What No One Tells You About Managing SaaS Environments: 6 Guiding Principles for IT Success
January 19, 2018
5 minute read
Today, SaaS is the system of record.
Organizations are trusting their mission critical data—like employee, customer, identity, and finance data—to SaaS applications. But as the world shifts to SaaS, IT is finding that SaaS best practices do not exist. There’s no ITIL for the modern SaaS environment; there’s nothing to learn from.
And there’s a lot that nobody tells you about SaaS management.
This week, BetterCloud founder and CEO David Politis hosted a webinar titled “What No One Tells You About Managing SaaS Environments: 6 Guiding Principles for IT Success.” The webinar was based on his book, Controlling Your SaaS Environment: A Six-Part Framework for Effectively Managing and Securing SaaS Applications.
We developed these six guiding principles using insights from thousands of interviews, surveys, and conversations with IT professionals who are deploying and managing SaaS apps.
In the webinar, David reviewed all the SaaS management principles and best practices you should know but nobody tells you about. If you missed it, here’s a recap.
59% of viewers taught themselves how to manage SaaS apps.
To kick off the webinar, we asked our audience how they’ve learned to manage SaaS applications:
The results weren’t surprising. The majority of IT professionals are teaching themselves about SaaS; there is no expert or institution to learn best practices from. Best practices have to be defined. That’s where our guiding principles come in.
Guiding Principle #1: Centralization
The foundational challenge found in all SaaS environments is data sprawl. Organizations used to be homogeneous; they were purely Microsoft/IBM/Google shops. But today, organizations are using dozens of best-in-class SaaS apps. As a result, data is massively sprawled across multiple SaaS applications.
The first guiding principle is centralization. IT must bring all of this data into a single place and normalize it in order to get their hands around it.
There are so many different types of data objects (files, users, groups, calendars) and they all live in multiple different places (Google Drive, Box, Slack, Salesforce).
Fundamentally, IT must be able to see everything in one place. So the first step to effective SaaS management is to centralize all your data in one view.
Guiding Principle #2: Discoverability
Once you’ve centralized your data, the next challenge is finding important data and making sense of it. If you have several hundred employees, then you have millions of data objects in your environment: users, groups, files, third-party apps, etc.
Thus the second guiding principle is discoverability. IT needs the ability to take a massive data set and sort and filter it quickly. For example, can you easily discover all the admins who haven’t logged in 120+ days? Or which users don’t have 2-factor enabled? Or which groups are publicly visible?
Guiding Principle #3: Insights
Think of all your users in front of their computers all day. They’re sending hundreds of Slack messages, adding Chrome extensions, sending emails, sharing files. The amount of activity is massive. But imagine if IT was alerted every time an email was sent or a file was shared—they’d be overwhelmed by the sheer volume of alerts.
This brings us to our third guiding principle: insights. IT needs a way to boil down all that information and only surface the important alerts at the right time. For example, IT might want to be alerted only when spreadsheets containing credit card information are shared publicly, not when any file is shared publicly.
A good mantra for alerts is quality over quantity. This can mean all the difference between a secure environment and one that’s breached. Alert fatigue is a real threat and that’s exactly how data breaches occur. (Remember, the 2013 Target data breach occurred because of alert fatigue—IT admins ignored multiple alerts.)
Guiding Principle #4: Action
Having all of this SaaS data is good, but that’s only half the battle.
Our next guiding principle is action. Once you have centralized data and effective insights, you need to be able to take action and make changes (whether that means a single action, bulk action, or action across SaaS apps).
Many native SaaS admin consoles do not provide the ability to take bulk action, whether it’s across a set of users, groups, files, third-party apps, or devices. Managing SaaS means a ton of repetitive, manual tasks (think onboarding, offboarding, user lifecycle management). These repetitive tasks are paralyzing, frustrating, and they also prevent IT from focusing on value-add work. The ability to take action en masse can make a huge difference in terms of time savings and productivity.
Guiding Principle #5: Automation
Finally, we reach the pinnacle of our framework: automation.
Automation is the ability to, well, automate work and create workflows and policies. This is not easy to do—it takes time to get approval, build automations, test them, and iterate on them. Automation doesn’t just happen overnight. But IT can start automating repetitive tasks that are prone to human error, like onboarding and offboarding. Automation gives IT the ability to respond quickly if there’s a breach. If you don’t have automation set up to automatically remediate violations, then it could take days, weeks, or even months to respond.
Guiding Principle #6: Delegation & Auditability
Lastly, our sixth guiding principle, delegation and auditability, is the wrapper that goes around the entire framework.
By delegation, we mean the ability to create granular access roles and delegate admin permissions to others in your org. What’s key is delegating the least amount of access people need to do their jobs—aka implementing the least privilege model, which is a security best practice.
Very often, users will request elevated access for a task or project. You shouldn’t give them super admin (essentially, root) access, but IT often has no choice. The users end up keeping super admin access for weeks, months, even years, and this overassignment of super admin access becomes dangerous.
Auditability, on the other hand, means the ability to audit what all your users are doing. This kind of accountability is critical across SaaS apps.
91% of viewers are not closely following this framework yet.
We also asked our audience how closely they were following the framework outlined in this webinar:
Again, the results weren’t surprising, since best practices for modern SaaS environments do not exist yet. But as organizations continue to adopt SaaS, they will need a framework and best practices to guide their SaaS management.
We launched our new BetterCloud platform at the end of 2016, spending almost 2 years and $20 million building it. We designed our product based on this framework, not the other way around. To learn more about how you can implement this framework in your org, visit https://www.bettercloud.com/product/.
To watch the entire recording of this webinar, head to https://www.bettercloud.com/monitor/webinar-6-guiding-principles/.