On the cutting edge
Every day, charity: water works to provide communities in developing countries with clean, safe drinking water. Taking an innovative approach to technology allows the organization to help more communities—and that means constantly exploring new technologies that improve efficiency and agility.
Great tech on a tight budget
Initially, charity: water relied entirely on donated on-prem infrastructure. To cut down on maintenance and increase agility, it looked to the cloud. Over time, it became a cloud-first organization relying on apps like Box, DocuSign, and G Suite.
A single source of truth
Before long, charity: water rolled out almost 60 apps—each requiring a different set of credentials. It became challenging to maintain a high level of security across many disparate apps, so the organization decided to implement Okta Single Sign-On (SSO).
Okta is our front door. It's our entryway into all of those services and systems that we need to do our job. The idea is that everyone will become so comfortable with Okta that it will become second nature to them.Ian T. Cook, Head of IT at charity: water
Bridging the gap
10 years ago, a man named Scott Harrison decided to ask for charity donations instead of birthday gifts. That was Harrison’s first act as CEO of what would soon become charity: water, a non-profit organization that’s helping to provide clean, safe drinking water to communities in developing countries all over the world. charity: water acts as a bridge between donors and partners—particularly trustworthy organizations that are already established in the field, like Water for Good, International Rescue Committee, and Clear Cambodia. charity: water also supports donors via a platform called mycharity: water, where anyone, of any age, can start a fundraising campaign.
Now, the organization works in 24 different countries, and has helped supply more than 7,000,000 people with clean drinking water. It also has about 80 full-time staff members. Most of them are working at charity: water headquarters in Tribeca, but the organization also hires engineers who work remotely across the US, Ethiopia, and Cambodia.
As the organization grew, its IT needs increased and Ian T. Cook was brought on to head up the IT department. As Head of IT, he spends a lot of time looking for ways to use new tech to keep missions running smoothly, protect data, and improve the donor experience.
“I try to keep things interesting,” says Cook. “We have a lot of core values at charity: water and one of them is innovation. Everyone in every department is encouraged to continually try to be innovative in their role. I take this really seriously because I know that in a support role like IT, you can get stuck in repetition and just keep the status quo. You can really lose your passion for the mission that way.”
We have a lot of core values at charity: water and one of them is innovation.
As a non-profit veteran, Cook says he’s seen a lot of people lose their passion, so he’s always trying to make sure his team has access to the best, most efficient tools possible. He does that by maintaining a strong network within the charity sector, researching, and then comparing notes with others doing similar work.
“I want to stay relevant, and I want to stay up to date with what's going in the sector,” says Cook. His first move after he was hired? Transitioning as much of the infrastructure as he could to the cloud.
Head in the clouds
As a nonprofit, charity: water takes its role very seriously, especially when it comes to managing its donors’ money. The organization is extremely careful with its funds, so a lot of its technology infrastructure was on-prem—because it had been donated. By budgeting carefully, though, Cook was able to implement a new system that improved scalability and reliability, and cut down on maintenance.
“I got off the old email system and went to Google’s G Suite, moved away from regular fax machines and built in digital faxing and digital signatures with DocuSign.”
Before long, charity: water implemented about 60 different apps, including Box, which they use for file storage and content collaboration. But all of these new technologies presented Cook with a new challenge—password management.
“I was talking about it constantly, bringing it up at staff meetings,” says Cook. “Please make sure you don't use the same password on all of your systems. Please make sure it's alphanumeric and this many characters. But I had no way to actually enforce it.”
Please make sure you don't use the same password on all of your systems. Please make sure it's alphanumeric and this many characters. But I had no way to actually enforce it.
Cook looked at a couple of options, including OneLogin. But by now, he had built a strong relationship with the team at Box and was spending a lot of time discussing various cloud solutions with them. Box recommended the Okta Identity Cloud.
“They had such amazing things to say about Okta,” says Cook. “That just made it so much easier for me to advocate for it to my finance committee and to the executive team.”
It also helped that Cook was able to tap into special savings that Okta offers nonprofits through Okta for Good. Okta’s “robust feature set” appealed to Cook as well.
“It was easy to use. The admin console is laid out in a very intuitive way. Everything I want to do is there,” says Cook. “I thought about it from an end user standpoint—the dashboard and what that would look like. Having that beautiful dashboard with all your apps there, just being able to click on what service you want to use, and having that tab available throughout your whole workday—it's amazing.”
Better, faster, stronger
charity: water adopted a number of products from within the Okta Identity Cloud, specifically Universal Directory (UD), Single Sign-On (SSO), Lifecycle Management, and Adaptive Multi-factor Authentication (AMFA), and together, these products solved the identity challenge. Since charity: water is using Okta’s Universal Directory as their corporate directory, their users are Okta-mastered, giving them one place to manage all their users, groups and devices. This gives the organization a single source of truth--and makes the onboarding and offboarding process much easier. Additionally, they have been able to avoid deploying traditional on-premise directories such as Active Directory.
“Having that source of truth, having that ability to authenticate all of our systems, it just creates so much efficiency within the department,” says Cook. “It streamlines all of our onboarding or offboarding, our ability to keep track of what systems are core systems and who has access to them, and determining what other permissions the users have.”
Having that source of truth, having that ability to authenticate all of our systems, it just creates so much efficiency within the department.
Right now they use Lifecycle Management to provision Box, G Suite, and DocuSign, and they plan to integrate more in the future, including Slack, Netsuite, and GitHub. Cook successfully transitioned charity: water to a cloud-first organization, so bringing all of these apps together in one system is the clear next step.
Security is a key priority for Cook. Not only is he responsible for putting donor money to good use, he’s also deeply committed to protecting their personal information—as well as the information belonging to charity: water’s partners.
Every employee or contractor with a charitywater.org email address is set up with Multi-factor Authentication (MFA), regardless of their location.
“As I learned more about what Multi-factor Authentication (MFA) could do, I realized I could set different policies,” says Cook. “I could set a trusted network. Now I have policies set up so that when staff members come into the office—which is trusted—they’re not prompted every single time.”
He’s able to set up separate security policies for when employees are off-network, requiring staff to be newly authenticated with each session login.
“There haven’t been any complaints,” says Cook. “There are no issues. It works great no matter where you are on the globe. Our team travels to the field constantly, and they're using Okta to authenticate the entire time.”
There haven’t been any complaints. There are no issues. It works great no matter where you are on the globe. Our team travels to the field constantly, and they're using Okta to authenticate the entire time.
Lots more to come
Now, Cook says Okta is core to charity: water’s IT strategy.
“Okta is our front door,” he says. “It's our entryway into all of the services and systems that we need to do our job. It's still new to our staff so they're still getting used to the policy changes, but soon everyone will be so comfortable that Okta will just be second nature to them.”
Okta is our front door. It's our entryway into all of the services and systems that we need to do our job.
And there’s still more to come. In addition to integrating more apps, Cook is also looking forward to extending Lifecycle Management so that the next time someone is hired for a particular department, he can just assign them to the right group and automatically set them up with specific access.
He’s also excited to start implementing new Adaptive Multi-factor Authentication features.
“I don't have exact plans yet,” he says. “It's just so cool because I could set it specific to locations, or I can set it up differently depending on whether users are working with charity: water trusted devices or their own.”
Although Cook is “still chasing all of the different features Okta has,” he says he still hasn’t come close to tapping into everything the Okta Identity Cloud has to offer. We’re looking forward to seeing where charity: water goes next.
About charity: water
charity: water is a non-profit organization bringing clean and safe drinking water to people in developing nations.