Double-edged Raiser
Past time to ditch Blackbaud
I have watched in sadness and sometimes anger as large non-profit after large non-profit collectively poured enough money into Raiser's Edge and other Blackbaud licenses and consulting services to fund many feature enhancements for the main FLOSS alternative, CiviCRM— improvements which would then be free for everyone, forever.
I have never met anyone who actually likes Blackbaud products and services. However, many organizations felt they were the only safe option, in the sense of claiming to have everything an enterprise needs.
Now, Blackbaud failed to secure its servers sufficiently and large amounts of its clients' donor data, including personally identifying information, was obtained in a ransomware attack. This was back in May. Blackbaud ultimately paid the ransomer to allegedly destroy the data they obtained— and only late in July finally told their customers what happened.
As the American Civil Liberties Union wrote to all its supporters, current and past (including myself), this is a rotten situation:
In all candor, we are frustrated with the lack of information we've received from Blackbaud about this incident thus far. The ACLU is doing everything in our power to ascertain the full nature of the breach, and we are actively investigating the nature of the data that was involved, details of the incident, and Blackbaud's remediation plans.
We are also exploring all options to ensure this does not happen again, including revisiting our relationship with Blackbaud.
Fortunately, none of Agaric's clients are affected. But we hope everyone using or considering using Blackbaud and other proprietary services for their most important data will look at free/libre open source solutions. Code you (or your technology partner) can see and contribute to means you truly can do anything. And if you put aside the money that would be gouged out of your organization by the eTapestry, Kintera, and Convio-swallowing monopolist Blackbaud, you probably can afford to.
At Agaric, we have recently been working with CiviCRM more recently (building on experience dating back fifteen years!) and we know our friends at Palante Technology Cooperative and myDropWizard are well-versed in CiviCRM, as are many others. Please consider this when weighing your options for maintaining a strong, ethical relationship with your supporters, and let us know if you have any thoughts or questions!
Comments
2020 August 09
Micky Metts
MyDropWizard recently had to…
MyDropWizard recently had to step back on their civiCRM engagement - why did they not get funding to continue their excellent efforts to integrate civiCRM with Drupal 8? Was it because they do not wear suits and have a big fancy office? They were amazing, helping Agaric gain more knowledge and understanding of the robust features in civiCRM. They met with us each week and were proactive in reaching out to make sure we got value in the relationship - yet no one dropped bags of cash on their doorstep and now - poof, another incredible resource has vanished.
This leads me to the broader question and constant conundrum... why do we the public still blindly trust people in tall buildings with proprietary solutions without any real in-depth discovery or discussions about things like security, ethics, and asking questions on what real value does their Corporation bring to a community at large. It seems as if there is no specific channel to actualize the discussion - there are many sites and social media, but no really good space or mechanism for the discussion beyond a friendly chat with a bot on their Corporate website. This, combined with many of us not being tech savvy enough to pose the direct questions to a Corporation or the time and energy it would take to get literate on security and speaking Corporate-ese. Being sent a slew of canned boiler-plate responses can wear you down until you stop asking. If there was a way to co-write these enquiries, would that be helpful, or just another thing to join, hence another barrier?
Add new comment