Mark Settle is no stranger to shadow IT. In former roles as CIO of research firm IHS and BMC Software he had to combat employees consuming cloud software without his permission. That's one thing he doesn't have to worry much about in his new role as the first CIO of security software maker Okta, where the IT operating model consists of 150 SaaS applications.\nAt a time when most of Settle's peers talk about getting out of the business of running IT infrastructure and data centers, he's joined a startup that runs entirely on SaaS applications as well as cloud infrastructure from Amazon Web Services. That means Settle will no longer have to beg for cash to upgrade storage or lease more data center space.\n \nOkta\u2019s CIO Mark Settle.\n\n"Everybody is at some stage of their cloud journey and one of the real attractions of coming to a company like Okta is that it's like landing at the end of the rainbow," Settle tells CIO.com.\nIdentity-as-a-service is booming\nThere\u2019s a lot of competition at the end of that rainbow. Microsoft, IBM, Centrify and several others toil in the crowded market for delivering identity management services, such as single sign-on and the increasingly important multi-factor authentication, as a cloud service. Okta is valued at $1 billion, thanks to $230 million in funding from the likes of Andreessen Horowitz and other VCs. It counts 2,500 customers, including Western Union, Pitney Bowes and Experian. Gartner says that 40 percent of identity and access management purchases enterprises make will come via the cloud delivery model by 2019, up from 20 percent in 2016.\nThat success and growth has necessitated some "adult supervision," Settle says. He must institute IT governance for 800 employees who enjoy an unfettered BYOD policy and acquired and implemented their own SaaS apps. While this democratic approach has kept Okta's employees happy and (be productive, it's also created redundancy. Its marketing, legal, IT and HR departments use a variety of services, ranging from HipChat to Evernote to Microsoft SharePoint and Box. The collaboration stew has made collaboration difficult.\n"It\u2019s like the European Union \u2013 we have too many conversations that go on at the company within the confines of collaboration tools,\u201d says Settle. \u201cWe need to swallow hard, pick some winners and losers and some people are going to have to change their day-to-day activities to get some benefit out of it.\u201d\nSettle must win over departments accustomed to procuring their own solutions with the promise of services they cannot render themselves, including data management, enterprise application integration and information security. In effect, he must centralize a decentralized and fragmented IT landscape. This entails instituting change control procedures, in which his department will make changes to Workday, NetSuite, Zuora and Concur, according to evolving business requirements.\nWhy governance is essential\nIT governance is necessary for native cloud company, Settle says, because when employees make too many changes to too many systems without informing key stakeholders, the business may wade into some issues with respect to order management, revenue recognition or even expose private employee data.\n>> 2016 CIO 100 Award Winning Projects <<\nIT procurement processes can take months, which can encumber rather than empower the business. Settle plans to install an IT procurement specialist to take the lead on acquiring new technologies, along with a team for screening emerging tools. "You don't want to slow that process down but you do want to have a consistent checklist of questions so you get the best bang for the buck," Settle says.\nSettle says he\u2019s aware of the irony of working backwards, ostensibly rationalizing solutions and rolling up the survivors under traditional IT management buckets. "I'm the shadow IT for the organization at the moment," says Settle with a chuckle.\nSettle joined Okta last month from IHS, where he had worked since 2014, scaling out infrastructure, accelerating a data analytics strategy, and creating iOS and Android mobile apps. Prior to joining IHS, Settle spent five years at BMC, where he also built big data and mobility solutions to support IT service delivery.\nOkta recently launched a new API access management product and retooled its provisioning service to make it easier to change employees' permissions within a company. It also inked a deal to become Alphabet-owned Google's top ID management partner for businesses consuming the search giant's enterprise collaboration software.