I recently read an article in USA Today about the escalating concerns within a widening array of organizations over the growing security risks associated with today’s social networks.
My sense is the article was prompted by the annual RSA Conference that was taking place the same week, bringing thousands of security professionals and vendors together to talk about the latest threats and new technologies to combat them.
Corporate concerns about potential Internet security risks have skyrocketed, not only because of Facebook, Twitter and other popular social networking tools, but also as a result of the rising unilateral adoption of Software as a Service and other cloud services by business end-users without the authorization of corporate IT.
This “consumerization” of IT phenomenon has been well-documented by various research firms and industry publications. Yet, it was vividly brought home again for me at an advisory board meeting I recently attended, when a seasoned CIO from a prominent fashion retailer reported that a quick poll of his strategic business units (SBUs) uncovered nearly 60 SaaS/cloud apps in use when he thought there might be “only” a couple dozen.
He was not only surprised to discover there were more than twice as many apps being used than he assumed, but also unable to say with 100 percent confidence even then that he had a full inventory of all the SaaS/cloud apps being used within his company.
While “shadow IT” is a big problem for a lot of CIOs and IT departments to control, the other CIOs attending the same advisory board meeting said they were willing to work with their SBUs to more systematically adopt proven or promising SaaS/cloud apps to meet their needs. However, they were facing stiff resistance from other players in the CXO suite.
Many corporate risk officers are still unwilling to approve the use of SaaS/Cloud apps because they can’t determine how to safeguard against potential security vulnerabilities and liabilities.
More interesting is the surprising number of CFOs who are opposed to adopting SaaS/cloud apps because they would rather continue to rely on legacy software and systems.
That approach permits companies to make big capital investments that are more appealing than pay-as-you-go operating expenditures — from a strict profit-and-loss perspective — on financial balance sheets.
Decision-Makers in the Dark
So, while there are still plenty of “server huggers” among IT staff who are determined to beat back end-user attempts to acquire SaaS/cloud apps, in some cases IT is enlightened and willing to accept these apps, while other corporate decision-makers are constructing barriers to adoption.
Overcoming these obstacles to take advantage of the potential benefits of SaaS/cloud apps isn’t easy. It takes a concerted effort by corporate end-users and executives.
The most successful of these efforts is led by a cross-functional steering committee that establishes a set of policies and puts in place practical procedures that encourage the orderly adoption of SaaS/cloud apps, enabling the organization to achieve its business objectives.