According to Gartner, by 2017, in large organizations, at least 65% of new integration flows will be developed outside the control of IT departments.
For years, IT and Business have been debating on what should prevail:
- “Quick time to market” leading to “one-shot” and “quick and dirty” developments?
- Or “control and governance” leading to long projects with sustainable architecture but missed revenue opportunities?
Business has always been asking for IT to be more agile while IT has always been asking business to be more consistent with their requirements on the mid-term. This dilemma is due to different approaches: on one hand, the revenue generation, on the other the risk management.
The emergence of Cloud applications, aka SaaS (Software as a Service), has changed the deal. Now business users can browse the Internet, find the software they need and create an account in a minute with simple use of a credit card. The monthly fee that will be charged will then be easily refunded as regular company expense.
For small companies, this approach is really efficient: reduced need for internal IT, no more server to maintain, no more failure with access to the service 24/7 across the globe with no impact on performance, pay-per-use model leading to simpler accounting. When I was running my own business, we had no internal IT and used:
- DropBox for file sharing
- Gmail for mailbox
- Google Apps for Collaboration work
- An online SVN code repository and later GitHub
- OVH (leading French hosting provider) for your running our product
- Pipedrive for sales force automation
In order to administrate our production environment, we signed a contract with a system administrator freelancer who was in charge of administrating the platform and providing, managing incidents and providing configuration expertise when needed.
For larger companies, this also brings real value but there are clear impacts on IT governance: who is in charge of all those systems? Are those systems mapped somewhere? How critical are information stored in those SaaS applications? Is it compliant with internal/external regulatory rules? What is the procedure when the owner of the credit card leaves the company?
While not being able to stop adoption of such applications, CIOs need to mitigate the risk within their company. Largest SaaS providers have understood it and embedded into their sales strategy; Salesforce, account managers, for example, can extract the number of users in their target account who have opened a salesforce account and then use the summed subscription fee as a strong argument in face of the CIO to negotiate a corporate license.
Once the CIOs are able to take control of the SaaS applications within their company, the journey is not over, goal is to create additional value out of it and justify why this is so important for such applications to be governed by IT. How can this be achieved?
- First, this is important to manage accounts of those apps: how to register a new user or delete an account? The easiest way is to integrate this with the existing corporate LDAP to use the existing user management processes.
- Then, leveraging data stored in those apps and synchronize them in a secured way with the existing on-premise applications is key to create a seamless IT architecture. A Cloud Integration Gateway (aka API Gateway) is the right technology to secure the channel, bridge identity and mediate format.