to a variety of cloud-based services. Using Salesforce, we aligned 99 percent of our federated network of 112 regional councils across the country that are their own separate nonprofits (501c(3)s) under one operating model, which positioned us for greater and more nimble customer service. We also migrated to Office 365 for our own internal services like email and telecommunications and Sharepoint for file sharing.
We migrated to the cloud for a number of reasons, including velocity to market, quality of services, and cost improvement. But, one of the primary reasons is that, as a mission-driven organization, we wanted to be laser focused on the work of our movement.
Back when cyber-attacks were in their infancy, it was somewhat less complex for an organization to maintain all the proper security infrastructure and processes to keep up with the attackers. Over the past decade, however, cyber-attacks in every sector, including nonprofits, have accelerated to the point where threats are just too numerous and complicated to address, pulling too many of our IT resources away from our core business. Every business lives or dies by the security of its data, and even when we have the best IT people in the world, with unlimited resources, we’re not going to be able to keep up with the resources offered by a Google, a Microsoft, or an Amazon. It just made sense for us to partner with premier service providers to better achieve our goal of maintaining a data-healthy environment.
"With the basics of American banking and personal technology systems at risk, at Girl Scouts we see it as one of the most patriotic things we can do to build strong leaders in the STEM space"
Moreover, in the past few years we started addressing information security in a holistic way, investing heavily in technology, people, and processes across the organization to improve the level of information security performance. These ranged from developing secure applications, installing state-of-the-art infrastructure, and implementing best practice process improvements to establishing vendor contracts that require security controls, performing continuous, in-depth audits, and providing security awareness training to our employees.
Part of our focus on ensuring the security of applications we provide to councils like Digital Cookie, Salesforce, and our common operating model is keeping ourselves protected from the wide variety of security threats. Over the past years, Girls Scouts had made tremendous progress in strengthening our information security controls. And, as we have worked to ensure data security organization-wide, we have also answered the call of girls eager to explore everything from how to protect themselves and their families online to how to combat cyberbullying, as well as design, build robots, and use code for good. In 2018 we introduced new badges and journeys in subjects such as cybersecurity, computer science, robotics, and engineering, in partnership with companies like Palo Alto Networks and Raytheon.
Almost every day, there’s another news story about a cyber-attack that ranges from extortion and theft to espionage and data manipulation. Not only do girls see this in the news, but they also watch TV shows and movies with plots that involve hacking. This type of activity is a part of all of our lives now. And, just as Girl Scouts is working every day to ensure a safe data environment for our organization and the membership we serve, we are also committed to ensuring girls are exposed to these security issues as well. With the basics of American banking and personal technology systems at risk, at Girl Scouts we see it as one of the most patriotic things we can do to build strong leaders in the STEM space.
Today’s girls will, after all, be among the industry leaders fighting cybercrime in the future, and we’re giving them the tools they need to get there.