Many vendors offer SaaS tools for IT management. For software vendors, they are a boon, as they maintain a single platform, provide all customers with the same version of software, and collect usage statistics to improve their marketing and sales strategies.
Organizational IT teams value SaaS platforms because they can access their data from anywhere, which streamlines the planning and execution of IT work. It’s not surprising that thirty percent of organizations spend more than half of their software budget on SaaS platforms to enable and optimize different business processes.
However, recent data breaches may have brought the question of whether to adopt SaaS tools for IT management to the forefront again, warranting that IT leaders take a second look at this important decision.
Cybersecurity researcher Aaron Costello has publicized a ServiceNow vulnerability which could enable unauthorized users to extract customer data. He said that up to 70% of all instances could be affected.
As a result, IT leaders and teams should evaluate the pros and cons of SaaS solutions before they purchase and deploy them.
Analyzing the Pros and Cons of IT Management Saas Platforms
PRO: With SaaS platforms, IT teams are able to access the latest software version and features, gaining new capabilities at pace. In addition, they don’t have to worry about implementing upgrades or maintaining the platforms.
CON: Customers lack data sovereignty, as they no longer control their data assets.
SaaS companies store data in the cloud: It’s how they provide role-based access to data to authorized users anytime, anywhere. SaaS providers and customers share responsibility for ensuring data security, and ideally both parties will hold up their end of the bargain.
But in reality, customers lose control of their IT management data when they place it in the cloud, as the recent ServiceNow breach has demonstrated. If the worst happens, data exposures could compromise data integrity, system access, and companies’ ability to operate.
When companies use on-premises systems, in contrast, they can enforce tight controls over who has access to sensitive IT data. That means they can keep it within the four walls of their physical environment.
PRO: IT teams like SaaS platforms, because it minimizes their IT and device footprint. They don’t have to manage or physically secure the devices supporting the SaaS platform, worry about storage capacity, performance issues and so on. All IT teams have to do is pay license fees and use tools to streamline operational work.
CON: Organizations store valuable infrastructure data in their IT management SaaS platforms, including configuration management databases (CMDBs), IT asset management (ITAM), and IT service management (ITSM) platforms. This information contains the keys to the kingdom, providing vital intelligence on:
- Users, roles, team structures, access privileges, and past actions
- Vendors that are used and service contracts
- Devices that are deployed, including equipment configurations in data centers
- Devices that are near or at end-of-life
- Past and planned changes and configurations, including patches
- Past and planned service requests
- Upstream and downstream application and process dependencies
IT is the foundation that businesses run on. If malicious actors access this core data, they can move horizontally and laterally — effectively able to access anything they want.
Pros: With SaaS platforms, organizations can easily scale to support business growth. They can add more users, extend the tool to new businesses, or use it to serve more regions.
Cons: SaaS platforms are inherently multi-tenant cloud-based solutions. That means configuration errors that expose data impact customers at scale. In addition, customers lack visibility into these changes and configurations — essentially trusting that they are happening.
When IT teams use their own CMDBs on-premises to manage changes and configurations, they can see which ones have occurred and prioritize urgent fixes — increasing visibility and accountability and maintaining greater control over data security.
Using Data Sovereignty Goals to Make an Informed Decision
IT management SaaS platforms provide easier platform management capabilities, eliminate maintenance requirements, and offer scalability. However, they may also create unwanted data risks.
Before deciding to use an IT management SaaS platform, your IT team will want to assess your security posture and risk levels and make an informed decision.
Do you trust your SaaS provider to store and secure your sensitive data in the cloud, or do you want to maintain full IT data sovereignty and keep this data on-premises?