by Mark Settle

Application proliferation – the lurking crisis

Opinion
Nov 15, 2019
Application Life Cycle ManagementIT LeadershipSaaS

There are literally thousands of SaaS applications that can be used to manage almost every aspect of a company’s internal operations. On a bad day it may seem as if your company has purchased all of them! Here are some tips on how IT organizations can provide responsible application oversight even in the absence of direct application ownership.

Historical wars regarding the comparative benefits of monolithic business application suites versus best-of-breed applications are over. Best-of-breed won. Nowadays there’s a specialized application for almost everything. Barriers to acquisition have waned (or disappeared altogether) and functional teams outside IT routinely purchase applications with little or no IT support, frequently without IT’s knowledge.

Most companies employ 10-12 large application platforms to manage their finances, human resources, sales and marketing activities, customer support, supply chain, retail store operations, etc. Each of these major platforms is embroidered with a variety of highly specialized apps that leverage platform APIs to extend and supplement a platform’s capabilities. This results in a long tail of dozens or hundreds of SaaS services that are being acquired and administered in a highly fragmented fashion.

What is IT’s proper role in this brave new world in which it has incomplete knowledge of what is actually happening and ambiguous authority to do anything about it?  It would be easy enough to step back and focus solely on the administration of utility applications such as email, file sharing, texting and videoconferencing. But this would be an abdication of IT’s corporate responsibilities and probably career limiting as well.

Control levers

IT has five control levers it can potentially use to exert some degree of oversight and influence on the proliferation of SaaS applications. It rarely has the authority to prescribe standards or solutions to its business partners, but it can use critical information (and a large helping dose of personal charm and charisma) to influence their thinking on the purchase, deployment and use of such applications. These five levers are summarized below.

1. Map business-critical data flows

Inaccurate, inconsistent and unreliable data will cripple the internal operations of any corporation. Data issues create confusion, waste staff time and can potentially jeopardize customer relationships. It would be hard for any business executive to contest IT’s right (responsibility?) to have a complete understanding of the critical data flows within the corporation irrespective of whether IT controls the systems containing such data.

2. Follow the money

Corporations are finding it increasingly difficult to maintain an accurate inventory of the applications they’ve purchased; how much they’re spending and who is responsible for individual apps. IT can and should become a reliable source of such information. A simple compilation of application costs, ownership and contract renewal dates will enable your company to proactively prepare for renewal negotiations instead of scrambling around at the last minute. I can’t think of a single CFO who wouldn’t personally endorse (demand?) the compilation of such information.

3. Safeguard the corporation

Most functional teams have limited understanding of the regulations and industry standards that govern routine operations. Let’s face it: they don’t know what SOX, HIPAA, ISO, FedRAMP, GDPR, PCI, PII, FERPA, etc. are all about and they frankly don’t care to learn. When IT constructs the application inventory referenced above, it should also flag applications that fall into the scope of these various regulations and standards. It also goes without saying that IT needs to secure their company’s intellectual property as well.

4. Get more bang for the buck

Functional teams will make investments in integrating applications that support their needs but are unlikely to integrate their systems with applications used by functional teams that operate upstream or downstream of their responsibilities. Application vendors are scrambling to expose more and more of their functionality and data to their customers via APIs. IT can proactively get more bang for the buck from existing SaaS investments by simply maintaining an application integration team that exploits these APIs to expedite the cross-functional exchange of data and information. Automated exchanges of cross-functional information can reduce labor costs, improve staff productivity and eliminate errors.

5. Report on utilization

If functional executives don’t know the full suite of applications their team is currently using, they’re probably even more in the dark concerning the usage of individual apps. IT typically employs enterprise-wide tools to govern the access to individual applications. Consequently, it has insight into the actual usage of subscription licenses relative to the number of licenses that have been purchased and deployed. Utilization information might cause a business executive to think twice before adding another application to their portfolio and might also cause them to review current allocation policies (i.e. does everybody in Marketing really need licenses to three different project management tools?).

Stewardship is the new normal

A steward is someone who manages or looks after someone else’s property. That’s the new role that IT needs to embrace in managing the crazy quilt of SaaS applications that is being stitched together in every corporation.   

The controls listed above can provide IT leaders with the information they need to become good stewards of their companies’ application portfolios. However, if they wish to become effective stewards they need to develop constructive, collaborative ways of delivering this information to the business executives that are paying for these services and administering them.

IT may be able to provide informed advice about ways to use software subscription licenses more cost effectively, ensure appropriate safeguards are in place to protect the corporation and achieve more bang for the buck from existing subscriptions but the authority and responsibility for acting on these suggestions ultimately resides with the business executives that own them. Mutual trust and respect will be needed to persuade business executives to act on IT’s recommendations. A little tact, charm and charisma on the part of the IT leaders delivering such recommendations would hurt either!