When the world changed in March, CIOs and IT teams that had previously positioned their organizations for remote work were commended for their ability to keep the business operating. Now, as companies expect to be operating remotely for the foreseeable future, CIOs, CTOs and IT teams need to take a long-term view of managing and securing digital operations. According to a poll of 150+ CIOs and technology executives conducted by HMG Strategy, more than 90 percent of respondents expect their organization to remain highly distributed heading into 2021.
To do a deeper dive on these trends, HMG Strategy recently caught up with David Politis, Founder and CEO of BetterCloud. BetterCloud is a leader in SaaSOps, enabling its customers to discover, manage, and secure their cloud applications effectively. BetterCloud will be hosting its Altitude 2020 Conference from October 19-23, the virtual event for SaaSOps professionals.
HMG Strategy: Tell us about yourself and what BetterCloud’s charter is.
David Politis: I kicked off my career in 2004 at a SaaS company called Vocalocity during the days before SaaS was even called SaaS, and before the term `cloud’ came to be. Then, in 2010, I went to a company called Cloud Sherpas — one of the first cloud consulting companies. It was there that I saw this massive shift to the cloud get its start. Enterprises were beginning to move their productivity and collaboration suites to the cloud. At that time, it became clear to me that there was going to be a huge opportunity in this space. As companies adopted cloud and SaaS, they were going to need a whole new set of tools to manage and secure those environments. So, in November 2011, I started BetterCloud with the vision of providing exactly that — a platform to manage and secure these SaaS environments.
Today, we believe we’ve preempted every major inflection point in the transition to SaaS — from the rise of cloud-office suites like G Suite and O365, to environments with a best-in-breed application for virtually every function. The COVID-19 crisis and the move to remote work has now accelerated this shift and cemented BetterCloud’s position as the de facto solution for managing and securing SaaS applications for more than 2,000 companies in 60+ countries.
What problem does BetterCloud solve for its customers?
DP: You can think of BetterCloud as an orchestration and automation layer to administer and manage SaaS applications — everything from onboarding/offboarding users, access management, etc. — as well as an authorization layer that gives full visibility and control over user interactions — everything from who is sharing what internally and externally down to application configuration that can lead to data exposure. To sum it up in a few words: we’re the first and only platform that helps IT professionals discover, manage and secure the growing stack of SaaS applications, from soup to nuts.
BetterCloud also provides ‘invisible guardrails’ for IT to manage user access and interactions within SaaS applications with zero impact on the user experience and the progressive ways employees conduct the day-to-day needs of their business.
But that’s just the technical side of what we do. The driving force behind our work is to ensure organizations get the transformative value and benefits of adopting SaaS applications, while ensuring IT has complete control over their environment and can serve as an enabler for the business.
BetterCloud opens up the potential SaaS can have on any given organization. It drives increased productivity, better collaboration, a happier workforce and more. I predict that users in the next three-to-five years will reach optimum levels of productivity through SaaS. I also believe that in that time, IT will be able to effectively manage the proliferation of these best-in-breed applications.
With companies largely operating remotely now and into the foreseeable future, what are the biggest security challenges this creates for companies that are effectively operating out of the cloud?
DP: The massive move to remote work this year has been a watershed moment for SaaS adoption and has truly changed how people work.
Over the last eight years, IT leaders have given me every excuse in the book as to why they were delaying the move to SaaS.But now, we’re seeing these companies run head-first towards SaaS. I’ve heard some wild stories of companies even bypassing security and procurement processes because they needed to get their employees up and running from home right away.
This accelerated shift to working remotely has also forced behavioral changes among workers as well. Employees who were once hesitant to adopt certain technologies are now embracing them. An executive I know described this phenomenon as years of behavioral change condensed into a few weeks.
But to answer your question on security, IT and security teams are most concerned about insider threats — i.e., employees that intentionally or unintentionally may be exposing or compromising sensitive company data. Last year, we did our first State of Insider Threats in the Digital Workplace 2019 report and 91 percent of the 500 IT and security pros we surveyed said they felt vulnerable to insider threats. Not only that, but 75 percent stated that the biggest risks for their respective organizations lie in cloud storage and email solutions (e.g., Google Drive, Dropbox, Box, OneDrive, etc.) and email (e.g., Gmail, Office 365). We’re in the process of releasing the second iteration of this report and we expect these numbers to be as high, if not higher, as a result of the current environment.
How is BetterCloud differentiated in the market to address these issues?
DP: We are uniquely positioned to deliver the first all-in-one SaaSOps platform to meet the growing demands of IT teams. Leveraging our patented data graph technology, the BetterCloud platform can create rich relationships between the data across all of a customer’s SaaS applications to deliver a new level of operational intelligence and automation. The depth of our strategic integrations is also second to none in the industry. We have a comprehensive set of more than 800 actions for 60+ popular SaaS apps and maintain partnerships to ensure consistency as APIs change. We also provide what I believe to be best-in-class customer support. We currently have a 99 percent customer satisfaction rate and our average response time to inquiries sent via chat averages less than 10 seconds.
Last, but definitely not least, we bring deep SaaS experience to every interaction with our customers. For nearly a decade now, we’ve helped companies truly realize the full promise of SaaS. We’ve also written two books on SaaSOps and run the largest community of SaaSOps Professionals.
We’re starting to hear a bit of buzz around a movement called SaaSOps? Can you tell me a bit about what that means and what BetterCloud’s role is?
DP: I take great pride in the fact that BetterCloud was the first company to ever officially define SaaSOps as a practice referring to how software-as-a-service (SaaS) applications are managed and secured through centralized and automated operations (Ops), resulting in reduced friction, improved collaboration, and better employee experience.
SaaSOps is undeniably a result of the explosion of SaaS in the enterprise. The term itself may not be new, but the overall concept has been moving forward for quite a while now. It’s been referred to as everything from digital workplace ops, to IT operations, to SaaS administration, to cloud office management and end user computing, just to name a few.
The ultimate gist is the same. SaaSOps is a set of disciplines—all the new responsibilities, processes, technologies, and people you need to successfully enable your organization through SaaS. One easy way to consider it is to divide SaaSOps into three categories. In the first one, you have Discovery. That’s where it all starts. In this category, you gain insight into what applications your employees are using, how much they are using them, and what the spend is for the organization. The second category is SaaS Management. This piece addresses what your IT team needs to ensure proper onboarding/offboarding procedures, access management, spend management, and more. Finally, you have Security, which solely focuses on data protection. This includes incident response, preventing insider threats, file security, identity and access, and regulatory compliance.
Unless you put this framework in place, it will be impossible for your IT team to meet the SaaS needs of the business and employees.
As a CEO, how are you leading differently in the current environment? What are you doing to help reassure not only BetterCloud employees but also your customers?
DP: Internally, we ramped up the cadence of our communications and connections. Specifically, we increased the scheduling of our `all hands’ meetings from monthly to twice a week. During each meeting, different spokespeople from the team present their latest initiatives tied to OKRs. It’s critical that during these challenging times everyone stays on the same page and knows what we’re working on, what’s going well, big wins across the company, etc.
One constant of our all-hands meetings is providing everyone on the team with the opportunity to ask me questions, whether they choose to do so anonymously or not. Today, they can do that twice a week. We also have different leaders at the company that have established things like standing virtual Friday happy hours, virtual office hours, virtual water cooler time, and more. It’s all about making sure that our team has more opportunities to interact with each other with everyone working remotely.
For our customer base and community, I believe the COVID-19 crisis makes our product and expertise more relevant than ever. What many are referring to as the `new normal’ with 100 percent remote work is undoubtedly becoming the tipping point for SaaS adoption. It’s also part of the overall digital transformation that we’ve expected for many years.
The community of SaaSOps professionals that we’ve established is at the center of this shift. Their organizations rely on them to enable and empower their users to be just as productive, collaborative and effective while working from home as they were in the office. On a weekly basis, we’re co-hosting the largest virtual gathering of IT professionals to discuss best practices for this new world we’re all working in. Our SaaSOps community also includes an expert advisory group that is offering free services to help our customers automate user lifecycle management, insider threat protection, and more across all of these new SaaS applications being used by their organizations.
What three pieces of advice would you offer to technology executives to help them to better secure their organization’s SaaS data?
DP: First, educate your users as soon as a security violation occurs. For example, if an employee shares a file to their personal Gmail account, makes their work calendar public, forwards an email to a personal account, or adds a contractor to be a multi channel guest in Slack, make them aware as quickly as possible. Explain why their actions aren’t safe and are outside company policy. We’ve found that many of these issues are due to negligence and a lack of education, as opposed to intentional and malicious behavior. This is not new to IT, but it’s important to raise awareness as soon as the incident takes place versus later.
Second, embrace automation. The level of sprawl that exists as a result of the rise in best-of-breed environments is astronomical — and a high degree of automation is required to gain control. We see IT execs that employ periodic policies like offboarding users every Friday or auditing files once a month/quarter. That’s simply impossible in today’s world. There are way too many systems and way too much control on the user side of things. By the time that auditing session comes along, those user entitlements and permissions might have gone unchecked for days and the damage might be irreversible at that point.
Lastly, focus on policies that enable and empower employees versus restrictive ones that center on “locking down” use and access. Most IT teams today take an all-or-nothing approach to securing data across SaaS applications: they either give employees access to everything or they block them from everything. This creates friction and hinders business productivity. Not to mention it’s futile because your employees will figure out a way to use the applications they want anyway. Embrace `shadow IT’, be an enabler, work with your users to understand what they want, and then find the most secure path of least resistance for them to do their work.
