Recently I was put in charge of the entire IT of an association of which I have been a member for some time. Here, I want to reflect on the constraints and challenges this brings, but also where things are easier than in a corporate environment.
Context #
The association in question is engaged in advancing the education of school students in scientific fields. With activities and its some 600 members spread all over Germany (and some even beyond), online collaboration is key to the volunteer work. And since the association regularly organizes and hosts events attended by minors, data protection needs to be taken very seriously. This excludes all services where sovereign, EU-based hosting cannot be guaranteed.
All the while, care must be taken to not make the workflows of the volunteers unreasonably cumbersome. For instance, in a company, the IT department pretty much to mandate or forbid the use of certain software and tools. They would have to take it quite far before people start quitting over this issue. On the other hand, in a non-profit association where all work is done by volunteers, you have to give them the choice to use their favourite tools, After all, they can just chose to not volunteer their time any further.
Scope #
All services are web-based and hosted mostly on a rented cloud server. There is no IT asset/device management. Of course, this makes it impossible to use some technologies like TLS client certificates.
Budget #
The IT budget is not zero. Running services that allow the organization to function just costs money, there is no way around that. However, basically everything that charges on a per-seat basis is off-limits. Costs even as low as 1 € per month eat up the entire membership fee.
This is also drastically different from a company setting: There, most per-seat license costs will be dwarfed by the salary, so paying per-seat is acceptable.
The Silver Lining #
So how can all this be accomplished while also having an actual job to make a living? The answer is: Compromises on uptime are acceptable. So there is no high-availability and no zero-downtime deployments. Unlike in a company, where downtime means employees cannot get their work done and money is lost, here, services being temporarily unavailable is usually not the end of the world. People can just go do something else and come back later.
Of course, this has its limits. When an annual workshop starts and everyone gets busy, services should be running smoothly. But in general, things are quite a bit more relaxed regarding uptime requirements.
Looking Forward #
So this endeavour will probably eat up a sizeable chunk of my leisure time for a while, but I am still looking forward to learning new things and hopefully changing some things for the better. As usual, when I come up with a novel way to do something or gain a new insight that is not widespread knowledge, I will share it on this site. So maybe this article will even become the start of a series.