One of the attractive elements of SaaS for the business user is liberation from the IT organization. No longer would business users have to get “in line” for key functionality, or new upgrades. Business departments such as sales operations now control their own destiny. The problem is at some point the business department will need the IT organization’s technical expertise for data integration support, security validation, or help to resolve a technical problem configuring the software service. Therefore, there needs to be some rules in place on how IT will help and interact with the business.
Gartner has found that most corporate IT governance policies are not adequate enough to address the unique internal corporate politics that SaaS can exacerbate, as well as the technical, security and risk aspects of purchasing SaaS applications. Further, most organizations do not have a corporate SaaS governance policy to guide the purchasing of SaaS applications.
• Companies should amend or edit corporate IT governance policies to create high-level guidelines to address the specific aspects of purchasing and managing SaaS applications, including payment, technical, security and risk elements, and how these fit into overall corporate IT management activities.
• Companies should draft a corporate SaaS-specific governance policy to minimize risk and exposure when purchasing SaaS applications, and to make sure the company achieves its business goals with these purchases.
• Policies should be issued by department heads outside IT, so that local policies apply, rather than depending on compliance with IT.
Gartner has published a template entitled “Creating a Corporate SaaS and Governance Policy”. This template helps companies create a corporate SaaS governance policy specific to their business.