Proactively Managing the selection and implementation of SaaS tools for the Workplace
“Businesses have well and truly invested in SaaS tools to scale and enable their business. Businesses can centralize or decentralize the process in SaaS solutions. IT leaders have a key role to play as to how a business operates when it comes to process and technology. SaaS can alter a business’s security posture and change how the business operates. IT can play a key role in helping teams select the right tools forming a greater level of trust. The end game is IT becoming the trusted advisor and proactively being involved in the process early”
About the Author: Damian Fasciani has led Technology teams for over 20 years focusing on digital transformation, cloud, SaaS. He’s passionate about people and culture.
Currently VP Engineering & Product @ Expert 360; formerly CTO @ Starez, Director of Technology @ Culture Amp, Head of Technology @ REA. He’s an Advisory Board member of Detexian.
Since the introduction of SaaS in the late 90s, the role of IT has gradually evolved. Businesses have evolved, no longer is IT the sole decision maker in the process of investing in new technology. Business stakeholders & teams have now become more active in the process of researching and selecting SaaS tools that meet their needs. The ease of finding these tools has also influenced the adoption of new technology.
It is an impossible task for IT to stay up to date with new SaaS tools hitting the market, however IT can position itself differently to ensure that when their business stakeholders need new technology they partner with IT in the process. This means that IT needs to become the trusted advisor. More often than not if that relationship is built then IT can positively influence the type of SaaS tools that enter its organization.
Why is it important for IT to be involved in the selection process?
While the functionality and use of a SaaS tool is front of mind for the business stakeholder or team, the technology and security profile of that tool should be front of mind for IT. SaaS tools are designed and built differently, not all are secure or come with the appropriate security controls that IT would desire.
How can IT get in front of the problem proactively?
IT leaders and their teams can establish a ‘profile’ of the ideal type of SaaS tools based on a desired criteria that is appropriate for the business. The criteria may be different for every company based on how it serves its customers, the level of risk it wants to carry, the security standards it must uphold etc.
The criteria established helps business stakeholders understand what is required over and above software functionality when requesting and selecting a SaaS tool. For example – IT leaders may require that Single Sign On is required and as an extension to this the data that the SaaS tool holds may need to be encrypted because it is storing customer data. IT leaders can ensure the security posture of the company is not at risk when these types of features are available.
Becoming the Trusted Advisor
IT Leaders can establish SaaS selection guidelines with a set criterion in the form of a document and training. Rolling out a small program for key stakeholders proactively puts IT in a position of becoming a trusted advisor. This ensures that when stakeholders go out to find their next SaaS tool, they have everything they need to help with their selection and if they have questions, IT can assist as needed. This brings awareness to IT leaders and as a result the selection process is a collaborative one between the business stakeholder and IT. More often than not IT can be put on the backfoot when asked for assistance when implementing a SaaS tool, by being part of the process, they can prepare the necessary work to embed and roll out the SaaS tool.
As part of embedding a SaaS tool, IT should be thinking about the following:
SSO for On and Off Boarding
Integration needs into other SaaS tools
Role-based access
Integration into an IAM tool (if one is in place)
Terms of service to ensure there is adequate liability, support, technical support, customer success in all appropriate regions.
The SaaS Ecosystem
Over time as a business invests in a host of SaaS tools, IT can be called upon to assist with managing the SaaS ecosystem and this goes beyond onboarding and offboarding (system access). Today, businesses want SaaS tools integrated into one another, an integration strategy may need to be implemented if there is a growing need to integrate multiple SaaS tools.
The SaaS ecosystem consists of two types of SaaS tools, those sanctioned (Security and IT clearance) and those that are unsanctioned (this is known as Shadow IT). Shadow IT can grow undetected and quickly if IT teams are not proactively engaged in the needs of their business.
Business sign off can be approved financially without the appropriate technical checks and balances. This can catch IT leaders off-guard, finding out second hand that multiple employees have access to new SaaS tools working with and storing customer data / sensitive IP. Let’s work through an example of Shadow IT:
A product management team may need a collaboration tool because the team is working remotely across multiple geographic locations. They seek financial approval from their General Manager who agrees to pay for Miro giving 20 product managers access. With no IT or Security improvement, Miro has been paid for on a corporate credit card with 20 staff accessing the tool daily inputting sensitive data such as
Customer feedback on product enhancements and bugs
Product Roadmap(s)
Product Vision and Strategy
Product Workshop feedback from the top 20 customers.
With IT leadership finding out about the tool two months later, there is a host of work to be done urgently:
Security Due Diligence
Configuration of SSO (if the vendor supports this)
Assessment of the data stored to date
Manual Audit of current access requirements (not everyone needs administrator access)
Building a relationship with the vendor, moving to a contract ensuring invoicing, support and customer success services are in place should the product team need help.
In addition to the items below, data flow between multiple SaaS tools can carry risk, especially if there are different classifications of data that are traversing these SaaS tools. As the ecosystem becomes larger, the security posture can shift, and therefore IT leaders are key to ensuring the right tools are selected and managed once in use in an organization.
The SaaS industry has removed the traditional procurement barriers making it simpler than ever to subscribe and get started. IT is more important than ever ensuring that customer data, employees and IP are well protected. IT Leaders can positively play the trusted advisor by putting in place appropriate processes, business guidelines, and technologies ensuring the health of the SaaS Ecosystem is in good working order while keeping customer data and employees safe.