When I joined the Humane Society of the United States in mid-2005, our new CEO, Wayne Pacelle, had just begun a vigorous acceleration of programs and fund raising for animal advocacy. Since then, revenue has jumped significantly, and so have requirements for IT to support new initiatives. This is a happy situation for any CIO, and one in which SaaS has helped us rapidly implement new applications.
Fund raising stimulated our first encounter with SaaS. Many contributions are made via credit card, and a major requirement for organizations processing credit cards is compliance with the Payment Card Industry Data Security Standard, or PCI. Compliance requires, among other mandates, that merchants maintain a secure network, encrypt stored cardholder information, have vulnerability management processes in place, and regularly monitor their security posture. Failure to comply can be costly: fines, restrictions, and even permanent expulsion from card-acceptance programs.
PCI went into effect just before I joined the Humane Society, so there was an urgent mandate to protect our revenue stream with compliance. We already had strong security measures in place, but we lacked a reliable, automated way to conduct independent network security audits and securely transmit compliance reports to acquiring banks. That's when we discovered SaaS.
Qualys introduced us to the notion of on-demand with its SaaS-based network vulnerability management and compliance service called QualysGuard. Our heritage with IT has been the do-it-yourself approach of running an in-house infrastructure of servers and software applications. Our main constituent database is housed on an IBM AS/400. We also run a VPN that connects eight regional offices and field representatives in more than 30 states. We control everything internally.