Software Renewal Management Guide & Renewal Checklist
Table of Contents ToggleBuild a Progressive Culture Surrounding SaaS SecurityTransformation and...
Back
Back
Search for Keywords...
Blog
Table of Contents
As a CIO of a healthcare software company, Jason James resonates more with the technology industry than the healthcare industry. While he must stay sensitive to healthcare-specific security regulations, Optima Healthcare Solutions faces challenges that many software companies face.
For example, tech-savvy employees expense SaaS subscriptions that promise to increase productivity or ROI. The consumerization of IT, coupled with BYOD (bring your own device) policies, have accelerated adoption of shadow IT within the enterprise.
Many modern companies appreciate the momentum of strategic tech adoption by business units. However, when it comes to data security, the stakes are high for healthcare companies, including healthcare tech. Innovation must be secure: Data breaches in healthcare can result in fines and jail time.
To ensure that Optima Healthcare Solutions meets high standards for data security, Jason has prioritized innovation and strengthened security culture from buyer, to user, to board member.
With a background in tech, Jason was well aware of the precautions a SaaS product must take. At Optima, he double-downed on processes to ensure the security of electronic health records.
Today, an auditing process vets all current software solutions. From on-premise to cloud-based software, contracts for each platform must run through Security and Compliance.
Additionally, Jason has socialized security training throughout the organization, especially at the user level. Considerations for a training program include:
As cybersecurity programs advance, security leaders are prioritizing user-level training. Consequently, Jason has built a progressive culture surrounding technology one SaaS user at a time.
Additionally, from the beginning of his journey with Optima, Jason has aligned with the CEO and the board on priorities surrounding SaaS security. Through a regular audit, Jason can benchmark, track, and communicate necessary innovations across the organization to secure their technology.
CIOs and technology leaders continue to feel the pressure of constant evolution. In the past few years, the landscape has changed radically, increasing expectations of enterprise software across the board, from computing power to user experience.
For IT leaders to capture and lead innovation within their organizations, they must access full visibility into their software stack and employee experience. Otherwise, business units will take innovation into their own hands, or more accurately, into their own expense accounts.
Jason says that shadow IT happens when IT has failed the partnership. If business units can meet their business goals and transform more effectively and with lower cost, they will covertly expense SaaS subscriptions. With no SaaS discovery platform, IT may never know about the purchase.
Linked to security breaches and proliferate technical debt, shadow IT, while at times beneficial to business growth, can lead to net losses when unregulated. Therefore, Jason appreciates the partnerships he has built with his business units — these partnerships keep shadow IT at bay.
To maintain relationships with business units, Jason focuses on transparency and compromise. Areas in which transparency drives value include:
Just as partnerships are supported with business units, he must prioritize relationships from his board. For Jason to align innovation efforts with his board, he builds in reporting for every stage of the SaaS lifecycle.
Often, SaaS security conversations focus on answering the following questions:
The question of application off-boarding is left out of the holistic strategy. From users to the board, Jason has communicated that each software solution needs to live, retire, and die — no employee can continue working on a defunct solution saved to their hardware.
When an application is no longer patched by a vendor, technical debt creates software security risks. Therefore, when cloud-based subscriptions are adopted, Jason has a high level of confidence that software’s lifecycle will be better tracked and pushed to close.
Because Optima is a cloud-based solution, Jason’s belief in the heightened security of cloud-based solutions is entrenched in the business. However, at previous companies, the cloud discussions were not so effortless.
When in digitally transforming businesses, Jason recommends technology leaders lean into the application lifecycle planning and look 36 months into the future. When a plan is in place, board members will understand the need to innovate, as well as the need to offboard, to boost enterprise SaaS security and the entire organization.
Find Jason James on Twitter at @itlinchpin.
Table of Contents ToggleBuild a Progressive Culture Surrounding SaaS SecurityTransformation and...
Table of Contents ToggleBuild a Progressive Culture Surrounding SaaS SecurityTransformation and...
Table of Contents ToggleBuild a Progressive Culture Surrounding SaaS SecurityTransformation and...
Table of Contents ToggleBuild a Progressive Culture Surrounding SaaS SecurityTransformation and...
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |