The End of SaaS Management As You Know It
There’s a better, more compliant way to manage app- and permission-sprawl
Distributed staff. New hires. New roles. It all adds up to endless IT tickets, app requests, authentication resets, and of course, the kind of potential compliance nightmares that keep CIOs up at night. Sure, your SaaS implementation was supposed to help – as was your automated Role-Based-Access-Control (RBAC) protocol. But you’ve still got issues with over- and underprovisioning.
As a CIO myself, I understand that frustration, and the pressure it builds. Some days it feels like every “solution” we add also adds work for the IT or InfoSec teams when it’s supposed to do the exact opposite. And while the teams work through the issues, unfortunately, employees are left waiting instead of working. While users wait, they tend to come up with their own solutions and workarounds – which lead to more IT tickets down the road. Dealing with those tickets means less time spent on core tasks and, well, you can see where this is going.
So, even though RBAC simplifies onboarding, off-boarding, and everything in-between, it doesn’t seem to be doing much to drastically decrease IT ticket volume, even when combined with workflow automation and provisioning tools. For example, one particular, repeating sticking point is when users outgrow their initial roles, as defined by RBAC, and have to – you guessed it – submit a ticket.
“At the end of the day, we all just want to eliminate the tickets and improve IT customer service. Self-service is the answer.”
I know, it sounds like chaos on the surface. But, before you start picturing users loading their laptops and pockets like they’re at an all-you-can-eat app buffet, understand that what I’m talking about isn’t a free-for-all. We’ve already seen what that looks like through the combination of an extended pandemic, a dramatic increase in hybrid and remote employees, and an abundance of free or trial apps with little-to-no oversight. At Lumos, they call it the APPocalyse, and we’ve all seen some version of it (or worse, are living through it right now).
What I’m proposing is self-service with guardrails. Structure is a key element in the kind of self-service portal layer I’m talking about, incorporating roles, rules, and workflow. It works with what you’ve already got. Your protocols are still in place. Your SaaS doesn’t have to go anywhere. This self-service portal provides efficiency, plus it helps IT and InfoSec teams streamline on- and off-boarding, ensure security and compliance, and kill the IT ticket.
Picture it – a world where your new hires can hit the ground running with the apps they need, and departing staff get a clean break from the organization. A world where your staff can focus on core tasks instead of IT tickets, and the word “compliance” doesn’t give you cold sweats. And no matter how big your organization gets, your self-service solution scales with you. Hear that? It’s pressure being released. Your shoulders are more relaxed already.
Automating provisioning through IT self-service is possible, but it’s not magic. From curating apps and setting visibility to centralizing requests and educating users, it takes some effort, but the results are worth it. I even took a deeper dive myself and wrote an article to guide CIOs through the process.
Regardless, I’ve given this a lot of thought, and I believe that empowering users can – and will – make all our lives easier.