Risky Business: Why servers are a liability for your Not for Profit

Not everyone will agree with me, but I believe that servers are a liability for most Not for Profits. Hear me out.

I regularly speak at conferences about IT risks for Not for Profits.

And without fail, there are always a handful of organisations in the audience that still have servers that store data or system applications.

When I ask why, they usually put it in the “too hard bucket.”

After helping several clients through this investment decision, I get it.

It is hard!

But this should still be a priority for most Not for Profits because servers are a liability.

 

What is a server?

A server is a computer that helps other computers by sharing information, files, or programs with them.

Here’s how it works:

1. Stores Stuff: Servers store information, like documents, pictures, or websites, so other computers can get them when needed.
2. Shares with Others: If your computer wants to see a website or use a cloud-based application, it connects to a server to get that information.
3. Different Jobs: Some servers share websites, some handle emails, some store files, and others let you use apps.

It can be stored in a physical box that usually looks like a large desktop computer. Or it can be virtual, meaning that it resides as a stand-alone package somewhere on a physical server, either in your facilities or in a cloud provider’s facilities that you’ll never see.

 

Reasons why servers are a liability for your organisation

While there are fewer servers in Not for Profits these days, there are still some that have them. For those organisations, here are several reasons why servers are a liability.

1. Servers (virtual and physical) require maintenance. Too many times I find organisations lack the internal staff skills to apply appropriate updates and security patches and/or have failed to properly outsource this requirement to a managed service provider, creating cybersecurity and business continuity risks.
2. Servers must be replaced over time. When I find Not for Profits with servers, I also find about half the time that the vendor no longer supports the hardware and/or software. That’s because it costs money to make this change, even if it’s a virtual server. This, again, translates to both cybersecurity and business continuity risks.
3. Servers must be backed up. The number one mitigation for a cyber attack or a hardware/software failure is appropriate backups (in a different location). When an organisation has servers, I often find that backups may be in place, but they are rarely tested to see if they work appropriately – creating business continuity risks once again.
4. Physical servers require power backups too. If the power goes out in the facility that hosts the physical server, then even your remote staff will not be able to access the applications and data sources stored on their servers. Because power backups (UPS) can cost 5 figures or more, few Not for Profits can afford more than an hour or two of such backups.
5. Data servers are disorganised messes of information. Whenever there are data servers, there are usually years of stored information. Yet staff complain about how hard it is to find the right data.
6. Application servers are a sign of an outdated system. Almost all software vendors have moved from server products to cloud-based ones. So, if I see an organisation that still uses a server-based application, there’s a good chance it is no longer meeting its needs. Furthermore, it’s either no longer being supported by the vendor, or any existing support will likely end very soon.

 

Why some will disagree with me about servers as a liability

There will always be a handful of people who will disagree with me on this topic, saying that servers are cheaper, particularly for data storage in particular.

And they are right… but only if your organisation has a huge amount of information that hasn’t been deleted, archived or generally managed in a long time.

In this circumstance, while having the ability to store more information at an affordable price may be appealing, few find this amount of information to be useful. Furthermore, legislation generally only requires 7 years of certain data to be stored, which can be archived (and takes less space).

So, for those that say this, I can usually predict that they are still using servers only because it allows them to delay an information clean-up project. In reality, such a project will benefit an organisation much more than cheap data storage.

 

The benefits of migrating away from servers

So if servers are a liability, what are the benefits of moving away from them? Here’s a short-list:

• Risks shift to higher-skilled vendors. When you move off servers to cloud-based vendors, you shift the responsibility of management and maintenance responsibilities from your organisation to companies that can afford more specialised skilled-employees. For most Not for Profits, this decreases both cybersecurity and business continuity risks.
• Cloud-based vendor offerings are generally more easily scalable than those that reside on servers, both up and down as you need it.
• It can be easier to budget for operating expenses than periodic capital expenditures. Moving away from servers to cloud providers can result in more predictable operating expenses and fewer large capital investments. The exception to this benefit is if your data storage is not managed well. In this case, it can become unpredictably more expensive.
• For application servers, a shift to a cloud-based solution generally gives the organisation a functional and user-experience uplift too. Given that most system applications are cloud-based now, any server-based system is likely 10 years or older. Consider an upgrade to something more modern, and your staff will thank you.
• Your information can become more valuable. Most organisations with data servers could move that information into their existing Microsoft storage locations i.e. OneDrive and SharePoint (usually for no additional storage costs). If done strategically (meaning that data is cleaned, classified and organised), current and future information will be far easier to find and use, including through the use of Copilot (Microsoft AI tools).

 

Final thoughts

While there may be a small handful of Not for Profits that have legitimate reasons to still have servers, for most organisations, servers are a liability.

They cost resources and money to properly maintain and replace, creating business continuity and cybersecurity risks.  Furthermore, there are usually better cloud options for both data storage and applications today.

So, if your Not for Profit still has servers, it’s time to take it out of the “too hard bucket” and make this migration a priority project for the future.

 

 

I regularly help Not for Profits with IT risk mitigations and investment decisions.  Let me know if you need some help.

 

P.S. If you found this article helpful, you might want to read these too:

• • What’s the difference between a server, a virtual server and the cloud?
  • The #1 issue making Microsoft 365 Copilot unsafe for most NFPs
  • Why poor data quality is hurting your organisation

 

Tammy Ven Dange is a former charity CEO, Association President, Not for Profit Board Member and IT Executive. Today, she helps NFPs with strategic IT decisions, especially around investments.