Modern Infrastructure

Software governance: CIOs take charge of shadow services


Manage Learn to apply best practices and optimize your operations.

Great software governance means never having to be a 'CI-no'

Software governance means managing myriad as-a-service offerings, and CIOs are in the unique position of weaving formerly rogue or consumer services into the business fold.

As software as a service (SaaS) offerings have proliferated, getting a handle on who's running what, where it lives and how much it costs have become an IT management quagmire. CIOs bear responsibility for managing this influx of SaaS services, but when individual business units -- and sometimes, individual users -- are provisioning and purchasing applications, the software governance task can seem insurmountable.

In this issue of Modern Infrastructure: CIO Edition, SearchCIO executive editor Linda Tucci profiles a series of IT executives who refuse to be "CI-no's." They're accepting that user-provisioned IT services have breached their enterprise's virtual walls, but rather than treat them as an outright threat (or employees as outright insubordinates), they're learning to welcome SaaS offerings into the technology fold, while also keeping a close eye on such areas as cost, policy and the potential for service duplication.

Often, the role of a CIO is to take an organizational approach to previously renegade services. "We had lots of Dropbox usage popping up, so we are rolling out an enterprise account. It's an extremely effective sales model," said Larry Bolick, CIO at Aquent. As for the governance of Dropbox moving forward, Aquent has rolled out a policy stating that employees can still use Dropbox for personal reasons, but must use the enterprise account for business purposes.

Also in this issue, our CIO Outlook columnist Harvey Koeppel weighs in with his usual mix of historical perspective and humor in touting the benefits of a fully realized SaaS strategy, in a fashion that would make Dr. Seuss proud. Also, frequent contributor Christine Parizo gives us a governance, risk and compliance-focused view of what makes cloud security so darn difficult, and offers some best practices for CIOs who want to embrace SaaS services, but not let them get unwieldy. After all, how many Dropbox accounts does one organization really need?

Please write to me at

Article 4 of 5

Dig Deeper on Cloud computing for business

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Modern Infrastructure

Access to all of our back issues View All