Last month, we released our 2017 State of the SaaS-Powered Workplace Report. Our survey of over 1,800 IT professionals revealed that SaaS adoption is reaching dizzying heights. Companies use 16 SaaS apps on average today—up 33% from last year—and 73% of organizations say nearly all (80%+) of their apps will be SaaS by 2020.
Our report also covered a sort of historical tug-of-war between IT and other departments when it comes to control, i.e., deploying and managing software. Here’s the slide from the report:
In the 1990s, IT was in complete control of its environment. It was building, deploying, managing, and supporting on-premise software. But the early aughts saw big consulting firms, not IT, leading software implementation. (The title of a 2001 TechRepublic article reads “How to Install ERP Without IT.”) In recent decades, the SaaS explosion (and ensuing shadow IT) exacerbated this loss of control as well. Today, IT is finally beginning to come full circle in terms of regaining control over its environment.
But what did the loss of control mean for IT back then? And what will the retaking of control mean for IT in the future? We wanted additional context and a deeper understanding of what these shifts entailed, so we turned to Eric Smits, Technology Architect in the Corporate CIO Office at Cargotec Corporation, to get his thoughts on the topic. Smits, who started his IT career in 1984, has over 30 years of experience in the industry and has seen it all.
Smits chatted with us about what he agreed with on the slide, what he disagreed with, and where he sees the future of IT heading. Here are three takeaways:
1. The first shift in control didn’t start in the 1990s. It actually started much earlier.
“The first thing that was most evident [when I saw the slide] was: You didn’t go far enough back in history,” says Smits.
He points out that the first transition of control from centralized IT to end users actually happened in the 1980s, when the PC was introduced.
Smits, who managed IBM midrange systems when he first started working in IT in 1984, says that everything was truly, fully in IT’s control back then. IT managed a centralized system that users couldn’t access. But when the PC was first introduced in 1981, “end users started to load their own applications on the PCs. Lotus 1-2-3 was one of the more popular spreadsheet [programs] at the time. That’s when users became more involved in selecting the applications that they were using and managing the data and the applications themselves,” he says.
2. Back to the future: The burden of responsibility shifted to the end user back then, which has happened today as well.
“What occurred during that time period [the PC era] is that you had a group of individuals in an organization who weren’t necessarily trained in the best practices to take care of some of those administrative tasks, like managing access control and backup—some of the normal housekeeping of managing IT systems,” says Smits.
It’s déjà vu all over again. When end users circumvent IT, installing and managing SaaS applications on their own, it can jeopardize a company’s data security.
Smits notes that the weakest link in general is the end user. It’s not a criticism of the end user, he says—end users simply don’t know how to behave in order to secure an environment properly. After all, it’s not their profession to understand things like IT security, or security in general.
3. IT is indeed starting to regain control.
“We’ve reached the point where there are so many SaaS applications that a lot of companies have recognized that control needs to be regained—if for no other purpose than the administration of those environments,” Smits says. “A lot of companies are using access control front ends to automate the provisioning and deprovisioning of those environments. I think a lot of companies realize the risks around self-managing SaaS applications.”
Smits cites improper offboarding as an example of one of those risks, where somebody leaves the organization but still retains access to their accounts. “That’s probably one of the more prevalent security risks that exist today. In terms of very real, everyday risk, normal human error around these sort of activities present the greatest daily exposure [risk] for the organization.”
For IT and the business to work harmoniously together, IT must regain control over what it does best: understanding data structures and how to store information efficiently and effectively. The business can choose the way they consume the data, applications, platform, etc. According to Smits, therein lies a healthy relationship between the two sides of the house.
And what’s in store for the future of IT? “Securing data, combined with the ability to integrate the data relationships well, is really the next generation of what we see coming,” says Smits. “That’s the strength of IT. They can understand that piece of it and can manage that well for the business.”
What are your thoughts on IT coming full circle? Agree? Disagree? We’d love to hear your input in the comments section below.