Jim Brennan, BetterCloud: "the pandemic exacerbated the existing challenge of managing and securing applications"
The adoption of communication and other applications has grown significantly since the pandemic introduced new work-from-home models. Companies were pushed to either introduce new applications or increase the use of existing ones in their workflows. Yet, it became more challenging than before to secure and manage them effectively.
Unfortunately, IT staff cannot process the amount of administrative work that the adoption of new SaaS apps creates. So, it significantly reduces the productivity of employees and even creates security risks.
So, Cybernews asked the Chief Product Officer at BetterCloud, Jim Brennan, to explain what are the best ways to provide necessary support for employees, what’s today's role of the IT staff department, and how a SaaS management platform can help with security challenges.
You started very early on the SaaS journey. Can you tell us about your trajectory?
From 2010 to 2012, I was with SecureWorks, a managed services provider for security (MSSP). We were essentially a Software as a Service (SaaS) before the MSSP space even called it SaaS. Later, I joined IBM. I was involved with converting a host of on-premises products into SaaS applications which was no easy task. It was that role that showed me how complex SaaS was and how unprepared companies were to embrace, manage, and secure this new wave of applications.
SaaS has grown a lot since BetterCloud made its debut. Can you tell us the problem you solve and how it’s changed?
SaaS poses two problems for IT. Firstly, the growing number of SaaS applications deployed creates unmanageable amounts of administrative work for IT. Secondly, most security teams have little or no visibility into how sensitive business data and files are managed and who can access them.
We got an early start in SaaS as a company and our CEO, David Politis, got his start in SaaS before he even started BetterCloud. We watched as SaaS took hold with the rise of Salesforce in 2004 when the cloud was a revolutionary concept. We saw the best productivity applications make their way into our everyday work lives, from the introduction of Google Apps in 2007 to the launch of Microsoft O365 in 2011.
Today, there’s a best application for virtually every work function. The world uses Slack and Zoom for communication, Dropbox and Box for file storage, and hundreds of SaaS choices for finance, marketing, and every other department.
The pandemic pushed many of us to work from home. How did that affect SaaS adoption and, consequently, turning to BetterCloud?
Arguably the greatest inflection in SaaS adoption came with the pandemic. SaaS was very impactful before the pandemic, but the shift to remote work underscored the many ways in which SaaS can play a critical role in people’s productivity.
SaaS made the transition to remote work possible. It pushed organizations to embrace new applications and increase the use of existing ones.
The problem is that the pandemic exacerbated the existing challenge of managing and securing the applications themselves. As the number of SaaS applications a company employs grows each year, so does the amount of operational administrative work. That includes onboarding and offboarding employees, setting and managing permissions and privileges, and securing data to ensure it remains within company walls. And IT simply wasn’t prepared to handle the uptick in adoption.
You serve IT. How did the pandemic affect IT departments?
IT teams were already stretched thin before the pandemic. It’s worse now with growing SaaS workloads and understaffing. According to Forrester, nearly 70% of IT workers don't have the time for security-related projects due to the demands of their workloads, and over 50% can't fulfill their regular responsibilities.
What are the biggest misconceptions companies have about SaaS security?
The first misconception is that the responsibility for SaaS-related security falls to the security team. Historically, IT teams managed SaaS applications, and they still do. Naturally, managing SaaS security falls under their purview given they are responsible for provisioning and ongoing application management. That’s why the SaaSOps movement is coming into play now and encourages IT and security teams to increasingly align and collaborate.
The second misconception is that SaaS security can be easily solved by simply managing permissions and privileges. SaaS applications have grown increasingly complex in functionality, making the task of protecting data much more difficult.
How do you see workforces evolving? And how has IT had to adapt to make sure they are providing adequate support for employees?
The hybrid work model is trending strongly in most industries. SaaSOps serves employees very well in all modes, and for remote work, we give organizations an extra layer of control and protection.
What are some common misconceptions about IT’s strategic role in the enterprise today?
In my opinion, the true contribution and potential of IT are unrecognized by most companies. In fact, IT gets the bad rap of being a cost center that handles low-value tasks. This is the case at many companies, unfortunately. I’d like to see CEOs tell CIOs: “Do whatever’s necessary so your people spend just 25% of their time on maintenance and keeping the lights on – tool up, automate – but we want 75% of your resources on digital transformation and creating more revenue for this enterprise.” IT should be seen as a strategic group that allows businesses to become more agile, proactive, and nimble, and not a tactical arm of the company.
What should CIOs/IT departments think about in the next few years as the SaaS application stack continues to grow?
Because SaaS will only continue to grow, it’s critical to lay out a framework. That entails defining a foundation of SaaSOps policies – rules for onboarding/offboarding, file sharing, lost devices, compliance, etc.
Secondly, with policies in place, run audits and review your SaaS apps. You may uncover policy violations that you need to mitigate across departments.
Thirdly, share knowledge and collaborate on SaaSOps matters across departments as much as possible. That’s a common theme we hear every year at Altitude, our customer conference.
For example, to build a robust offboarding policy in BetterCloud, you'll need input from legal, HR, etc. The more complex your SaaSOps environment gets, the more you need to work with other departments. If you understand other people's workflows, you can get a budget for tools more easily, demonstrate credibility, and break out of your IT silo. Collaborating with other departments and forming alliances are the most impactful best practices.
What does the future hold for BetterCloud?
Without talking specifically about our roadmap, we see the potential to add great value for our customers with guidance and recommendations – generated from our applications and data – on how to leverage and better protect their SaaS infrastructure. We are very excited about helping to unleash the potential of people and entire businesses, enabling them to work more effectively. Stay tuned to BetterCloud.