Research FindingsBack

Majority of the NGOs interviewed in this survey had “anti-virus” (94%) and “regular backup” (94%) to protect their servers or application systems. Those who had “firewall”, “physical security” and “uninterruptable power supply” as protective measures accounted for 87%, 75% and 62% of the sample respectively. Meanwhile, only less than one-third had their servers or application systems covered by “insurance” (32%). Overall, 54% of the sample have all five of prescribed protective measures, namely “anti-virus”, “regular backup”, “firewall”, “physical security” and “uninterruptable power supply”.

Among those 70 organizations which had “physical security” measures to protect their servers or application systems, 80% of them implemented “access control”. While a respective of 70% with “uninterruptible power supply” and “independent air-conditioned room”, over 60% had “raised floor” (64%) and nearly half had “automatic power sprinkler system” for their servers or application systems (47%). On the whole, only 27% of the sample adopted all of these five protections.

On a scale of 0-10, an average rating of 6.7 was registered when the representatives were asked to assess the sufficiency of security work with respect to data storage and transfer in their organizations. As for the need to enhance the current security work and/or facilities in data storage and transfer, the average rating obtained was 5.8 marks, meaning they did not see an urgent need to upgrade their security system in data storage and transfer.

Regarding the measures used to ensure no data leakage when transferring important or confidential data or files, over three-quarters of the NGOs interviewed used “postal or manual delivery” (76%), more than 60% would “set a password in a file, then transferred by email” (62%) while one-fifth of them would “use email built-in system to transfer data” (20%).

Nearly three quarters of the organizations did not allow employees to take confidential data, such as users’ personal data, away from the office by USB or other hardware (74%). On the contrary, less than a quarter allowed employees to do so (23%), among these organizations, “encryption” (38%) was the most commonly used measure to ensure the office data stored in USB or other hardware would not be leaked, followed by “employees’ self-discipline” (13%).

As for the usage of different applications, majority of NGOs interviewed used “email” and “accounting / financial management” currently, which accounted for 96% and 95% of the sample respectively. As high as 86% used “member / volunteer database” while 85% used “file storage / sharing”, and a respective of 60% and 59% used “donor database” and “human resources” applications.

Results also found out that two-thirds of the sample did not use any “Cloud Solution” systems at the time of the interview (66%). For those users, nearly a quarter claimed that they used “email” (24%) while less than one-fifth used “file storage / sharing” (17%). Other less commonly used “Cloud Solution” systems included “member / volunteer database” (5%), “accounting / financial management” (4%), “human resources” (4%) and “donor database” (1%).

Among those 61 organizations that did not use any “Cloud Solution” systems in their organization, 31% attributed their hesitations to “information security or privacy concerns”. Slightly more than a quarter found “no such need” (26%) and one-fifth said there was “no appropriate training to employees” (20%). Besides, 13% believed “Cloud Solution was not yet well-developed” while 11% concerned there was “limited benefits on efficiency and cost saving when transfer to Cloud Service”. At the same time, 5% each “concerned about the integration of cloud applications and existing IT systems” and feared “it was unsuitable to use”. Only 3% said they “lacked confidence in the Cloud Solution providers”.

Nearly half of the respondents considered “improving information sharing” the most attractive reason for their organization to transfer IT to Cloud Service (45%), followed closely by “reduced or no capital investment” (44%) and “reducing the workload of supporting system” (43%). Then, “lower floating and operational expenditure” (39%), “easier to recover from a disaster” (38%) and “better information security” (33%) formed the next tier with percentages ranging from 33% to 39%. Besides, 10% opted for “don’t know / hard to say”.

“Data leakage” topped the list of respondents’ main security concerns of “Cloud Solution”, as cited by 44% of the sample. Followed at a distance, 13% feared that “except the permitted persons, others might obtain the information too”. 9% each worried about “data loss” and “easier to be hacked”. Other less commonly cited concerns included “imperfect security measures” (8%), “no knowledge on how to limit or retrieve the access rights of the (resigned) staff” (5%), “no confidence with the service providers” (5%), “slow speed / limited internet access” (4%)” and so on. Meanwhile, just less than one-tenth said they had no concerns (9%) and another 8% opted for “don’t know / hard to say”.

Over three quarters anticipated that their organization would not transfer most of the IT (databases, e-mail or file storage) to “Cloud” within the next three years (77%), whereas one-eighth thought the opposite (13%). Another 10% opted for “don’t know / hard to say”. Among those who believed their organizations would transfer most of the IT to “Cloud” in the near future, 41% of them expected it would take place in “1 year to less than 2 years”, 33% said “2 years to less than 3 years” while 17% said “in the coming 6 months”. Meanwhile, 8% did not give a definite answer.

Last but not least, among the three options given, 35% believed that “allowing IT subsidy for operational expenses” would be the more effective mode of subsidy for the Government to promote non-governmental organizations to use “Cloud Solution”. One-third said “non-governmental organizations’ Community Cloud was established or subsidized by the Government” (33%) would be more effective whereas a quarter opted for “specific subsidy in supporting the use / development of “Cloud service” (24%).