In the earlier days of alumni management, organizations - finding themselves limited by choice - would often rely on a homegrown site to manage their community. Sites built with WordPress are a brilliant choice for a range of purposes - from bloggers, to organizations needing a simple site with simple features. It's also a great choice for large organizations such as CNN, who have vast teams and engineering capacity to support it.
The appeal is clear. With WordPress anyone can dream up an idea, search the plugins center and magically bring to life almost any vision. And as a customer, the speed of which ideas and changes can be brought to life make it quite appealing. For many organizations at the start of their Alumni journey, WordPress also meets all basic requirements of a version one, such as building a basic website where people can join and exchange some content, see events and access an address book.
WordPress is known as a ‘beginners playground’ because of how easy it is it to create a site with amazing features, not to mention it’s free, open source and has a wealth of tutorials. But there is a dark side. It has also been classed as the most attacked Content Management System (CMS) on the market, and without a large scale team managing the infrastructure, no company can afford to place Alumni, employee or any other protected data on a WordPress site. Public blogs = perfect; Employee data = not so much.
Despite a massive community deploying regular security patches, for an enterprise to take advantage of WordPress will require a considerable team of experts; and without support, it is unfortunately not enterprise grade, as it does not have the code and life-cycle controls required of a modern vendor.
Organizations cannot look to or rely on vendors who in turn rely on WordPress for one simple reason. WordPress at its core may be secure – but the majority of the sites that have been hacked or compromised are as a result of the vulnerabilities of WordPress plugins.
Think of it like the apps on your phone: do you know who made all of them, what access they have into your data, what type of support they offer in the event of a problem or their up time and escalation scenarios? How do they manage your data, your system data and how do they manage GDPR compliance? That’s basically the WordPress issue - it's the Wild West of apps that don’t go through even the basic scrutiny that your mobile apps do, and therefore you really have no idea of the access these app have to your data and the potential impact of a breach.
Enterprise Grade is about owning and developing the entire application that can be audited, scanned and meet GDPR, ISO 27001 and SOC 2 compliance, for instance.
Many organizations who started their alumni journey on their own site developed in-house are now looking to dedicated SaaS vendors who provide enterprise grade platforms. As their Alumni community expands and matures and the functionality they require outgrows existing capability, they reach a major inflection point.
Our firm recommendation to those recognizing the need to deliver an enterprise grade solution to their Alumni and their organization is to consider a SaaS solution where the code, integrations and process are owned and operated by the vendor who carry the burden of compliance, and who can present to you exactly how your data is handled, managed, stored and accessed.