SaaS, Governance & The IT Bypass
My last SaaS posts were mostly about SaaS from a SW company’s strategic perspective. This one is as a SaaS consumer – from the viewpoint of business and IT users.
As a business user, SaaS represents a wonderful opportunity to find and start using new applications that make my job easier. All I need is a credit card, a computer and an internet connect. Great – after 10 minutes I can hit the ground running with my free trial. One monthly price and I have no IT budget hassels (hence the bypass), no servers to install, no backups to worry about and no datacenter costs. Personally, at IQ, I use a variety of SaaS solutions and wouldn’t want it any other way. Neither would our technical team – they are too busy building innovative technology. So, for a small to mid-sized business or department of a large organization, the model is cost effective and works well.
The picture is not so rosy for larger IT organizations. Imagine this very real scenario: Mary in accounting needs a better way to organize and store invoices, so she get a SaaS subscription to InvoicesAreUs (a SaaS startup) for herself and 5 other team members. Bob in marketing wants to store his collateral online and make it available to the sales team, so he gets a Google Sites account and creates a quick intranet. Meanwhile, the CIO has just paid $10 million dollars for an enterprise Documentum license. Fast forward 3 months, InvoicesAreUs goes out of business and Bob gets fired? There is suddenly a crisis. Nobody has a record of the invoices, since Mary scanned the hardcopies into InvoicesAreUs and then destroyed them (naturally the InvoicesAreUs database is no longer available); Bob still has access to the online Google Sites since nobody has revoked his authorization (there is no tie-in to a central LDAP or similar security directory); and the CIO suddenly has to figured out why employees are paying monthly fees for something that he has already bought.
Could this fiasco have been avoided? Well, yes with 3 main governance components:
(1) All SaaS purchases must be approved to ensure that there is no overlap with existing or planned systems that the purchaser is unaware of;
(2) All SaaS user accounts must be authenticated against a central LDAP (or similar) directory so that users can have their access to the systems withdrawn;
(3) All SaaS data must be provided on a backup schedule with a mechanism to view and manipulate the data outside of the SaaS application.
So, what’s the bottom-line? SaaS can be incredibly useful, valuable and cost effective, but to be successful, SaaS vendors need to support coporate IT’s governance and security requirements.
One Response to “SaaS, Governance & The IT Bypass”
Leave a Reply
I am a marketing exec with a passion for technology and innovation. After 15 years of working as a business consultant and marketing executive for some of the most successful global companies and a couple of start-ups, I currently lead the Interactive / Technology team at (add)ventures.
All content on this site by Graham Lubie is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Based on the work at GrahamLubie.com.
Hello. This post is likeable, and your blog is very interesting, congratulations
. I will add in my blogroll =). If possible gives a last there on my blog, it is about the TV de Plasma, I hope you enjoy. The address is http://tv-de-plasma.blogspot.com. A hug.