The Risks of Building an In-House Board Portal

Nicholas J Price
It's easy to identify what board directors want and need in a board portal. Board directors want functionality and convenience. They need the strongest security possible. Most companies are starting to bring additional IT staff on board to protect their companies from cybercrime. While it's a good step to prevent against hacking and IT staff may have some knowledge of how to build an in-house board portal, rarely is it practical.

What sounds like a good idea at the outset can create new problems with respect to security, user-ability, functionality and support.

Risks of Building an In-House Board Portal

In considering the option of building an in-house board portal, it's prudent to examine the increased costs.

Companies will incur all costs for an in-house board portal. The base cost in setting up an in-house board portal will be approximately US$100,000. That doesn't include extra fees for consulting, licensing and support at an ultra-high hourly rate.

In addition, there are significant internal IT costs, such as capital outlay and ongoing operating costs for an onsite solution. The costs are often much more prohibitive than boards anticipate.

While the costs of an in-house board portal are excessive, security is another major concern. In-house network security specialists will likely not have the experience or expertise to design and implement a highly secure in-house board portal. An on-premise board portal often excludes some of the critical security components that are needed to ensure that the company's information is truly secure. The cost and complexity of managing high-level security make onsite portals unsuitable for on-premise use. Most in-house portals have poor encryption key management infrastructures. Hosting the solution onsite won't resolve this problem. In fact, it could open up even more vulnerabilities.

Ongoing security threats require IT teams to continually monitor the system, set up penetration tests and update systems to maintain security. Failure to address these issues adequately could easily open up system vulnerabilities. The sophistication and prevalence of cybersecurity threats require continual monitoring, regular penetration testing and regular updates to maintain the integrity of the necessary security. These security tasks are critical for an in-house board portal that is hosted internally and exposed over the public internet, as today's boards require. In most cases, these steps are impractical, at best, from a security and cost perspective. Also, your internal IT team will have access to the system, which poses an internal security risk.

The fast pace of the marketplace demands that board directors have 24/7 access to board materials. Board directors often work remotely, sometimes across the miles or overseas. In-house board portals are usually hosted in only one location. In the event of an outage or maintenance issue, the entire system goes down with no available backup. A dual-hosted solution with complete fault tolerance would double the costs of the portal, where costs are already prohibitive.

An in-house board portal requires significant IT resources for installing, managing and ensuring the system is available around the clock. The IT department has to put a lot of work into the infrastructure. Managing a portal requires 24/7 attention, which again, is cost-prohibitive for most companies. Upgrades and updates require testing, and that often means there's a risk of downtime, especially during times of complex upgrades or updates. With all the time and attention that the portal demands, any work that the portal needs to have done often gets pushed to a lower priority, which provides a major source of frustration for board directors.

When questions arise that require support or customer service, users are limited by staff hours. Board directors often work at off-hours and may work in various time zones, which makes getting help difficult or impossible.

Function and features make a big difference for board directors. Certain software solutions have the option to convert all documents automatically to PDFs. This feature ensures that board directors can access all documents at all times. This feature isn't always available for self-hosting platforms because of the high cost.

Modern Governance Requires the Efficiency of a Diligent Board Portal

Diligent Corporation offers a SaaS (software as a service) solution where the benefits of the system far outweigh the costs. With a one-year subscription model, companies only pay for actual usage of the solutions and features they need. Companies won't incur any internal costs for IT.

With Diligent's portal, non-executive board directors can access the system from public networks and web browsers without compromising security. Diligent employs highly qualified IT experts whose sole responsibility is to manage your system's security. They receive automatic notifications of emerging threats and are poised to respond with quick action to ensure that your system is always protected. Companies that choose Diligent Boards gain the assurance of having industry-leading security firms that regularly run penetration tests.

To ensure reliability, Diligent also offers a full dual-hosted and highly redundant solution so companies have the confidence in knowing that their board portal will always be available for authorized users. The IT costs to companies for this level of high security is close to zero.

Diligent's IT teams work together closely to ensure that their updates are rigorously tested. Updates have minimal impact on customers. What's even better is that Diligent Corporation handles all communications and provides all documentation, training and support for its customers.

Diligent's support and customer service departments are fully staffed and available 24/7. Customer support is available in all time zones. Often, they solve most problems remotely, before customers even notice there's a problem.

It's common for board directors to serve on more than one board. As a convenience, Diligent makes it possible for board directors to have a single log-in so that they can access multiple board programs from one platform, which isn't available with self-hosting systems.

Diligent also has a strong process embedded into the system that makes it virtually impossible for unauthorized personnel to access it. Access to encryption keys requires a quorum of three staff members from different departments to protect sensitive corporate information from internal staff.

In essence, to set up and maintain an in-house board portal is a huge undertaking and one that isn't always practical, useful or cost-effective. The task requires security architecture, tools, expertise and vast expense to do it right.

Companies can't go wrong with Diligent Corporation, the modern governance company, for the best in user support, disaster recovery, security incident response, and full compliance with laws and regulations in their board portal system.
Related Insights
Nicholas J. Price
Nicholas J. Price is a former Manager at Diligent. He has worked extensively in the governance space, particularly on the key governance technologies that can support leadership with the visibility, data and operating capabilities for more effective decision-making.