MDM Tamed the Explosion of Mobile Devices. But What About SaaS?

This article originally appeared on CIO.com. 

There seems to be a recurring pattern in enterprise IT. It looks something like this:

1. Incredible new technology is introduced. It changes the way people work. Organizations rush headlong into it and adoption soars.
2. Unforeseen risks and challenges arise. People take a step back and start to realize, “Hmmm. Actually, we don’t know what we don’t know.”
3. Solutions emerge to address those challenges and are widely adopted.

It happened with MDM

Let’s take mobile device management (MDM) for example. Remember when employees began receiving corporate email on their PDAs in the late 90s/early aughts? It transformed the way they worked. Employees embraced it wholeheartedly.

“A revolution—whether it’s called teleworking, remote employees, or the mobile workforce—has occurred,” wrote Computer Weekly in 1999.  “All sorts of companies are finding mobile internet technology surprisingly useful,” mused the Economist in 2001.

And then, a few years later, as mobile devices proliferated, security risks emerged alongside them too.

“Lost a Blackberry? Data Could Open a Security Breach,” warned one Washington Post headline in 2005.

Suddenly IT had to consider a whole slew of security questions: What happens if mobile devices are lost or stolen? Or if people jailbreak their devices? Or download unapproved or malicious apps? How can IT enforce security policies? Like a game of whack-a-mole, one security issue would spring up, only to have two new ones pop up right after.

IT leaders began realizing there was a need for tools that could monitor, manage, and secure laptops, smartphones, and tablets. Accordingly, MDM solutions hit the market and took off like wildfire. Gartner released its first MDM Magic Quadrant report in 2011. MobileIron went public in 2014; VMware acquired AirWatch for $1.54 billion in 2014.

The idea of deploying a mobile device today without an MDM solution is unthinkable.

The exact same thing is happening with SaaS today

History is repeating itself—except this time around, we’re rushing headlong into Software as a Service (SaaS) applications. Companies use 16 SaaS apps on average today, up 33% from last year. Seventy-three percent of organizations say nearly all (80%+) of their apps will be SaaS by 2020. That’s not surprising, given how SaaS has revolutionized the workplace. They’re inherently designed to boost productivity. They’re killing email. They allow us to work from any location, on any device, and collaborate in real time with just about anyone.

But like the MDM example, security risks are popping up unexpectedly. Data is being exposed in ways people didn’t even realize was possible. Corporate data can slip out via Google Calendar. Last year, a simple configuration error in Google Groups caused hundreds of companies to accidentally expose PII and private emails. A government tech team landed in hot water by connecting Slack to Google Drive, which unknowingly exposed data for five months. When it comes to securing SaaS data, IT currently is plugging a leaky pipe that, unbeknownst to them, is also leaking in a dozen other places.

Only now is IT starting to realize all the heightened security risks that accompany SaaS apps (see Fast Company’s Why Slack, Chatbots, And Freelance Workers Have Your IT Department Freaking Out). Ironically, it’s all the awesome things about SaaS—the openness, the ease of collaboration, the ability to work with anyone—that create these security problems. Users have a lot of control and can share data easily, but by the same token, data loss, leakage, and breaches can also occur easily.

However, it’s important to note that this is not IT’s fault. SaaS is too new for there to be any industry best practices or official certifications yet. Seventy-eight percent of IT professionals are either teaching themselves how to manage SaaS apps or are just getting started. You simply don’t know what you don’t know.

We’re at a tipping point now with SaaS management

So, what’s next following this recent spate of data breaches and security issues related to these collaboration tools? Amidst data breaches, general confusion, and a lack of SaaS best practices, what is IT to do?

We saw it with MDM, and we’ll see it again with SaaS. As the mainstream moves to SaaS and standardizes on 100% cloud, we are just hitting a tipping point now. The security risks are too great—the stakes too high—not to adopt some type of management solution. A new market will rise to meet these challenges, and solutions will be widely adopted. And if history is any indication, we know how this story will play out.