How Columbus Metropolitan Housing Authority Modernized Their Cybersecurity

Modern cybersecurity challenges are not always about adding new tools. For many housing organizations, modernizing systems that support daily operations is a priority, especially as technology continues to evolve and infrastructure demands increase.

At the Columbus Metropolitan Housing Authority (CMHA), that meant taking a comprehensive approach to strengthening their technology environment, not only to improve security but also to enhance reliability, performance, and access for both staff and the community. Rather than addressing individual systems one at a time, CMHA focused on building a stronger, more resilient foundation that could support long-term operations and reduce risk across the organization.

A comprehensive approach to modernization

CMHA launched a multi-year cybersecurity and technology modernization effort to improve system reliability, strengthen security, and support long-term sustainability. Rather than relying on incremental updates, the team designed a coordinated approach that addressed infrastructure, access, and end-user systems together.

The project included several key components:

• Cloud migration: Core systems were moved from on-site servers to a Microsoft Azure cloud environment, improving system monitoring, scalability, and overall resilience.

• Network and access improvements: Internal networks were strengthened with updated configurations and tighter access controls to better protect sensitive systems and limit unauthorized access.

• Backup and recovery enhancements: Updated backup and disaster recovery capabilities were implemented to ensure critical systems and data can be restored quickly in the event of an incident.

• System modernization: Outdated servers and legacy systems were retired or replaced, reducing complexity and eliminating older technologies that are harder to secure and maintain.

• Community computer lab upgrades: Computer labs used by residents were refreshed with updated hardware and configurations, providing safer, more reliable access to digital tools and resources.

Together, these improvements created a more consistent and manageable technology environment, improving how systems are secured, maintained, and supported across the organization. Vice President of Information Technology Yuhma Koh leads these efforts, focusing on protecting sensitive data, improving system performance, and reducing organizational risk.

"The project was driven by aging infrastructure, increasing cybersecurity risk, and the operational challenges of maintaining legacy systems," Koh said. "Modernizing our environment was a proactive step to reduce exposure, improve resilience, and better protect agency and resident data."

What other housing organizations can learn

For housing authorities considering similar efforts, Koh recommends viewing cybersecurity as an operational priority.

"Cybersecurity should be framed as an operational risk issue, not just a technology upgrade," he said. "Clearly articulate how legacy systems create exposure, how modernization reduces that risk, and how the investment protects both financial and community interests."

CMHA’s experience also shows that large-scale improvements do not have to happen all at once. Starting with key priorities and building momentum over time can lead to meaningful, lasting improvements.

How the Loss Prevention Fund can help

The HAI Group Loss Prevention Fund is an annual reimbursement program available to HAI Group members that supports projects designed to reduce risk and strengthen operations. Members apply for funding each year, and approved projects are reimbursed for eligible improvements, including cybersecurity initiatives. For housing organizations considering similar efforts, the program can help support investments that strengthen infrastructure, improve resilience, and reduce long-term risk.

Learn more about the program, explore application resources, and see how your organization can get started.