Thoughts on self-managed and third-party-hosted data stores

Data, the raw goods of the information economy, is expensive to create, organize, sift through, and disseminate. Financial costs as well as human labor expenses weigh on the budgets of nonprofits. As data, and data assembled into useful information of one kind or another, is costly and important, nonprofit leaders are wise to consider whether the management, control, and ownership of that data resides in the hands of the nonprofit or in a third-party vendor.

Consider the modern-day Rolodex, the constituency relationship manager (CRM) tool so important for tracking donors, volunteers, and myriad contacts for any organization, nonprofit or for-profit. The CRM is more than a name and address book, it is a record of communications, giving, and opportunities. Tools such as Salesforce or Highrise, both of which are powerful, web-based, hosted, CRM solutions, offer the user a relatively pain-free CRM experience in that the user need not install or update any software on her computer. On just about any web-connected computer, she can login and access as well as update the data in the CRM. What is important, in this particular example, is that the data is, obviously, not on her computer or directly in her control. The data lives on servers controlled by the vendor. She is given permission to access that data and, with a robust vendor, export that data.

The agreement between the user and the vendor is a complicated arrangement in one sense and quite simple in another. The agreement can be simplified to a basic contract where the vendor provides the tools to store and manipulate the user's data. The user is permitted to access that data, update the data, and, ideally, export the data. The user is not paying for the data itself, but rather the permission to access and manipulate that data. The user owns nothing, but is rather temporarily leasing the ability to access the data.

The contract is complicated in that the actual end user licensing agreement, and all of its lawyer jargon, spells out in minute detail the rights and responsibilities of both parties. For those brave and wise enough to read every word of the agreement the reality of ownership is stark. While it is in the best interest of the vendor to provide a quality, reliable service for each user, such that the user continues paying the recurring fees, when all is said and done, the data ownership issue is a point of concern.

The scenarios are few, perhaps, where a for-profit vendor absconds with user data or maliciously uses it for their own nefarious schemes. Such a business model will not last and users will act with their payments by taking those payments to another vendor. Free services, such as a Facebook or Gmail account, are in another camp in that these users, not paying for a service, are instead the product being mined and sold to the highest advertising dollar. That sector aside, vendors providing a fee-based service, with incentive to keep customers somewhat content, still control the strings manipulating customer data.

The advantages to hosting data on a third-party platform are compelling. 1) The vendor performs upgrades to the base software. 2) The vendor, at least a good one, performs regular data backups. 3) Multiple team members can easily access the same data from dispersed locations. 4) The software is, naturally, not on a local machine, so when a computer is retired, the software does not need to be reloaded on the replacement machine. 5) When issues arise, the user has some customer support resource to resolve problems.

Put another way, the factors of a self-managed solution to consider because they require high investment, essentially flipping the advantages of a third-party platform on their head, include installing software, upgrading the software, resolving problems when they arise, and replacing hardware. The time and money invested in a self-managed solution might be more effectively distributed instead towards higher priority organizational goals.

The philosophical bent towards data ownership rather than farming out data services to third-party vendors suggests each and every system, whether CRM, email, website, document management, or financials, will be internally managed. Not so. Some services, such as email, lend themselves to an external vendor because the cost, cost measured by dollars and time, of supporting that service internally versus the cost of using a third-party justifies using a vendor, or at the very least hosting email on a remote server. On a case-by-case basis, even the most ardent supporter of data self-ownership will choose to out-source some data management tasks, depending on the costs, advantages, and the proprietary, unique nature of the data.

Several filters may help determine whether self-management or third-party data management is appropriate in a given context:

Data value. What is the cost of replacing the data, if lost by the vendor? How sensitive is the data, should the vendor's system get hacked? Feature set comparison between self-managed and vendor managed solutions. Financial comparison between self-managed and vendor managed. Time investment for a self-managed solution.