Last September, Chris Hoff wrote of his concerns about SaaSprawl, setting off a lengthy and lively discussion.
At the core of Hoff's concern was the tendency for enterprises to "edge toward Cloud adoption by cherry picking applications for externalization using SaaS as the platforms."
The net result of this cherry picking is an IT administration nightmare as SaaS vendor relationships proliferate creating a jungle of multiple usernames & passwords, multiple identity silos, and a plethora of divergent administrative tools.
On top of it all, with Gartner showing that SaaS adoption is growing, and predicting that it will continue to do so into the foreseeable future, the situation is just going to get worse.
Of course, the problem isn't so much that organizations will seek software services from multiple sources – this is, after all, a major benefit of the SaaS model in the first place.
No, the real problem is posed by the need to manage security and identity across numerous SaaS instances, each with its own peculiar way of doing so.
An ideal solution to this problem then would allow organizations to engage whatever software services they wished while at the same time allowing these organizations to apply their internal identity and security management systems in the same way to each instance.
Interestingly enough, Novell recently conducted a survey of its customers and discovered that 43% of them would be more inclined to consider and purchase an SaaS offering if it included just such a solution.
IT leaders are not going to rein in SaaS sprawl by exercising greater control over the purchasing decisions of people who are getting pressure from the C-suite to increase efficiency by outsourcing elements of their infrastructure. Sure, the headaches are all on the side of the SaaS consumer, but it is not necessarily the case that that's where the cure should be implemented.
On the contrary, doesn't it make more sense to attack the problem from the side of the SaaS provider by giving them the ability to work with the client's existing security architecture? Wouldn't that alleviate the client's pain while making the vendor that much more appealing?
What's your cure for SaaS sprawl?