6 preconceived ideas (or not) about shadow SaaS
by Paul ESTRACH, Product Marketing Director at MEGA International
For a few years, SaaS solutions have seduced almost all organizations. Sometimes without even knowing it, since any employee can take out a subscription and access the solution without restriction through a simple browser. Uses that are invisible to IT and enterprise architects are not without risk, so let’s review preconceived notions and truths about shadow SaaS in organizations.
Shadow SaaS is the modern version of shadow IT
False – Shadow IT is a notion that has been identified and conceptualized for a long time in organizations. In most cases, its origins go back to the empirical and unstructured construction of information systems more than thirty years ago. This lack of rationalization has led to a loss of visibility on the existing system and therefore to risks and drifts, particularly in terms of costs.
Shadow SaaS is the use of SaaS solutions by business users, without referring it to the IT department. This situation is made possible by the intrinsic principle of SaaS mode, which combines functionalities and infrastructure in a single subscription, that business users can directly subscribe to. Shadow SaaS is therefore an element of shadow IT, which remains the most complex to track down because it is outside the IT department and its own budgets.
The only risk of shadow SaaS is financial
False – The financial risk is of course important: without visibility or management ability from the IT department, there are many redundant applications and unused subscriptions within the multiple business or support departments. But the risks on data are also major.
Starting with the risks related to personal data (“data privacy”). Without mastering SaaS applications, it is impossible to meet the requirements of privacy regulations (like GDPR) for example. This is particularly true when it comes to identify the uses, storage locations and processing methods of personal data within the organization.
In the same way, shadow SaaS can create risks for sensitive data: customer information, industrial secrets, etc. In this case too, the IT department must keep control of it to limit additional risks, particularly in terms of business or image.
The SaaS phenomenon is growing in organizations
True – Collaborative platforms, expense report management, HR tools, customer relationship management, instant messaging, conversational robots: many applications exist today to help business teams in their daily work.
Easy to access, with subscriptions that are often reasonable and sometimes even free for limited needs, these different applications do not require any intervention from the IT department to be implemented.
Moreover, there is generally no malicious intent from the users: from their point of view, it is just a way of being efficient quickly.
Most CIOs have sufficient visibility into SaaS applications
False – SaaS applications can be used through a simple browser and can be subscribed to directly by business teams, without any consultation with the IT department.
As a result, organizations of a particular size – especially large companies, but also some small and medium-sized organizations – can discover, during audits done with SaaS management platforms, that 60 to 70% of SaaS applications are completely invisible to IT departments. Those have partial visibility and are not able to manage and rationalize the applications used by the company.
Architecture jobs will evolve with the growth of SaaS
True – The enterprise architect will of course continue to carry out his or her main missions, especially analysis and consulting in transformation and optimization of the information systems.
On the other hand, the solution architect will focus more on business needs than on infrastructure issues – hosting, deployment, supervision – which will be increasingly delegated to external parties, given the very principle of SaaS.
As the risk is shifted to the external service provider, the challenges of architecture will focus on the definition of the business architecture, the functional layers, the rationalization of existing applications and functionalities – and less on the technological deployment aspects.
The risks of shadow SaaS will be limited to knowledgeable users
False – With users becoming more and more comfortable with digital technology, projections suggest that 80% of organizations’ applications could be used in SaaS mode by 2031 (compared to 17% today).
The risk of shadow SaaS spreading throughout the enterprise is therefore very real. It will only be contained if enterprise architects and IT teams have sufficient visibility to be able to manage all of these applications – and thus optimize their use and costs.
To do this, they will be able to rely on specific SaaS management tools (which 50% of organizations are already planning to implement by 2026 according to Gartner) and IT transformation planning tools. Future “SaaS Management Directors” will also emerge, positions that will undoubtedly grow in the coming years.
About the author
Paul Estrach is Product Marketing Director at MEGA International, with over 15 years of experience in the Enterprise Architecture practice. Prior to this role, he worked with a large number of organizations on their transformation projects, from process optimization to the evolution of their information systems, first as consultant then as Services Director for over 7 years.