After a two-year hiatus, the IAITAM ACE Conference was back live and in-person in Las Vegas. It was great to see the community come together in this forum to share observations and best practices.
All told, there’s a lot happening in the world of IT and Software Asset Management. The conference packed a lot in with more than 75 sessions covering topics ranging from: cybersecurity, hardware optimization, contract negotiation and audit response tactics to software license management best practices.
Here are a few of the observations I took away from the event.
SaaS Management Is Challenging & Many Don’t Know Where to Start
I think it’s an understatement to say that I was shocked when I looked at the agenda and realized that just two of 75 sessions referenced SaaS or the concept of SaaS Management. It seems that the ITAM and SAM community realize that SaaS is important. Yet, according to a poll from one session presenter less than 60% of ITAM professionals are managing SaaS today.
Again, the consensus among attendees was that SaaS Management was important to their stakeholders, but SaaS is a truly different type of asset to manage. Different in how to measure, what to measure (spend vs network traffic) and what to report. I sense that there’s a hesitancy and lack of clarity on where to start.
The Role of ITAM Programs Is Rapidly Shifting
During the evening product fair, a handful of tenured SAM Managers spoke openly about their daily activities and annual goals. But when the topic shifted to long-term strategies and goals, many openly stated how difficult it was. Incorporating SaaS apps into their longer-term program roadmaps was a lot of guesswork.
Most ITAM and SAM professionals aren’t clear or confident on how to manage SaaS as a new type of software asset. As a result, the overwhelming majority said they reverted to goals and processes typically associated with on-premises software (measuring CPUs, Cores, Physical Hosts, Clusters, Active/Passive, etc.). But as I’ve alluded to before – SaaS is a whole new beast and requires a truly unique approach.
As the evolution from client-server to cloud continues, ITAM leaders must be evolving as well. The processes you used to manage on-premise assets aren’t going to be effective for SaaS. The relationships required to be an effective ITAM leader have shifted.
A Missed Opportunity: SaaS Security
While I was shocked that there was not greater volume on SaaS and how to manage this important and growing asset, the other part of the conversation that was missing was the risk mitigation benefits that SaaS Management provides.
So much of the conversation around SaaS was focused on costs, which is certainly beneficial. But having been a ITAM leader, I know the importance and focus placed on risk prevention and compliance. It seemed like a missed opportunity not to be talking about the importance of managing the risk that SaaS can pose to your organization.
Effective SaaS Management empowers Security’s ability to protect sensitive data and reduce your organization’s potential “attack surface.” The more SaaS applications that are introduced into your environment the larger your company’s attack surface becomes, which means it’s imperative to maintain constant visibility to all SaaS applications in your environment.
And when you consider that the average cost of a data breach in 2021 was $4.24 million, the highest it’s been in 17 years – it’s clear this needs to be a growing focus among the ITAM community.
