Security in the Cloud

Tuesday, March 1, 2011 1 comments
Find tools and tips for greening your nonprofit through TechSoup's GreenTech Initiative, where social benefit organizations can share and learn more about technology choices that can help to reduce our overall impact on the environment.

Editor's note: Themes in this article are based on the 76-page whitepaper, Security Guidance for Critical Areas of Focus in Cloud Computing (PDF), which was published by the Cloud Security Alliance.
 
"Nine out of 10 cloud computing users remain concerned about cloud security, yet 77% of businesses already use some form of cloud computing."

Those findings come from a survey conducted by Harris Interactive for Novell, which asked 210 IT professionals — ranging from managers to CEOs — at organizations with more than 1,000 employees about their company’s adoption of cloud computing.

Security remains to be one of the largest concerns when considering a move of a system or application to the Internet, or the "cloud."

Cloud security concerns are the essentially the same for nonprofits as for commercial enterprises. However, nonprofits may have fewer resources internally to manage and support both IT and cloud security. One big difference is that nonprofits and small-to-medium businesses may be too small to have leverage to negotiate with service providers like larger entities do. The City of Los Angeles moved to cloud services and was able to negotiate with Google to ensure a favorable contract this past year. For a small nonprofit, that’s not as likely to be the case.

Mapping Your Cloud Security Requirements

There are currently three different levels or models of "cloud" usage, starting with the lowest-level of security burden to the greatest: software as a service (SaaS), platform as a service, and infrastructure as a service. Each of these models has different security implications that should be mapped to your requirements. And each provider of these services will likely have different security standards, processes, and systems, so it’s important to do some research before selecting your cloud providers.

Many organizations are already using SaaS and relying on the third-party service providers to cover more areas of security. For a smaller organization with no IT infrastructure in-house, this may be ideal since the offerings from the third-party provider are likely to be more secure than what they could provide on their own. If you are working with infrastructure service offerings or platform as a service, for example, more of the security burden needs to be handled and maintained by the organization directly. In other words, the higher the level of service in the cloud, the more security the consumer is responsible for implementing and managing on their own.

Assessing Cloud Providers and Security

When evaluating your move into the cloud, you should assess the providers you’re considering. The factors you might want to compare include examining their supply chain; how they manage incidents and requests for service; and what policies, processes, and procedures they have in place for disaster recovery. Your assessment should also include whether they meet any compliance standards that apply to your organization. For example, if you house sensitive client data that includes records about their medical history, then you may be limited as to which cloud providers comply with regulations like the Health Insurance Portability and Accountability Act. Read more about HIPAA-compliance in this article, In Search of HIPAA-Compliant Software, where you can learn whether it applies to your organization.

Make sure that you identify your critical data assets and discuss possible risk scenarios and plans to ensure that they’re secure and accessible in an emergency. It’s important to evaluate how they back up your data and how you can move your applications around.

Operationally, it’s good to include considerations about business continuity and disaster recovery plans for your systems and applications. Here are some more considerations when assessing any cloud provider:
  • Look at backup plans and recovery time expectations carefully. For example, if they lose power at their datacenter, do they have backup power generators or do they house a backup of your data at a different site so it can be accessible to you in an emergency? If they need to recover your data, what’s their estimated timeline to do so?
  • It is important to understand how applications are compartmentalized and resources are distributed across the customer base and how this might impact you. What is included in the provider’s technical response plan as well as their communications and legal response planning?
  • What are the roles, responsibilities, and expectations between the provider and customer during an incident or emergency?
  • What tools are in place to keep your data secure, prevent loss, and recover it in an emergency?
  • How will your cloud service provider ensure encryption and key management is done in a multi-tenant environment to protect your data from a threat on another organization’s data housed on the same servers as yours?
  • How is the data stored and disposed of?
Datacenter operations are often hard to evaluate because cloud providers are trying to manage many clients in a cost-effective way. As the end user, you need to ask the right questions to ensure that security concerns are addressed.

Governance and Risk Management

When looking at cloud solutions, organizations also need to consider governance and risk management.
It’s important to scrutinize the third-party providers’ security capabilities and practices as well as their defined roles and responsibilities. Collaboration between your organization and the provider is essential. If possible, your IT or security department staff should be engaged with the provider during service-level agreement and contract negotiations to ensure security requirements are discussed and included. Any metrics and standards to measure performance and effectiveness can be included in the service-level agreements, especially around compliance and contract transparency. The provider should have processes to look at legal and electronic requirements for data management.

Biggest Threats in the Cloud

There are some great support organizations for cloud security available. One such organization is the Cloud Security Alliance (CSA).

Formed in 2008 and 2009, the Cloud Security Alliance (CSA) is a nonprofit organization formed to promote the use of best practices for providing security assurance within cloud computing, and provide education on the uses of cloud computing to help secure all other forms of computing. The CSA provides guidance by framing the critical areas of focus to highlight areas of concern for cloud computing.

In addition to providing guidance for cloud security, the CSA has defined the top threats in the cloud:
Threat #1: Abuse and Nefarious Use of Cloud Computing. Anonymity in the Internet allows bad guys to attack. Spammers, key crackers, those hosting malicious data, botnets, captcha solving farms, and other abusers make for a variety of potential attacks threatening cloud solutions.

Threat #2: Insecure Interfaces and APIs. Security for basic APIs needs to be in place. Authentication and access controls, encryption, and activity monitoring should be in place.

Threat #3: Malicious Insiders. 70% of all IT breaches are inside jobs. How are cloud employees vetted and what level of access that they have to your data and information? How are employees monitored and managed.
Threat #4: Shared Technology Issues. Virtualization and multi-tenancy computing open up great opportunities for inexpensive cloud expansion, but they need segregation and compartmentalization so applications remain safe from problems that may occur in other virtual instances.
Threat #5: Data Loss or Leakage. Strong authorization and audit, proper encryption practices and key management, datacenter reliability, and proper data disposal and disaster recovery, will help protect your data from loss or leakage.
Threat #6: Account or Service Hijacking. Phishing, fraud, and exploitation of vulnerabilities can be taken advantage of to hijack accounts or services. Protect credentials, install two-factor authentication, and monitor proactively in order to help prevent exploitation.

Threat #7: Unknown Risk Profile. Proactive thinking and planning of “what-ifs” will help you prepare for secure cloud computing. Will version controls, code updates, security practices, and other needs be manageable internally? If not, are your third-party providers prepared to do all these things to provide for your security?

Conclusion

By understanding your security concerns and needs up front, you can find a cloud provider to meet them and minimize your security risks. Make sure your provider offers transparent communications on their security measures and that your contracts address all of your concerns before moving any critical data to the cloud.
Using the cloud can enhance your ability to secure your systems, by leveraging the capabilities of cloud service providers. You can improve your data protection, monitoring, incident response, and physical and logical security protections, but it is ultimately your organization’s responsibility to understand the threats to your systems and ensure that the security controls needed are being put into place – whether on your own or through a cloud provider.

source : www.techsoup.org

Joomla for Nonprofits

Sunday, February 6, 2011 0 comments
Is the popular open-source solution to create and edit website content for non-technical users right for you?
If your organization plans to launch or redesign a website in the near future, chances are that Joomla will be part of the discussion. With over 10 million downloads worldwide, Joomla is one of the most popular open-source content management systems (CMS) out there today. Clients using Joomla include MTV, Al Gore, the United Nations, and Citibank. Third-party extensions add the capability for integrating email lists, fundraising, multimedia, social networking, and blogging into your website using Joomla.

Joomla is attractive to many nonprofits due to its ease of use and low cost to implement (the software itself is free). But is it right for you?

Why Use a CMS?

Joomla is one of several free, open-source content management system software packages currently available. Like every technology, Joomla is extremely well-suited for some tasks and less well-suited for others. Before going further, let’s get acquainted with the basic concept of a CMS.

Is the content on the front page of your website more than six months old? Have you ever sent out a mailing that reached some recipients after the events on the calendar already happened? Every nonprofit knows the importance of timely communications, yet for many organizations this is an ongoing challenge.

Until about two years ago, there simply was no easy, cost-effective way for non-technical users to update their own site content. Clients either had to train existing staff to code HTML, purchase additional software, hire a webmaster, or contract for ongoing maintenance. Installing individual desktop software was especially cumbersome for organizations functioning outside the traditional office environment — a description that fits many nonprofits, which often rely on volunteers, part-time staff, and staff who work from home.

CMS technologies such as Joomla enable authorized staff members and volunteers to edit their own site content from a web-based interface, with no prior knowledge of HTML or programming. CMS users can create new menu items and web pages, add news and calendar listings, upload photos and videos, and even build online communities.

"We knew nothing about web development. I’ve become a huge fan of Joomla,"says Lynda Graham, of Sutton, Quebec, who built her village’s nonprofit tourism website, www.infosutton.com, with the help of an initial consultant. Now she and three other volunteers are able to update the site’s event and restaurant listings weekly, at no additional expense.

Interactive Knowledge, of Charlotte, NC, specializes in building multimedia websites for documentary films, cultural institutions, and nonprofits. President Tim Songer notes that clients such as the Duke Endowment are now specifically requesting the Joomla platform for their websites. He believes a CMS offers great advantages for both web developer and client.

"Customers want to have control over the website after it’s launched. Before, every time they wanted a change they would have to sign a change order. We’d rather have the customer make the change,"Songer explains.

Why Joomla?

If you talk to Joomla enthusiasts, "ease of use"is the phrase you will hear again and again. While there is no one-size-fits-all CMS solution, Joomla is attractive because it offers the flexibility to develop a full-featured website, but is still accessible to non-programmers. There is also a large and active volunteer support community, http://community.joomla.org/, that welcomes first-time users.

"It’s relatively easy to install and use for the beginner. For the advanced power user, it’s very flexible. For the in-between, there’s a lot of plug-ins that give you functionality that you don’t have to build yourself,"says Dave Conlin, lead technologist at Interactive Knowledge.

Joomla is known for the large number of third-party extensions developed specifically for the platform. Nonprofits can enable secure online donations and allow people to join their online mailing lists. They may also wish to consider integration with CiviCRM, an open-source system for tracking donors, events, and mailings.

"That’s the beauty of Joomla,"says Tamar Schanfeld, who specializes in building sites for synagogues at www.shofarsites.com, a division of web development firm TnR Global. "You don’t have a programmer to do Joomla site in-house. You do need someone technical.”

When Not to Use Joomla

If all you need is blogging functionality, WordPress is probably sufficient. For extremely complex or high-traffic sites, Drupal and Plone may provide performance advantages, and also currently offer greater flexibility in assigning roles and responsibilities (see "Roles and Responsibilities,"below). For a brand-new website, a Joomla site costs about the same as the equivalent HTML site, and will yield maintenance savings down the line. If you are converting an existing site to Joomla, however, areas such as database migration, dynamic content, and custom multimedia applications may all require additional programming time. Be sure to work with a consultant or developer early in the planning process and get detailed specifications and price estimates for the work involved.

Planning Your Joomla Site

As with any communications project, think about your goals for the website — what is your message and who is your audience? You will find it helpful to develop a written site plan. This should include an outline of site content, project timeline, and the process to be used for updating and maintaining the site after it goes live. Whether or you are building the site in-house or working with an outside contractor, be sure that one person on your staff has responsibility for the project.

Branding and Layout

To the casual viewer, a Joomla site is indistinguishable from a standard HTML website; to be honest, many Joomla sites look a whole lot better. The visual possibilities are almost infinite. Download an existing Joomla design template, or create your custom CSS template, adding your own logo and branding to give your site a distinctive look and feel. Numerous page layouts are possible, and different layouts and style templates can be combined within the same site. Most web designers will present you with multiple design choices. Be sure that your chosen design is easy to navigate and reflects your organization’s message and personality.

Roles and Responsibilities

Once your site goes live, who will be able to update what? How will you coordinate changes? Defining this process represents one of the biggest challenges for an organization moving to a model where multiple users can update content.

It is also an area where nonprofits may find Joomla 1.5 functionality to be some what lacking. Currently, Joomla supports several preset roles (Super-Administrator, Administrator, Manager, Author, Editor, and Publisher) that allow different level of access to site content and administrative functions. However, as of July 2009, Joomla does not allow organizations to create user groups or customize which functions or content areas the various roles can access. Last month’s 1.6 alpha release includes improved ACL (Access Control List) functions to meet this need. The production release of Joomla 1.6 is expected in late 2009.

Search Engine Optimization (SEO)

In order to help Google and other search engine crawlers find your content and assign it a high ranking, be sure to select "Search Engine Friendly URL’s"under SEO Settings, which are accessed by clicking Global Configuration on the main control panel. Joomla pages generally have unique titles and include more structured content than those coded by hand, which also help your search engine ranking. Other quick SEO tips: Use headings to divide up content within pages, add "alt"tags and captions to images, and link your site to other lists of resources and directories.

Accessibility

As with SEO, the structured nature of pages generated by a content management system confers an immediate accessibility advantage. In addition, Joomla web design moves away from tables and toward a CSS and "div”-based layout, a major goal for site accessibility. Developers can build custom templates to further enhance accessibility in accordance with WCAG (Web Content and Accessibility Guidelines) standards and client goals.

Security

The tasks here are similar to those performed by webmasters for any type of site. Choose a reputable hosting company. Stay up-to-date on the version of Joomla you are using, use captchas on forms, and research third-party components before installing them. Because Joomla content is stored in a database, not in individual files, it is especially important to make regular backups. Create an automated backup process and practice restoring from backup early in the site-development process. For Joomla-specific security advice and best practices, visit the Joomla Security Checklist.

The Advantage for Nonprofits

Communicating news and events is essential to fundraising and volunteer recruitment, yet nonprofits work with marketing budgets a fraction of the size of those in the private sector. Today, most nonprofit organizations have a website, but many do not leverage it to the greatest extent possible.

Technologies such as Joomla work well with existing communications methods such as newsletters and email campaigns. They allow you to repurpose existing content at no additional cost — and with very little additional outlay of time.

The open-source movement was founded by idealists and is sustained by the same spirit today. Their vision complements the goals and philosophy of the nonprofit world. Joomla empowers organizations to take full ownership of their web presence, sharing their goals and achievements with a wider audience.

Source : http://www.techsoup.org 

Seven Blogging Tools - Detailed Review

0 comments
While often regarded as a platform for people to share their personal stories, a blog can also be used to tell the story of an organization. Whether showcasing your work, offering behind-the-scenes glimpse into your nonprofit, highlighting the people you serve, or advocating a particular point of view, a blog can be a powerful — and influential — communication and public-relations tool for your organization.

So how do you create a blog? Let's say that you've already spent time reading other blogs and articles on how to successfully maintain and promote your blog. (More Resources at the end of this article will help you get started.) You've defined your goals, your target audience, and the type of content you’ll provide. Your next challenge is to pick the blogging tool that offers the right features for you.

There are a number of good blogging tools, but choosing among them can be confusing. In this report, we’ll take a detailed look at the top blogging tools out there and outline key considerations for selecting a blogging platform, including the skills required to set it up; the ease with which you can post to it; whether you can upload images, video, or audio to it; its ability to moderate comments and prevent spam; how closely you can tailor its design to match the look and feel of your organization’s Web site and other collateral; and tools you can use to track who’s reading it.

The seven blogging platforms we've chosen to review here are Blogger, LiveJournal, Typepad, Movable Type, WordPress, ExpressionEngine, and TextPattern. We chose these tools because they are the ones most commonly used to create a typical nonprofit blog -- by a long shot. 77 percent of all the bloggers included in the Nonprofit Blog Exchange and 81 percent of respondents in a survey of serious bloggers conducted by ProBlogger used one of these seven tools. (For more on market share and how we picked these tools, see the Blog Market Analysis on Idealware's Web site.)

That said, these seven tools certainly don’t meet all possible needs. This report doesn’t include the more sophisticated tools you might use to build a complex multi-blogger community, or blogging software that provides deep Web site integration. You’ll want to look beyond this report if you need a posting workflow, where, for instance, an editor can approve posts from many different blog authors; a closed community in which only specific people can see, post, and comment; complex integration with other Web site content such as forums; or if you’re building a Web site that includes a blog built from scratch. For example, Drupal and Joomla!-- both free, open source, content management systems -- were among the top ten tools most commonly used blogging tools in the Blog Market Analysis. These tools, and a number of other powerful and sophisticated blog and community tools, are well worth a look if your blogging needs are more complex

But for the rest of us — whether we're with a big nonprofit that wants a highly branded, tailored blog with multiple authors, or a tiny organization looking for something easy to set up and use — one of the seven tools covered here will work just fine. We'll help you ask the right questions to determine which blog is right for your organization and provide reviews of the most popular nonprofit blogging platforms.

Features and Functions

Blogging tools are designed to be easy to use. They generally don’t provide all the advanced features of a complex content management system, but rather do one task — publishing a blog — very well. To this end, they can help you:
  • Create posts. Since the purpose of a blog is to be able to post new text or information to the site frequently, creating posts should be quick and easy.
  • Upload pictures and multimedia. Many blogs go beyond text to include photos, video, or audio.
  • Display posts to visitors. A blogging platform can make it easy for readers to view your posts and to comment on them.
  • Moderate. While it's typical to allow visitors to post comments to a blog, different platforms provide varying levels of help to weed out inappropriate contributions.
  • Publish RSS feeds. RSS feeds allow more Internet-savvy users to subscribe to your blog.
  • Configure the appearance and layout. Tools vary widely in the degree to which they allow you to configure your blog, and the methods they offer to do this.
  • Find support. Not every blogging tool offers the same degree of support: while some offer personalized assistance, others have forums where you can find answers to your questions.
  • Host your blog. While some blogging software lives on your own server, others are hosted by the vendor.
  • Get stats on your blog. Reporting features will help you see how many people are visiting your blog, and which posts are most popular.
What type of functionality should you expect in each of these areas? Some features are fairly common to all blogging tools, while others are more specialized. Below, we'll walk through the typical features, and then show you some criteria you can use to evaluate whether a particular blogging tool is right for your organization. For specifics on the seven blogging tools we reviewed, see the Summary Reviews on Idealware's site.

Creating Posts

The procedure for creating a blog post is fairly standard across blogging platforms: simply type in a title and the text you want to appear below it. Formatting options can vary from tool to tool, however; while many blogging platforms provide easy-to-use tools that allow you to create bold text, italics, larger font sizes, and more, not every tool offers these. In this case, you’ll need to use HTML to format your text.
Formatting tools themselves also vary — while some allow you to change text color and fonts as you like, others limit you to a particular set of styles defined for the site. When choosing a blogging tool, consider your needs: if you'll be pasting text from Microsoft Word or another word-processing program, make sure that the blogging platform can strip out extra formatting that might otherwise interfere with online formatting and RSS feeds (more about RSS feeds in a moment).
Once you've written and formatted your post, the blogging software will add a date and publish it to a Web page with a click of a button. Some platforms also allow you to preview your post before you make it live, or to save a draft of it.

Uploading Pictures and Multimedia

While you can publish pictures to your blog using a variety of tools, some platforms make it easier than others. A few allow you to upload images easily in a single step, while others require you to upload images separately and then add them to a post afterwards.
Some tools also automatically size and optimize images, while others require that you do this using another tool (like Adobe Photoshop). If you don't resize photos, you risk having huge image file sizes, creating long download times for your users and monopolizing your bandwidth. Even if a blogging tool automatically resizes images, find out if it allows you to specify the dimension and alignment of your pictures on a post.
Any blogging tool will allow you to link to video or audio files already posted on the Web. If you plan to use this type of multimedia frequently, however, look for a tool that will let you upload multimedia files or even embed multimedia in a post to let your users view or listen without leaving your site. Embedding is generally done by posting a chunk of code provided by a third-party tool (like YouTube ); if you'd like to do this, look for a tool that allows you to include JavaScript in posts.

Displaying Posts to Visitors

Blog layouts tend to be fairly standard, without much variation between platforms. There are a few factors to consider, though, when making a final selection:
  • Navigation. Organizing your posts into categories can help visitors find and sort through previous posts. Not all tools support this, however.
  • Excerpts. Some tools offer the option to show excerpts (rather than entire posts) on a blog's landing page.
  • Front-end usability. If your blog is likely to be visited by people unfamiliar with blog conventions, the links on your blogs should be intuitive. What does the visitor need to click on to view comments? How can they find a permanent URL for a post? Is the permanent URL easy to understand, or just a mess of numbers? Can you tailor these features to your needs?

Moderating

Once your post is live, it's common to allow your readers to comment on it. While most comments are likely to be relevant and thoughtful, there may be a few inappropriate ones. If you allow comments, you’ll want to be able to keep an eye on them and intervene when necessary: therefore, make sure your blogging tool allows you to approve comments before they appear on your blog and delete unwanted contributions when necessary.
It's also helpful to require posters to register or to submit their email address with a post. If your blog gets a large volume of comments, you may want to look for a tool that allows you to search and filter all comments, ban posts that include a particular keyword, or ban a poster by IP address.
While it will take some time before your blog builds a large following, those who do eventually get a fair amount of traffic may also encounter problems with comment spam — completely off-topic comments (generally ads) that are automatically posted. While the previously mentioned features will help combat spam, additional tools will also require users to verify that they are humans and not spambots by transcribing a wiggly set of letters (also known as a CAPTCHA); others automatically filter out spam-like comments in a method similar to email spam filters.

Publishing RSS Feeds

One popular blog feature, particularly among more Web-savvy users, is the ability to “subscribe” to blog content via RSS. RSS allows people with the appropriate software to gather the content from many blogs so they can read it all together in one place. Providing RSS access to your blog will make it more useful -- and appear more professional -- to your audience.
All tools provide RSS support of some sort, but check to see if you can set it up without HTML ability. There are also a number of different types of RSS formats; if, however, you’d like to provide a specific one, or multiple, check on the formats that are supported.

Configuring the Appearance and Layout

The degree to which you can configure your blog's appearance — and how you can do this — varies widely between blogging platforms. While some limit you to a few templates, others allow you to tailor everything to your exact needs.
Begin by considering the configuration method. While some tools allow you to set up a blog without HTML, a blogging platform that allows you to use it will give you more control. If you are versed in HTML — or can hire someone who is — check to see if straightforward knowledge of HTML will be enough to configure a given tool, or whether you’ll need PHP, Perl, or even to learn a whole new tool-specific coding language.
Once you have chosen a configuration method, evaluate how much control you need. There’s a lot to consider here:
  • Templates. If you can set up a blog quickly using a template that defines the layout and colors, how many choices do you have, and how professional are they?
  • Logos. Can you upload your organization's logo? This is a surprisingly rare feature.
  • Vendor branding. Do you need to show vendor branding -- and if so, how prominently is it displayed?
  • Sidebars. Most blogs have a sidebar that can include information about your organization and links to your Web site or to other blogs. To what degree -- and how easily -- can you edit sidebar content?
  • Fonts and colors. Can you tailor text and colors on your blog to match an existing Web site or organizational branding?
  • Domain. Can the blog use your organization’s domain (for example, www.idealware.org/blog)?
  • Widgets. Can you add in widgets -- pieces of code written by third parties that allow extra functionality -- like polls or images from photo-sharing site flickr?
  • Layout updates. To what degree will the platform allow you to modify templates to create a custom layout or to match your Web site?
  • Customization. Can you customize every single page, message, and element to create a completely tailored blog?

Support

If you run into problems with configuration or posting, you’ll want to know where find help. The good news is that most tools have thorough and friendly documentation. Some offer technical-support phone lines or email support desks, while others have active user communities, where you can post your questions to user forums and find code to add functionality, known as plug-ins, to your site.

Hosting Services

Consider where the code for your blogging software will actually live. If you would like a lot of control over your blog, you may want a tool that you can install on your Web site’s server or hosting service via code files that you upload and configure.
If you'd like a less complicated option, you may opt for a hosted tool — software that sits on the vendor's server but that you can access over the Web. If you’d like a fair amount of control without installing one of these tools yourself, another option is to find a host that has the blog tool you would like to use pre-installed. (Note that some tools are much more widely pre-installed than others.)
If you plan to upload a lot of multimedia files (images, video, or audio), or you expect a large readership, you will need to consider the amount of bandwidth you can use. Bandwidth is calculated by multiplying the size of each file by the number of times it is viewed. For instance, allowing 10,000 users to view a document that is 100 KB will require 1 GB of bandwidth. If you are using a hosted blog tool, it may have a maximum amount of bandwidth you are allowed to use without incurring extra charges. If you have installed a blog tool on your own server, the bandwidth will be defined by your Web site host.

Reporting

You'll likely want to know how many people are visiting your blog, and which posts are the most popular. Reporting for most tools is surprisingly weak, but a few will tell you the most-visited pages and posts on your blog If you want detailed reports, look for a tool that will allow you to download your raw log files for analysis. If worse comes to worst, most blogging tools will allow you to use a third-party package, like Google Analytics or Site Meter, for stats.

What about Trackbacks?

Some blogs also come with a trackback feature, which allows other bloggers to automatically alert your site when they’ve linked to your post. This feature was not noted as a priority by any of our advisors, and therefore wasn't included in our reviews. In our opinion, Trackbacks are better suited to individuals who are trying to become well-known bloggers than they are to nonprofit organizations.

How to Choose

There are many variables to consider when selecting your blogging tool. What are the key considerations?

Consider whether you need more than a simple blogging tool.

Are you looking for a tool that will help you manage a number of different blogs? Will an editor need to approve posts from multiple authors? Will your blog support a closed community where only a specific group of people can view and comment? Do you want to combine your blog with discussion groups, so that the comments have more structure than a simple list? Will the blog be an integrated part of a Web site built from scratch? If the answer to any of these questions is yes, you’ll likely want to look at not just the straightforward tools included in this report, but also at more powerful blogging and community tools, such as Drupal, Joomla, and others.

Decide whether you need to tailor the blog’s appearance.

Should your blog display your logo or match your organization’s colors and fonts? Does it need to blend in seamlessly with the look of your Web site? Or are you just hoping to get something professional-looking up quickly? Can you choose the look of your blog from a selection of templates?

Determine if someone with technical skills will be available to set up the blog.

Do you have a staff member, consultant, or volunteer who can upload files via FTP? Get your blog up and running with HTML and CSS? If that’s just alphabet soup to you, and no external help is available, you’ll need to look for a vendor-hosted tool (like WordPress.com or TypePad) that can be set up without coding, rather than one that is installed on your own server.

Weigh control and integration versus ease of getting started.

If flexibility, control, and the ability to integrate your blog with an existing Web site are top priorities, you’ll likely want to use a tool that you can install on your own server, such as WordPress.org, ExpressionEngine, or Textpattern. If getting started quickly and easily is more important, you'll likely want to use a hosted tool like WordPress.com or TypePad.

Consider the technical expertise of the people who will be posting.

Are the people who will be using the blog novices requiring something straightforward? If so, look for software that makes it easy to post and to upload pictures in one step. If your users are comfortable around technology and even around a little HTML, pretty much any of the blogging tools mentioned in this article will work for posting.

Decide on other critical features.

If you expect to have a high volume of comments, then you should seek out moderation functionality. Is it important to be able to display posts by category? To show only excerpts (rather than entire posts) on your blog's main page? To be able to embed multimedia files via JavaScript?
Blogger
If you have some basic HTML skills and are looking for a free and user-friendly tool, Blogger is a great choice. It's easy to create posts, upload photos in a single step, and customize the HTML to exactly match your Web site. It also offers an easy set-up process to show your blog at your own domain (www.yourorg.org/blog) rather than at Blogger's (organization.blogspot.com). If you’re not able to muck around with at least a little technical stuff, however, there are better choices -- by default, Blogger includes a prominent navigation bar that shows the Blogger logo and random links to other blogs, which you’ll need technical chops to remove. It also doesn’t support categories. Read a detailed review on Idealware's site>
LiveJournal
LiveJournal is, at its core, a community collaboration tool that allows you to form networks of “friends” and blogs online. While it's often used to create simple blogs, the tool isn't the best in its realm, especially in comparison to some of the free tools (LiveJournal costs about $2 a month). It’s not very intuitive to set up, and the less-than-professional-looking templates are difficult to modify, even with advanced coding skills. If you're looking for a tool to create an organizational blog, there are better choices. Read a detailed review on Idealware's site
TypePad
If you’re looking to get started quickly but flesh out your blog’s look and functionality over time, TypePad may be the tool for you. It’s also the only option among the tools reviewed that will allow you to display your organization’s logo without using HTML. Easy-to-use tools allow you to tailor all colors, fonts, and images through the site, or update the site HTML through a (rather complex) set of templates. Even technical novices will be able to post text and photos with ease. Starting at $4.95 a month and ranging up to $14.95 a month for complete customization, it’s the most expensive of the hosted tools we reviewed. Read a detailed review on Idealware's site
WordPress.com (Hosted)
The hosted version of WordPress offers a limited number of professional-looking templates that allow you to easily get your blog up and running in just a few minutes. While this version is free, you can't customize anything beyond the template, meaning there's no option available to tailor colors, fonts, domain name, or logo. The comment moderation functionality is great, however, the tool easily supports categories, and it allows you to show excerpts rather than full posts on the first page of your blog. Read a detailed review on Idealware's site
WordPress.org (Installed)
Of all the tools we reviewed that require installation, WordPress was the easiest to get up and running, and is frequently offered pre-installed or as an easy install by hosting companies. This might make it worth a look for even those without experience installing software on a server. Those with HTML skills and a little PHP knowledge can completely customize their blog setup. Other than that, WordPress’s installed version is similar to the hosted version- both offer great comment moderation functionality and support for both categories and excerpts. Free and open source. Read a detailed review on Idealware's site
Movable Type
Movable Type is a perfectly respectable blogging tool. However, at $199 or more (depending on the number of licenses needed) for a one-time purchase, it doesn’t compare well to its free brethren. It’s the most difficult to install, one of the more difficult ones to configure, and doesn’t have many extra features to make up for it’s cost. Its inability to toggle between HTML and rich text versions of posts is particularly annoying. Read a detailed review on Idealware's site
ExpressionEngine
ExpressionEngine is a flexible, powerful tool that is targeted at more tech-savvy bloggers. It’s relatively easy to install and configure, and you can tailor settings at a very detailed level. You’ll need an understanding of HTML to format posts. Beyond the scope of this report, it offers sophisticated support for a community of bloggers. Both a free and paid version are available. The paid plan includes unlimited technical support for a one-time licensing fee of $99.95 (for nonprofits), plus $19.95 per year for access to the latest updates. Read a detailed review on Idealware's site
TextPattern
Also targeted at more tech-savvy bloggers, and similar in concept to ExpressionEngine, TextPattern is a flexible, powerful blogging tool you install on your own servers. It’s particularly easy to configure the look of your blog via HTML, as TextPattern's interface includes wizards to build all the custom syntax you’ll need to reference posts. Technical novices may be intimidated by the post formatting interface, which includes a set of simple but custom formatting tags (for example, you need to put asterisks around text to bold it). The tool is somewhat limited by its documentation, which is not as clear as other tools'. Free and open source. Read a detailed review on Idealware's site

Comparison Chart

For more information about we arrived at the ratings for each tool and category, please see How We Rated the Tools.

Recommendations

Which blogging tool should you use? Like anything other type of software, the best tool for you will depend on your needs. Here are a few suggestions for some common nonprofit situations:
  1. We need to get up and running quickly, without technical skills, and the blog's appearance isn’t important.
    • WordPress (hosted)
    • TypePad
  2. No one technical is available to help set up the tool, but tailoring the blog with organizational colors and logo is important.
    • TypePad
  3. We want to tailor the blog, and someone technical can help set it up, but non-tech-savvy folks will be posting.
    • Blogger
    • TypePad
    • WordPress (installed)
  4. Our organization is pretty technical all around, and we want the most flexibility in a blogging tool.
    • WordPress (installed)
    • TextPattern
    • ExpressionEngine

Additional Resources

While this report covers the software, there’s a lot more to know. Fortunately, there are a lot more resources that can help you learn how to create and sustain a great blog.
This report was created in partnership by Idealware and CompuMentor, with the help of a talented group of contributors and advisors. Read more about those who participated in the creation of this report

Source : http://www.techsoup.org