As part of the enterprise paper we are working on, I have been thinking about (and discussing) the impact of SaaS on IT Governance. Clearly, the way software gets evaluated has to change, Phil has a good list on what to look for when selecting a SaaS provider.

Another dramatic change will be how IT will enforce which software is used in the enterprise. I am far from surprise to see that IT shops are afraid of SaaS; no longer being the gatekeepers of the “operational” aspects of software, some are experiencing first hand that they are having less control on what gets used.

To illustrate this, below two fictitious discussions between a VP of Marketing and a CIO.

Old/ Current situation:

VP Marketing: My division needs <insert software name here>; it will dramatically improve the way we manage our marketing campaigns.

CIO: I hear you, but that software uses technologies that are not in our standard list, it can’t be hosted in our corporate data center. Sorry, it won’t happen anytime soon.

VP Marketing: Damn the IT department !

New/Emerging situation:

VP Marketing: I just bought for our group 150 seats of <insert software name here>

CIO: but… wait… heu… Damn SaaS!

J OK it might a bit contrived, but you get the point.

Don’t get me wrong, I am not necessarily in favor of a “wild west” approach to software purchasing, where as long as "the VP of Marketing" (or any other business unit manager) has the budget he/she can buy it. Proper governance, diligent selection process, understanding the implications in terms of integration, agility, support etc. are still extremely valid. My point is more around the fact that IT will have to rely on other ways of enforcing their policies than the totalitarian “I won’t run it in the datacenter” approach.

On the positive side, this will be a great (additional ?!) motivation for successful CIOs to engage with business units, understanding their software needs and work as a team on how to best source that software (e.g. on premise, in the cloud), it will also be a good opportunity to educate the business folks on the impact of certain purchases on their future agility. 

IMO, CIOs camping on their more “operational” role will be far less successful CIOs... deep pocketed business unit managers might very well start creating a portfolio of services (software) without them J