With the rapid rise of remote work and accelerated adoption of SaaS, what can we learn from IT leaders who’ve already been managing and securing SaaS for years?
We thought it’d be fitting to recap one of our webinars from our “School of SaaSOps” series, where our panelists discussed their “SaaSOps stories from the field.” Rachel Orston, chief customer officer at BetterCloud, was joined by panelists Rose Layton, strategic technology partner at Strada Education Network; Jesus Ward, director of IT at SuperFly; and Marques Stewart, senior director, network & SaaS operations at Achievement First. Together, they shared their best tips and lessons learned during their SaaSOps journeys.
Where to get started?
Orston asked the panel for insights on the SaaSOps journey—in particular, how to avoid taking on too much early on, while driving the right level of momentum.
Ward: Have your plans out in the open, from zero to one, then one to 100, including how user migration to the cloud will occur and the security principles associated with it. Lay out your strategy to hit certain landmarks and make sure your environment becomes SaaSOps capable.
Layton: Prioritize quick wins. Begin with user-facing apps that don’t involve much back-end system work to migrate from on-prem. Such apps can be a starting point to enforce the value and user experience to various internal audiences, including senior management. Many organizations begin with easy user-facing systems such as VoIP phone systems, Zoom, and Slack.
Best-in-breed SaaS can help drive change
Stewart: When IT has held the keys to the kingdom for so long, relinquishing control can be difficult. But the beauty of a best-in-breed SaaS stack is that, while giving up control, IT teams are able to focus on what they do best, and it keeps them engaged. SaaS providers are always innovating, bringing on features you may want or ones you’ve never thought of. It’s important to be willing to accept that change and be able to change quickly.
Be proactive and listen to your organization. As technical pros, we can translate users’ requirements to application functionality. I’ve gone from conversation to concept in two weeks, which was unheard of before we went to SaaS.
How are teams evolving, and what’s an ideal team structure?
Ward: Look for experts who are proficient in scripting, automation, and user security management, as well as seeking out training to enrich your staff with these skills.
Layton: We completely reimagined the way that our department works. We used to have a traditional help desk and then systems administrators. As we got into SaaSOps and handling users and data, we found that those divisions weren’t helping us, so we undid them.
We have a corporate engineering department, which means each person who answers tickets is also fairly equipped to handle day-to-day SaaS admin. While they may not always be the expert on a particular thing, they’re empowered to be part of the process. We have also found that it gives people a lot of opportunity to grow and learn things they would like to. This reimagining was done because there were too many applications and too much upkeep for one sysadmin.
Taking on additional security challenges & finding balance
Stewart: Data breaches have become more common, which has increased awareness and understanding of the importance of security, making conversations easier. You must determine the pain threshold in your environment and implement that on top of your SaaS stack to have consistent experiences for end users.
Layton: The entire IT team must understand what security looks like for your organization, and help users understand it as well.
Ward: Consider various worst-case scenarios to assess your preparedness. Additionally, do your due diligence in investigating the reliability of your SaaS providers.
Stewart: Consider if it’s realistic to dedicate the time to tasks like backing up email. You may think you can do it, but have you done it in the last six months? Whereas Google and Microsoft are going to.
The value-add of SaaS: pain relief
Ward: When you use SaaS, you’re hiring the companies and engaging their engineering and feature releases. To create this from scratch would put you into an infinite loop of pain and punishment. Nobody wants that.
The complexity of SaaS on- and offboarding & black boxes
Stewart explained that offboarding used to work in isolated parallels, but in an ideal world, it would be streamlined. The HR system would connect to your identity resource and then populate to all other apps.
Stewart: In rolling out SaaS, I discovered how much the right hand didn’t know what the left was doing. To reach ideal on- and offboarding processes, you need to find those black boxes and break into them to figure out what’s going on.
Layton: It’s also about much more than creating and deleting users, but ensuring users have access to the resources they need, and what happens to their data at offboarding. The apps we use are still evolving to allow us to do more remotely rather than within the admin consoles themselves.
Ward: It’s important to meet with new hires, so they’re acknowledged and appreciated as humans. Give them a proper orientation to understand basics such as how to turn on 2FA and why, and recognizing common phishing attacks.
Biggest lessons learned & future goals
Ward: Lesson: Do random auditing.
Stewart: Lesson: Figuring out ways to increase the pain threshold in order to implement higher levels of security. Goal: Integrate on- and offboarding and mid-lifecycle processes as much as possible.
Layton: Lesson: Don’t underestimate your amount of technical debt. Goal: Create better conversations around change.