Compliance
April 16, 2019

How to Increase SaaS Security through Culture Shifts and Innovation

Zylo Executive Council
In this Article

Heading

As a CIO of a healthcare software company, Jason James resonates more with the technology industry than the healthcare industry. While he must stay sensitive to healthcare-specific security regulations, Optima Healthcare Solutions faces challenges that many software companies face.

For example, tech-savvy employees expense SaaS subscriptions that promise to increase productivity or ROI. The consumerization of IT, coupled with BYOD (bring your own device) policies, have accelerated adoption of shadow IT within the enterprise.

Many modern companies appreciate the momentum of strategic tech adoption by business units. However, when it comes to data security, the stakes are high for healthcare companies, including healthcare tech. Innovation must be secure: Data breaches in healthcare can result in fines and jail time.

To ensure that Optima Healthcare Solutions meets high standards for data security, Jason has prioritized innovation and strengthened security culture from buyer, to user, to board member.

Build a Progressive Culture Surrounding SaaS Security

With a background in tech, Jason was well aware of the precautions a SaaS product must take. At Optima, he double-downed on processes to ensure the security of electronic health records.

Today, an auditing process vets all current software solutions. From on-premise to cloud-based software, contracts for each platform must run through Security and Compliance.

Additionally, Jason has socialized security training throughout the organization, especially at the user level. Considerations for a training program include:

  • Adoption best practices to uncover and vet shadow IT.
  • Recognition and reporting of security threats.
  • Regular standardized and practical testing.
  • Identify SaaS licensees to require application-specific training.

As cybersecurity programs advance, security leaders are prioritizing user-level training. Consequently, Jason has built a progressive culture surrounding technology one SaaS user at a time.

Additionally, from the beginning of his journey with Optima, Jason has aligned with the CEO and the board on priorities surrounding SaaS security. Through a regular audit, Jason can benchmark, track, and communicate necessary innovations across the organization to secure their technology.

Transformation and Innovation Require Visibility

CIOs and technology leaders continue to feel the pressure of constant evolution. In the past few years, the landscape has changed radically, increasing expectations of enterprise software across the board, from computing power to user experience.

For IT leaders to capture and lead innovation within their organizations, they must access full visibility into their software stack and employee experience. Otherwise, business units will take innovation into their own hands, or more accurately, into their own expense accounts.

Jason says that shadow IT happens when IT has failed the partnership. If business units can meet their business goals and transform more effectively and with lower cost, they will covertly expense SaaS subscriptions. With no SaaS discovery platform, IT may never know about the purchase.

Linked to security breaches and proliferate technical debt, shadow IT, while at times beneficial to business growth, can lead to net losses when unregulated. Therefore, Jason appreciates the partnerships he has built with his business units -- these partnerships keep shadow IT at bay.

To maintain relationships with business units, Jason focuses on transparency and compromise. Areas in which transparency drives value include:

  • Business priorities and goals.
  • Research and adoption of SaaS platforms.
  • App-specific security training for licensees.
  • Identification, diagnosis, and elimination of technical debt.

Just as partnerships are supported with business units, he must prioritize relationships from his board. For Jason to align innovation efforts with his board, he builds in reporting for every stage of the SaaS lifecycle.

Capture and Report the Entire SaaS Lifecycle

Often, SaaS security conversations focus on answering the following questions:

  • What are we buying?
  • What data does the SaaS application hold?
  • Who holds a license or has access?
  • How are they using the application?
  • On what devices are our systems operating?

The question of application off-boarding is left out of the holistic strategy. From users to the board, Jason has communicated that each software solution needs to live, retire, and die -- no employee can continue working on a defunct solution saved to their hardware.

When an application is no longer patched by a vendor, technical debt creates software security risks. Therefore, when cloud-based subscriptions are adopted, Jason has a high level of confidence that software’s lifecycle will be better tracked and pushed to close.

Because Optima is a cloud-based solution, Jason’s belief in the heightened security of cloud-based solutions is entrenched in the business. However, at previous companies, the cloud discussions were not so effortless.

When in digitally transforming businesses, Jason recommends technology leaders lean into the application lifecycle planning and look 36 months into the future. When a plan is in place, board members will understand the need to innovate, as well as the need to offboard, to boost enterprise SaaS security and the entire organization.

Find Jason James on Twitter at @itlinchpin.

Check Out These Related Resources

Blog
May 13, 2026

Top License Management Tools Ranked for IT & SAM Teams

Read More
Read More
Blog
April 9, 2026

The Best Software Asset Management Tools for SAM Teams in 2026

Read More
Read More
Blog
March 27, 2026

The Essential SaaS Compliance Checklist for 2026

Read More
Read More
Podcast
August 27, 2025

Inside Hyatt's Plan for Continuous Software Audit Control

Read More
Read More
Podcast
July 17, 2025

From Chaos to Control: Applying FinOps Thinking to SaaS

Read More
Read More
Podcast
May 21, 2024

From Spreadsheets to Success: A Guide to High-Velocity SaaS Procurement with Brittney Linville

Read More
Read More
No items found.
Reports
January 4, 2024

The IT Leader’s Guide to Software License Management

Read More
Read More
Reports
April 20, 2022

Evolving Your SaaS Governance Framework for the Digital Workplace

Read More
Read More
Sort by Date
© 2026 Zylo