External vs. internal resources -- what's the difference?
Users generally do not understand the distinction between internal and external resources to begin with, because in many cases they're functionally identical. Pulling up a browser to access an internal application and pulling up a browser to access an external application amount to exactly the same thing to a casual user. They do not see the distinction, and they frankly don't care. All they know is that they have a need for a solution, and they believe they have found one that did not require IT's involvement.
We all know there's a good reason IT needs to be involved. There are underlying concerns in any application, SaaS or not, that need to be fleshed out, understood, and placed in relation to existing IT resources and policies in order to account for potential problems. There are bottlenecks and incompatibilities that will appear sooner rather than later. They might represent a relatively small bit of planning on the front end, but will require massive effort to remedy on the back end. However, that kind of thinking isn't on the radar here.
In many organizations, this is partially IT's fault. Unfortunately, in the minds of many business users, IT is the embodiment of "no." Getting IT to implement new business apps and frameworks sometimes feels like pulling teeth, and it requires months of meetings, lots of raised eyebrows, and more roadblocks than seem possible. In some organizations, IT's main goal appears to be to keep everything exactly as it is, change as little as possible, and grudgingly invest time and effort into new endeavors. Luckily, that's not every IT department, but I'd wager that behind-the-scenes SaaS use is higher in organizations with that intransigent IT mind-set than in organizations with an evolved IT department that plans ahead and can rapidly deploy solutions that will become a functional cog in the machine.
Regardless of how it comes to pass, IT needs to deal with this broadside. While there are many advantages to SaaS, there are also many pitfalls. The space is too new and unstructured to deliver what IT really requires: a framework for codified and centralized authentication, authorization, management, and data pathing that can tie a SaaS app to an enterprise without exposing either to security or functional risks.
Given enough time, we might see such a beast, but in the meantime, it might be a good idea to inspect your edge for the presence of SaaS apps and begin an inquiry into their use. At the very least, we need to know who's shooting at us before we can begin to respond.
This story, "Wake up, IT, and get a grip on SaaS," was originally published at InfoWorld.com. Read more of Paul Venezia's The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.