Swipe Right or Left: Choosing the Right SaaS Governance Approach for Your Company

These days, managing Software as a Service (SaaS) effectively is critical for any organization. From shadow IT to sprawling apps and unchecked spending, the challenges are significant. Gartner brings even worse predictions. From a security standpoint, companies are five times more susceptible to cyber incidents without proper SaaS governance. In addition, they’re likely to overspend by at least 25%.

These challenges are a direct result of decentralized purchasing across the business. Our data shows that 83% of applications and 72% of SaaS spending is controlled by lines of business and individual employees. The solution? SaaS governance.

In the SaaSMe 2024 session, Swipe Right or Left: Choosing the Right Governance Approach for Your Company, we delve into the intricacies of SaaS governance with industry experts. Steve Willer, a distinguished CTO at Klick Health, and Steve McKenzie, an accomplished IT Supplier Management Lead at Zoetis. Watch the full session here, or read on for key takeaways.

What kind of governance challenges were you facing?

Steve McKenzie (Zoetis): Zoetis has seen tremendous growth in the past 10 years, and we have really strong goals going forward. We realize we have to make sure that we’re making conscious decisions when we’re bringing on new technology to prevent duplication, functionality, and better management. Above and beyond that, make sure that we’re bringing on secure and safe products to protect our data.

Steve Willer (Klick): One important element of our corporate culture is this notion of entrepreneurial spirit. Innovation and innovation in technology has been a core part of who we are since before I joined. Trying to maintain a balance between cost efficiency and innovation can be a bit of a challenge, especially with growing operational demands and our desire to maintain a competitive advantage.

What is your company’s philosophy and goals around being innovative but also responsible with software? How do you balance that in your approach to governance?

Steve Willer: When it comes to cost, historically we had told people, ‘If you want to try something then try it, but don’t put any kind of confidential information with them until we’ve had a chance to vet them. But when it comes to the cost, as long as it’s below some reasonable threshold, then expense it and we will find a way to cover it.’ As we are growing as an organization and getting more mature, we’re actually in the process right now of shifting over to much more comprehensive centralized governance of costs. The messaging is shifting from ‘Try it and then let us know,’ into ‘If you want to try something and it’s going to cost money, then talk to us first. We’re happy to help you and to find the budget for it to work through the contracting to deal with all the process steps, but we really need you to talk to us before you get too heavily into it.’ That’s the process right now. We transitioned from decentralized to centralized governance, particularly in cost management, to better support scaling and operational efficiency.

Steve McKenzie: Zoetis opted for centralized governance to manage our extensive and varied technological needs, ensuring efficient operations across its global sectors. It’s really important that we balance agility and creativity with compliance. I give a lot of credit to our enterprise architecture team. They have a process to come together, voice their opinion on things they may need, review it and give a frank assessment of:  do we have that or is this truly an area that we need to move into? Then for all the right reasons, make sure that we’re not cart before horse jumping into something, loading it with confidential information before we’ve had the chance to engage risk management to review that, to collaborate with the software provider to understand their security controls.

What would you consider the benefits and challenges of your governance style?

Both Leaders: Benefits include enhanced security, cost control, and support for innovation. Challenges revolve around maintaining flexibility and speed in innovation while ensuring compliance and managing growing operational complexities.

What’s one step a company can take today to implement a better governance structure?

General Advice: Start by evaluating current SaaS applications and spending to identify inefficiencies and areas lacking control. Adopting a structured governance framework can streamline operations, enhance security, and optimize costs.

Software is pivotal to productivity. How do you manage employees’ demands for new software tools, especially with rapid advancements in areas like AI?

Steve McKenzie: Our approach at Zoetis involves a balanced review process where enterprise architects and other stakeholders assess the need for new tools. This ensures that while we remain innovative, all software additions are necessary and secure. We are proactive with our enterprise architecture team, ensuring they collaborate to creatively integrate new technologies. This process includes a thorough review to ensure any new technology aligns with our operational needs and security standards. As for AI, our digital data analytics team plays a crucial role in integrating AI, ensuring new tools align with our governance by piloting and reviewing use cases quickly.

Steve Willer: At Klick, we encourage trial and exploration within safe limits. Before adopting any new technology, especially costly ones, we ensure they undergo a thorough vetting process for security and privacy to maintain our governance standards. We try to maintain a marketplace of ideas where different groups can propose innovations. This helps us manage the chaotic but necessary influx of new technologies, ensuring they align with our strategic goals and governance framework. AI adds complexity, requiring us to manage innovations carefully to prevent disruptions. Our governance involves ensuring no confidential data is used in trials without proper vetting for security and privacy

What is the role of your internal teams in maintaining governance? What strategies do you use to manage the variety and volume of software applications within your organization?

Steve Willer: The Trust Team at Klick combines functions like security, privacy, and compliance. It was inspired by best practices from industry leaders and plays a crucial role in maintaining strict governance as we balance innovation with operational security and privacy requirements. Klick initially focuses on identifying departments that manage their applications responsibly, allowing us to prioritize governance efforts where they are needed most and gradually tighten controls to manage costs and security.

Steve McKenzie: We start with a clear understanding of our existing software landscape using tools like Zylo to uncover hidden applications and expenses, then we build governance processes tailored to manage these effectively.

Wrapping up our discussion with Steve Willer and Steve McKenzie, it’s evident that effective SaaS governance is dynamic and varies between organizations. Both leaders emphasize the need for structures that support security and innovation, tailored to their unique operational environments. Their shared insights offer a valuable perspective for any IT professional navigating the complex landscape of SaaS management. Feel free to revisit their approaches and reflect on how these strategies might resonate with your organization’s needs.

As you navigate SaaS governance within your own organization, explore what strategies make sense for your organization. Download our guide, Evolving Your SaaS Governance Framework for the Digital Workplace, to learn about the varying approaches and take the quiz to see which may fit your organization best.