5 Things IT Pros Need to Know About SaaS Governance

Software as a service (SaaS) is a reality for IT shops of all shapes and sizes.  CIOs and other IT leaders need the tools to manage their sprawling portfolios of SaaS applications with the same rigor they use for on-premise software.

Here are five SaaS facts of life every tech pro should know.

1. SaaS is here to stay. Software as a service (SaaS) is well past the curiosity stage and the hype cycle, with many companies now using several or even dozens of cloud services to run their business processes.

The IT challenge now is figuring out how to govern a company’s growing SaaS portfolios with the same rigor and attention that’s given to on-premise software.

2. There’s an app for (managing) that. Software vendors are delivering more specialized SaaS products to help CIOs wrangle their cloud applications. Okta, for example, is a startup that provides a cloud-based identity-management platform that lets users sign into all their SaaS applications in one place.

It competes with vendors such as Ping Identity and with identity-management incumbents like CA Technologies. “The big gap I saw in the marketplace was that all the cloud companies were trying to sell directly to the business user,” says Okta CEO Todd McKinnon. “It became clear to me that at some point, the CIO was going to be asked by the company to adopt and manage all this stuff.”

3. It’s more than just tools. SaaS governance involves much more than a shiny new management application, says analyst R “Ray” Wang, CEO of Constellation Research.

“What’s often missing is the design of scenarios and use cases for the user roles,” he notes. “What you really want is to understand how information is accessed and then work back from there.”

4. Your users will thank you. Genomic Health, which develops diagnostic cancer tests, has aggressively adopted cloud applications–some 24 to date. The company is even moving to a cloud-based ERP, SAP’s Business ByDesign, says Ken Stineman, senior director of enterprise architecture and security.

Genomic implemented Okta and found it to be “one of those rare security initiatives” that made users happier, Stineman says. “It made the access easier, got rid of all the sticky notes and helps us out on the compliance side.”

5. There’s no turning back. For a long time, CIOs had a concrete sense of their IT environment’s boundaries, which usually took forms such as a secure data center or VPN. The advent of cloud computing and mobile access has expanded the company’s IT security perimeter. SaaS vendors in general have more work to do in areas such as data encryption, says Stineman.

As Genomic considers new investments with SaaS vendors, “we’re really doing a much more systematic evaluation to make sure they meet our goals,” particularly security requirements, he says.

Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.