Should you go around the IT department?

Replies to This Discussion

Permalink Reply by Duke Snyder on July 1, 2009 at 2:40pm

Pull an "end around" within any organization I am managerial stock and "your ass is grass and I become a mean lawnmower.
May i suggest you review our organizational chart and at the same time run your thought past your supervisor.

▶ Reply to This

Permalink Reply by Mike Seidle on July 5, 2009 at 2:16pm

Duke - I've watched many a CIO go down in flames when they decided to have a power struggle over an application that a business unit had a strong business case for having. SAAS makes it very easy to get what you need for your business unit and basically not exist to IT.

▶ Reply to This

Permalink Reply by Tino Marquez Jr. on July 1, 2009 at 3:34pm

Absolutely not. Some arguments...Many times the IT department is charged with performing security audits for the infrastructure including documentation of processes of new user setup, data retention, user deletion, etc. Going around the IT Department would cripple this function as they may be unaware of what SaaS solution you are using if you didn’t involve the Director of Technology or CIO in the evaluation and purchase of such software. Not to get too technical, but chances are if you did NOT involve your IT Dept in the purchase of your SaaS solution, the solution is not integrated with your user directory and when accounts are disabled in your organization it would now become the responsibility of the rogue department to make sure this user account was properly disabled.

Also, if you do not include IT management in this purchase (which I do not see how a legitimate SaaS would allow this to happen), you may be signing a contract for something that is not currently compatible with the current infrastructure to deliver and may not be in the IT Dept’s budget to acquire.

I read with much interest in the other thread how some of the posters seemed to have a very negative view of their IT dept. I would agree with Robby, that if you even contemplate going around the IT dept for technology purchases of any kind, including SaaS, these are signs of a bigger problem in an organization. While certainly it has to seem liberating for those who promote their SaaS services, that you do not need to “involve the IT dept” because it is all in the “cloud” , at the end of the day, the IT dept has the ultimate authority and responsibility for securing the corporate infrastructure and data and this includes the workstations and the networking gear that these rogue departments would use to access their SaaS solution.

▶ Reply to This

Permalink Reply by Patrick Sullivan on July 1, 2009 at 4:41pm

I'm with Tino on this one- way too many security problems circumventing the controls in place within the IT department (or information security management, if that rests outside of IT), procurement, etc, for system development, acquisition and maintenance. There will be defined control objectives and controls in this area in any recognized set of best practices for information security, and failing to implement and monitor these could be viewed as a failure to maintain reasonable security- especially where the software touched on regulated data. (The Federal Trade Commission has specifically said in its recent consent orders involving security breaches that the failure to maintain reasonable security is an unfair trade practice. Effective today is Indiana Enrolled House Bill 1121 which, among other provisions around ID theft, requires business to maintain reasonable security for personal information). There may also be organizational policies (sometimes driven by legal requirements or customer contract provisions) for vendor management, risk assessment and approval that could be circumvented by going around IT. And, any comprehensive information security program should have controls around third party service management and, of course, change control.

Certainly SaaS vendors (or other X as a Service- cloud vendors generally) don't want to become known for offering Vulnerability as a Service. But that's essentially what it becomes if the appropriate information security governance, risk management and compliance controls are circumvented. By the same token, organizations need to make sure they have those controls in place, and that they're managed and monitored. And it doesn't matter how big your business is, either. Yeah, security is often inversely proportional to convenience, but there's usually a good reason for that.

▶ Reply to This

Permalink Reply by Mike Seidle on July 5, 2009 at 2:24pm

The whole idea that you can do it better than a SAAS provider is bad advice to most businesses. Most IT departments are dramatically underfunded, chronically understaffed, can't keep up with software patches and often are overpriced compared to outsource vendors. For most companies the lowest risk path may be external because hosting providers, professional data centers and especially SAAS vendors are better at everything (privacy, security, etc...) you've mentioned above. An added bonus to middle managers: you get the bonus "blame the vendor" card when things go wrong, as opposed to the internal shift the blame game.

The game is changing for IT for lots of reasons.

▶ Reply to This

Permalink Reply by Robby Slaughter on July 5, 2009 at 2:29pm

I don't think the question is whether or not a company can do a better job of running a non-core IT function than a external service provider. Most everyone buys electricity from the power company instead of making it themselves. I think we can all agree that an IT services provider with an expertise in a small niche is going to typically do a much better job than someone in-house who is more general.

However, that's not the point of the question. Many SaaS providers are not trying to sell to IT departments, they are trying to sell blogging software to marketing, web-based CRM tools to the sales team, online financial tools to the accounting group, and issue tracking services to the support department. That's an interesting phenomenon, and I'm curious about your thoughts on going "around" the IT department.

So, what do you think about that?

▶ Reply to This

Permalink Reply by Mike Seidle on July 5, 2009 at 6:59pm

Robby - Enterprise software companies (and their SAAS cousins) market and sell around IT because IT is a business impediment in most companies. Enterprise software sales reps have been end running the CIO for decades for three reasons:

1. IT doesn't control the budget for, say the sales department. So the VP of Sales is the guy who will buy your CRM.

2. IT is slow to adopt new technologies. In fact, IT is often the most resistant part of the company to change. So, when you suggest implementing a blogging platform, IT sees it as change, erosion of control, new software to support, more work, and more expense often without realizing that there is a gain to the company. As a result, many organizations train salespeople to avoid IT until the initiative is running at IT like a fully-loaded 200 car freight train going downhill.

3. IT more often than not has little clout in the boardroom and cannot make big decisions. IT is a cost center that often rolls up the the CFO - so the CIO is "C" in name only. As a result, if your software doesn't help IT with something core like email or storage, the CIO has very little input in a purchase decision.

Hope that helps.

▶ Reply to This

Permalink Reply by Robby Slaughter on July 6, 2009 at 10:52am

All of this is true! But the question is, what does it mean?

Does it mean that IT is a dinosaur and eventually corporations will fully outsource IT to specialized providers?

Does it mean that corporations have tremendously poor organizational and authority structures?

Or something else?

▶ Reply to This

Permalink Reply by Mike Seidle on July 6, 2009 at 8:57pm

Robby - It means nothing has changed in sales after 40 years of selling information systems. When I started in sales my mentor was an old 1960s Sperry guy. Same stories as today, different amounts of storage & bandwidth. TCO, ROI, Business Cases, none of it is new.

▶ Reply to This

Permalink Reply by Tino Marquez Jr. on July 5, 2009 at 6:39pm

For most companies the lowest risk path may be external because hosting providers, professional data centers and especially SAAS vendors are better at everything (privacy, security, etc...) you've mentioned above.

Sorry Mike, I’m going to have to disagree with you on this. And also, I do NOT see how you can even remotely qualify this statement…but then, what follows is just my opinion too. I would imagine that SaaS vendors will have on staff IT personnel that are better at everything when it specifically relates to their core product, but beyond that I disagree.

There have been many times when I’m supporting my clients and have to do with their third party vendors, some may not fit the true definition of SaaS etc. but in concept and relating to this argument, they are providing a technology based solution and/or service. Often I find myself have to waste time with their tier-1 support (reading from a script) and then even sometimes have to go a few rounds trying to explain to their “engineers” why there is a business need for what my client wants and needs. There are many times I’ve had to explain what I would consider basic to intermediate computer principals and terminology. Eventually we have to settle the dispute with the account rep. And while this is nice to be able to “blame the vendor” it doesn’t get my client to the results they wanted in a timely fashion.

I certainly do a see many great ways to bring SaaS solutions to my clients, but I’m not sold on the whole “infrastructure as a Saas” at all , and most likely never will be. And to be honest, I’m very confident not many SaaS vendors are bursting at the seams with staff that have my skill level and experience. I can’t be the only IT consultant/systems engineer on this SI site that feels that way.

It is interesting to note, I think this whole SaaS debate is biased from people who own an interest in SaaS solutions on one side and maybe IT professionals like myself on the other side. Yes, I admit , I’m biased… So my posts should probably be read with that in mind, always. It is my corporate IT background I think.

▶ Reply to This

Permalink Reply by Mike Seidle on July 5, 2009 at 7:11pm

Tino,

I have yet to meet a corporate IT department that runs a better data center than even a small 40,000 subscriber ISP. I have yet to see a company's IT department give internal customers better availability and support than (picks SAAS vendor from a hat) Exact Target. What is different about SAAS now versus the ASP model of the late 90s is that the vendors are delivering the goods. That's not to say SAAS isn't without lots of problems (control of data, lock in, continuity risk).

And to be honest, I’m very confident not many SaaS vendors are bursting at the seams with staff that have my skill level and experience.

Maybe you are just a bit too good :)

Incidentally, I agree with you on many infrastructure as a service type of structures. Data centers and applications - sure - but the whole network? Not yet.

▶ Reply to This

Permalink Reply by Robby Slaughter on July 6, 2009 at 11:32am

Mike, I think there are three main differences between the ASPs of the late 90's and the SaaS companies of today:

1) Fancier name which is less accurate (I whined about this at http://www.smallerindiana.com/forum/topics/do-you-buy-software-as-a)

2) Companies tend to have more expertise and ability today

3) The capacity of the technology to deliver a good user experience is so much better than before.

To me, the third one is the most interesting. GMail (and OddPost) are surprisingly close to desktop software, which would not have been possible in the days of 3.0 browsers and dialup.

But again, I digress. Sure, modern day ASPs are better than they used to be---but is buying from an ASP (fine, SaaS company) going around the IT department?

▶ Reply to This

• First
• Previous
• Next
• Last