The old saying, “history doesn’t repeat itself, but it often rhymes,” proves itself time and again with computers. In my recent analysis of SaaS management platforms (SMPs), it proved true once again, as I couldn’t help but observe how familiar the problem of getting a handle on software-as a-service (SaaS) sprawl felt.
The challenges inherent in discovery, visibility, and balancing concerns between stakeholders are elements in any kind of effective IT management. This iteration probably provides clues to future challenges that are difficult to anticipate.
How IT Got Started
Taking a retrospective look at the creation of IT departments through history provides insight into an important and ongoing management challenge. Some organizations had computer systems in the 1960s and 1970s, but those systems were necessarily expensive, purpose-built, and very clear on the problems being solved.
For example, a bank may have had a mainframe that served as a transactional database for millions of accounts. Although the system would be composed of many pieces, there wasn’t an application portfolio spanning thousands of systems with questions such as:
- Who uses this software?
- Is it redundant with other systems?
- Where did it come from?
- Can we get a better deal just by asking, or by easily switching to a competitor?
- How does the business function tie to business capability (i.e., clearly it does something, and probably something that used to be done with a pencil, but what is its actual value?)
- Is it integrated with [pick your favorite] new app?
Such systems were necessarily supported by dedicated staff, but that staff was organizationally tied to the business units they supported, and questions like these would have seemed comical at the time.
In the 1980s and especially 1990s, with the advent of personal computers and lower-cost terminal devices such as those seen in point of sale or inventory management, software systems expanded greatly along with the hardware to assist in a multitude of business functions. Email became a necessity, and any paper process became a clear opportunity for technologization. In many cases, the value, purpose, and deliberation were in place for those systems, but the sheer increase in size and shared overhead necessitated creating IT departments or outsourcing the management of computer systems to third parties such as MSPs or technology consulting firms. Often, the technical staff that previously supported a few critical technology systems on behalf of discrete business units inherited these burgeoning responsibilities.
Going Full Circle
That worked all right until around 2010, when another iteration of technological advancement challenged the existing model. Web technology and cloud computing were sufficiently established to make data centers the natural home for most business software, and it made ubiquitous smartphones, tablets, and laptops the terminals. SaaS became the norm, with a cost and deployment model that benefited both providers and consumers. With a market the size of the world, almost any niche business function is an arena for competitive development. A critical component of this latter advancement is that all of this became much easier and culturally commonplace.
Around this time, many IT departments found themselves with egg on their faces. For example, perhaps business units asked for a teleconferencing option and were met with long timelines and seemingly unreasonable budgets. Why does it take six months and millions of dollars when any cell phone has video conferencing capabilities ready to go in five minutes?
IT was on the defensive. What about data security? A sanctioned option will save money in the long run. The network must be ready to support the bandwidth. The list goes on. The partnership became strained. In some cases, words like “rogue” and “shadow IT” were used to describe business units that took matters into their own hands by discretely signing up for SaaS applications. It’s an understandable, if ironic, attitude toward things coming full circle. Business units are deploying and financing technology that they find valuable. What is this, 1980?
Today, there is growing acceptance of the idea that SaaS and BYOD options are good for everyone—they just require a way to manage business considerations that may not be apparent to (or appreciated by) all end users. Data and network security is not negotiable, and neither is auditing or compliance requirements. Integration with other corporate systems is valuable, but may not be necessary on day one. Licensing costs may be temporarily higher, but they can be optimized. Most of the pain points are temporary and solvable.
SMPs Address Most Pain Points
SaaS management platforms help to bridge those gaps. They allow IT departments and finance/procurement groups to achieve their goals without obstructing business units from taking advantage of the wealth of easily accessible software on the market. As custom software is gradually replaced with market alternatives, some IT departments may even get leaner and more focused on things like security and integration.
SaaS management platforms can only do so much though, especially with regard to application discovery. Ultimately, they can only “spider out” from known systems to discover unknown systems. They can integrate with corporate identity providers, monitor company email systems, integrate with browser extensions, and scour company expense records for clues as to which SaaS applications may be in use. Some even provide mobile device management integration to enhance the reach into mobile devices accessing the company network.
What about the case of an employee using their personal smartphone over the cell network and a free-tier teleconferencing account tied to a Gmail address? Or what about accidentally using the account of a different organization, such as a school or contracting agency? Was anything discussed on the call confidential? Did it contain clues to trade secrets, or did the data need to be audited or preserved for potential legal subpoena? The organization must evaluate those questions.
Only policy and good training can effectively mitigate these issues, but even that is not perfect and will face headwinds. Regardless, the race for expanded discovery is on, and at some point, it will probably include aggregation of disparate but available usage data with ML analysis, similar to the kind used for web marketing.
The alternative is to allow the organization additional visibility (surveillance software and managed configuration policies) into personal devices and personal accounts. If that loss of privacy does not concern you, bear in mind that the 21st-century mining-town model faces its own headwinds regardless, as seen by recently proposed legislation in California limiting the use of email off work hours.
In my opinion, that is the most compelling reason for software users to enthusiastically use business resources for business purposes. Respecting the integrity of business data effectively preserves the cultural border for personal privacy. If that distinction goes up for grabs, it is back to pencils and sticky notes.
Next Steps
To learn more, take a look at GigaOm’s SaaS management platform Key Criteria and Radar reports. These reports provide a comprehensive view of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.
If you’re not yet a GigaOm subscriber, sign up here.
