Rolling out single-sign-on and IAM at Plan International

Security, ease of use and cloud first are technology priorities for the children's charity, says IT head Jon Winder

Like many distributed organisations, Plan International is looking to cloud and collaboration tools to bind together and unify its IT resources. Also, in common with most other such organisations, it has sensitive data that must be carefully managed - in this case, the health and educational records of 1.3 million children that pass through its systems every year - as well as a network of partner organisations that require read and write access to certain parts of the network. To enhance usability, manageability and security, Plan International is rolling out an integration programme with single-sign-on (SSO) coverining many of its assets.

What is Plan International?

Plan International is a development and humanitarian organisation operating for 82 years and headquartered in the UK. Its ambition is to have transformed the lives of 100 million girls by 2022. Plan is active in more than 75 countries around the world and has a particular focus on issues such as teenage pregnancy, forced marriage and inequality. Its latest campaign is called ‘Girls Get Equal', a girl-led campaign coordinated for gender equality by Plan International.

Director of global IT services Jon Winder joined the NGO 20 years ago. Having been made redundant from the London Stock Exchange he was determined to "join an organisation that was doing some good". He heads up a team of 28 based mostly in Woking, Surrey, with support functions in Guatemala and the Philippines to provide a round-the-clock helpdesk service. In addition, there are numerous small IT teams operating locally in the countries where the NGO works, plus fundraising organisations and other partners that have their own teams and IT systems.

What's the strategy

Plan International has a cloud-first strategy which so far has seen it adopt Microsoft Office 365 and Workplace by Facebook. There is also an SAP HR information system hosted on the SAP cloud, a SAP ERP and a sponsorship system that is maintained on-premises. In July, the organisation started rolling out Okta's Integration Network and single-sign-on (SSO) technology, starting with O365.

"Okta is going to enable us to use single-sign-on across those different technologies," Winder explained. And it also makes it easier when we are migrating to cloud hosting or SaaS to be able to link that all up to our existing Active Directory".

The catalyst for this move was the adoption of the Workplace by Facebook collaboration tool. Administering 10,000 users securely was a significant challenge leading to a search for a new tool to link up with Active Directory. Okta's identity and access management (IAM) solution was chosen for its price point, ease of use by end-users and administrators and because other international NGOs are adopting it.

"That gives us confidence that not only is the technology going to work in some of the locations we work in and with some of the challenges we have, but it also gives us a user base that we can turn to for advice," Winder said.

Next in line for syncing with Microsoft Active Directory is the HR information system, said Winder, explaining how this will be key to cleaning up the internal employee data silos.

"We're going to have that single source of personal metadata fed from the HR information system, so we can make sure that the data is consistent across all our other systems, whether that's something like a job title or different versions of a name, we can make those consistent as well. And we also think it's going to be easier in terms of joiners-movers-leavers as well, as a person leaves one system to be able to remove access rights to all the other systems. Obviously makes it easier and it's more secure as well."

Isn't cloud risky?

Cloud offers multiple advantages for a small team with limited resources in maintaining oversight over multiple separate islands of activity, but what about the security aspects? The charity is responsible for the personal data of clients and sponsors and supporters after all.

"I don't think we're different from any other organisation in that respect," Winder said.

"It's a question balancing the ability to protect the data with the resources that we have with an NGO, which aren't as high as in organisations such as SAP and Microsoft. Our feeling is that Microsoft are going to better protect the data than our engineers, even though they're highly skilled. They have better access to technology and knowledge than we will ever have. It wasn't a decision taken lightly. We went over it with our risk team and our legal team and we're comfortable with that decision."

What are the benefits?

It's anticipated that linking together applications will have some quick wins.

"Having our data secure, having our colleagues able to login more easily into their systems, having my team able to implement systems more quickly is then going to benefit the organisation as a whole, whether that's using the ERP, transparency in decision making or learning.

"These things are very useful at a strategic level. But also it enables the efficiencies and effectiveness for us to spend less time and money on the commodified areas of managing an IT estate and to focus on more value-added areas such as data strategy and digital strategy as well."

These efficiencies should translate into more and better interventions to help the children with whom the charity works. To make sure they do, Winder's team is implementing a monitoring and evaluation system in the ERP to check the various KPIs.

"All of the IT work we do is to help implement that strategy to transform the lives of 100 million girls across the world," Winder said.

Cloud & Infrastructure Live 2019 returns to London on 19th September 2019. Learn about the latest technologies in cloud, how to keep one step ahead of the regulators, and network with an audience of IT leaders and senior IT pros. The event will include keynotes, panel discussions, case studies, and strategic and technical streams. Best of all, the event is FREE to qualifying attendees. Secure your place now.