If you had to boil down the purpose of SaaS management into one word, it would be transparency. Sounds pretty simple, right? If you’re in IT, you know how loaded “simple” really is. Perhaps the single biggest challenge for IT when it comes to cloud applications is not the cost, subscriptions, licenses or even security. It’s transparency - being able to answer:
- What do I have?
- How is it being used?
- Who is using it?
- What data is involved?
SaaS applications have given companies of all sizes technology at scale, often at a fraction of the price and resources required to obtain and manage them. Employees have unlimited access to data and can easily share information amongst themselves and authorized third parties (at least, we hope they are authorized).
With all of the benefits, however, there are specific drawbacks of cloud technology, specifically, how easy it is to get out of control. Unless IT has specific SaaS governance policies in place that are actively being monitored and upheld, the SaaS landscape is anything but transparent.
A Blind Eye
IT is often the last to know of the new apps brought into the platform. Those questions above? They are what keep IT execs up at night. “Who the hell knows what we have?” is a phrase I recently heard one company ask. It’a valid point and shared by many CIOs.
IT cannot turn a blind eye to the SaaS ecosystem. In fact, it should be integrated into the overall IT governance strategy. SaaS may not be taking over the world, but it damn well might be soon. One rogue SaaS application can destroy a company if it’s left unchecked, yet many employees have no idea how much risk and vulnerability they are introducing to the company every time they begin using a new and unmonitored cloud application.
Related: The #1 Biggest Risk to CIOs
It’s not the cloud app that is so dangerous; it’s the data that goes along with it. How sensitive is that data? If the app, the app vendor, or your company were to get hacked, would the data breach spell disaster? How well is that vendor protecting your data, sensitive or not? What happens when that vendor goes out of business? Do they properly dispose of your data? Is any of your data being sold to another party?
CIOs must not only know what cloud apps are in the enterprise but exactly how those apps are being used and by whom. It’s not a one-time thing, either. This takes perseverance and a dedication to a SaaS governance policy that demands rigorous monitoring. Transparency means nothing is hidden, nothing is a surprise.
CIOs can’t survive with a blind eye. They only have two eyes and that’s by design: one focused on risk and one focused on opportunities.
A Critical Eye
It wasn’t long ago that CIOs had a dilemma to solve: keep data in house for greater control and security but at the risk of less flexibility and greater costs; or push data into the cloud for greater scale and access at the risk of less security. Today, however, that question has been answered. Cloud First is a global priority for increasingly more companies.
- Hybrid cloud adoption grew 3X in the last year, increasing from 19% to 57%
- In 15 months, 80% of all IT budgets will be committed to cloud solutions
- Trust that public clouds keep data secure jumped 76% in one year
Clearly, both SaaS vendors and IT executives have figured this cloud thing out. The report says the increased confidence comes from a greater awareness of its necessity in order to survive. More secure APIs, better authentication and other security enhancements have given IT executives the peace of mind they need to jump on the SaaS bandwagon.
Security concerns may be eased, but IT execs must still place a critical eye on their risk. Not all cloud vendors are alike in their commitment to security. If there isn’t strict SaaS governance, employees can easily, albeit inadvertently, invite dangerous applications into the mix, almost always without informing IT.
CIOs must invest in SaaS management software to ensure they can not only track known applications (both SaaS and on-premise) but identify shadow IT wherever it may hide. A critical eye is constantly assessing risk - current and potential. Only then can IT executives answer those questions of what, how and who. That, my friends, is called transparency.
A Keen Eye
With one eye on risk, the other eye gets the more pleasant job of focusing on opportunities. The cloud brings plenty of flexibility, freedom and choice. SaaS applications enable companies to do more, often with less. Identifying those areas where improvements can be made via SaaS technology is actually fun and opens up an entirely new frontier of possibilities.
IT executives have the world at their fingertips. There are SaaS apps for virtually every business function, ones that will bring unprecedented functionality and productivity to employees. This is where SaaS governance must come into play.
It’s too easy to get excited about the next greatest app. Employees (including executives) must be given guidelines on how they are to go about consuming SaaS applications. Priority number one is transparency. IT is the Big Brother and NOTHING, I mean nothing, should get by them.
Of course, not every employee will comply, requiring modern SaaS management software to make this process much easier. Governance can only go so far, then technology acts as a backup plan, a failsafe, a periscope into every app and every user. It can also help enforce the governance policy by providing a deterrent for insubordination.
Transparency goes both ways. Employees need to understand the stance of IT with strong governance policies and enforcement. CIOs and IT executives need to know what exactly is in their IT landscape at all times. In both cases, transparency brings peace of mind as it sets expectations, lowers risk and ultimately empowers the enterprise.