Skip to main content
close search
site logo
Dive Brief

Organizations need to care and tend to SaaS apps 'like a puppy'

Published Oct. 22, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter

Dive Brief:

  • When it comes to handling software as a service (SaaS), "governance, as dull as that topic may be, is the only solution" for mitigating risk and application overlap, said Jay Heiser, VP analyst at Gartner, while speaking at the Gartner Symposium in Orlando, Florida last week. 
  • To avoid SaaS applications running amok, Heiser said they should be attended to and cared for by a responsible party. Every department has its specific applications so "every puppy dog must have an owner," he said. Individual departments can own SaaS apps, like HR, finance and sales, but not without IT's expertise.
  • As the move to the cloud hastens, uncontrolled SaaS applications threaten agility. There may come a point where an application is unable to perform an unknown future function, said Heiser. Agility is the biggest negative impact of SaaS because line of business users may not be able to add future value. 

Dive Insight:

Because SaaS applications are easy to acquire, line of business employees are purchasing and running them without oversight. Governance from IT provides a holistic approach to SaaS and ensures growth that is strategic, measurable and monitored. 

"The line of business often has an immature concept of what an application is," said Heiser. Contrary to what line of business employees believe, applications are not a "static thing" that exist outside of IT's help.

Heiser has a stern view of SaaS vendors. He said they have a "core competency in avoiding [CIOs], which is where cost overruns" and threatens security and IT controls. Compliance and regulation are also at risk when the IT department is unaware of apps running in their networks.

When SaaS is not treated "like a puppy dog" and trained appropriately, it can get unruly and expose a company to a wide range of implications. SaaS users can share any data on the web, cost is unknown, there is no calculation of availability risk and sometimes there are no APIs to help build scripts or integrations, according to Heiser.

By divvying up applications by owners in individual departments, IT can have a better understanding of where risk is. IT also needs to perform formal risk assessments for SaaS applications to understand what data is being used and where it is stored.

The most challenging part of controlling SaaS applications is maintaining an inventory. The first step is to look for "unsanctioned" applications, said Heiser. Once approved applications are accounted for, IT periodically checks in with the app's "owner" to confirm compliance with formal policies.

It's not the job of IT to always say "no" to new tools that could boost productivity. It is, however, IT's job to police non-technical employees and create boundaries.

Filed Under: Security, Software

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell