Has SaaS gotten ahead of itself?

The as-a-service revolution has not yet reached its zenith. The earliest benefit of software as a service (SaaS) ushered in a shift away from on-premise software which tended to carry a high up-front cost, to a new model with lower up-front costs but monthly recurring fees, which allowed enterprise resource planning (ERP) and other enterprise software within reach of smaller and midsize companies.

Eventually overcoming initial concerns over security, SaaS has quickly become the predominant software delivery model, fundamentally changing the entire software industry from development to sales and changing the very nature of how organizations procure, deploy and manage applications.

More to the point, it's triggered an end-user revolution that has placed control firmly in the eager hands of departmental managers and users, and wrestled control out of the IT priesthood. But have we, in our zeal to simplify and serve the end user, gotten ahead of ourselves? Is SaaS delivering on its promise of decentralization and democratization – or have we created an anarchistic quagmire rife with duplication, unsecure practices and no visibility?

The as-a-service model is based on abstraction, something that has permeated not just business, but everyday consumer life. As-a-service apps like Amazon Alexa have dramatically changed how consumers interact with their devices, making voice commands the new interface for everything from running a smart home to channel-surfing. Smartphones include as-a-service apps for everything from banking, to ordering food, connecting to your automobile (or if you don't have an automobile, connecting to an Uber), and more, with most of those phones now featuring voice interface connections to smart assistants like Siri, Alexa, or Google Assistant.

That abstraction is the heart of SaaS, but at the same time could be its downfall without proper measures in place to prevent the positive elements of decentralization from becoming IT anarchy.

Shadow IT versus productive decentralization

All of this democratization carries tremendous advantages. Costs are lower. Administration is easier, and line-of-business managers gain a lot more flexibility in choosing what they need to run their own departments. That direct control removes what is often an unnecessary and unwelcome layer of IT bureaucracy, which puts decision-making into the hands of IT people who may not necessarily understand the business needs of the departments who will actually use the software.

There is however, a lingering black cloud. With line-of-business managers throughout the enterprise suddenly being empowered to make their own decisions and acquire and deploy their own software, we are increasingly seeing situations where there are duplications and redundancies, new organizational fiefdoms organized by managers eager to maintain control over their turf, and even possible conflicts between apps and data.

There is a fine line between productive decentralization, and what is commonly referred to as "Shadow IT." The latter is uncontrolled proliferation of apps and projects without the oversight of, and often without the knowledge of, the IT department. It often results in unforeseen problems, and in some cases, even legal issues that may occur when departmental managers may not have a full understanding of compliance issues or legal data retention requirements.

This approach also may result in higher costs, effectively eliminating one of the big advantages of SaaS. Without a centralized role in procurement, vendor management and negotiation is overlooked, often resulting in unnecessarily higher costs of acquisition, possible duplication and situations where apps may be acquired and then not used, resulting in ongoing monthly fees for ghost apps that are no longer active.

Productive decentralization on the other hand, allows those departmental managers a free hand in acquiring, deploying and managing apps and projects, but retains a centralized role for IT to guard against those sorts of dangerous and potentially costly issues.

SaaS best practices and maintaining visibility

The biggest risk of SaaS and "shadow IT" is that apps will become invisible. Squirreled away in departmental silos, SaaS apps are increasingly isolated, and the cost benefits of SaaS are quickly lost.

Best practice involves getting the best of both sides – preserving the autonomy and fast response that departmental managers demand, while also preserving a centralized role to avoid the costly missteps of shadow IT.

Technological solutions are easily at hand, but the first wave of protection against SaaS confusion is a set of best practices, created by the IT department, championed by upper management and communicated effectively to the rank-and-file:

• Use good password protocols for your SaaS apps.
• Don't download an app from a provider you've never heard of before without vetting it first.
• Regulate whether or not employees can use SaaS apps on their personal smartphones while connecting to the corporate network.
• Facilitate better communication between end-users and managers, and the IT department. Create an "Open Door" IT policy.

Once a sound set of best practices and policies are put in place and understood, then it's time to reinstate at least some IT control over the growing SaaS ecosystem. Cloud brokers like Cisco's Cloudlock prevents malicious cloud apps from connecting to the corporate network, and includes a useful crowd-sourced Community Trust Rating, which end-users can easily refer to as a simple vetting tool before downloading an app.

SaaS management offers a platform that can bring a unified view of SaaS. Still, SaaS management relies on manual oversight, a lack of metrics and no centralized way to impose accountability among departmental SaaS owners. A newer type of SaaS management has emerged in the form of The Autonomous IT, which adds a new layer of automation to SaaS management while imposing best-practices rigor over spend, utilization and governance. Next-generation SaaS managers like Torii automatically detect new SaaS apps, notify the admin as well as the category owner, allowing many of the IT SaaS management decisions that bring order into chaos to be made automatically, quickly and efficiently.

Effective SaaS management answers the questions that individual department managers cannot. By imposing a 360-degree view of all SaaS apps from everywhere in the company, a centralized management platform allows departmental decision-making, while maintaining a centralized database of ownership and use.

The next step in SaaS

The as-a-service model is nothing new, but it is only just now reaching its most mature stage at which it can be effectively controlled. Economically, this is good news for the enterprise, which in the past enjoyed only incidental benefits that were, for the most part, left unmeasured and unregulated. The next generation of SaaS is reigning in shadow IT to preserve the decentralized benefits of the as-a-service model, while bringing back just enough discipline to make it work the way it was intended.