Concerns about corporate information leaving the data center shouldn't hold you back from letting employees use cloud productivity apps, but you have to trust your employees and cloud service providers to do the right thing.
IT leaders and other decision-makers may think the cloud is too unsecure to host corporate information, and for some companies that may be true. But in industries where you don't need to encrypt email or files, why not let employees use cloud productivity applications? Sure, there are some risks, but if you put trust in your employees and the cloud vendors that you choose, the risk might just be worth it.
For Patrick Harding, CTO at Ping Identity Corp., cloud productivity apps aren't any different than any other application: They're just apps, and employees should be able to use them. For eleven years, Ping has been in the business of identity security, and about five years ago the company moved over to an almost completely Software-as-a-Service model.
What are the benefits of using cloud productivity apps over native apps?
A cloud app is something that I haven't had to install and maintain and run myself. A cloud app can have two interfaces. It can have the Web interface, but most cloud apps today -- and most apps in general -- are starting to make available a native app that I would install myself on my phone. I can interact with that app via the browser, but sometimes I'm on the road and I need to read a document and I've got my iPhone handy, so I use the iPhone native app instead.
Which cloud productivity app do your employees use?
Basically any product we use, we just expect it to be a SaaS application.
Very early on, we started using Salesforce.com as our sales enablement tool and CRM application. In marketing, we started with Marketo but shifted to Eloqua. Across the company, we migrated from Exchange about five years ago, and we now use Gmail, Google Docs, calendaring, etc. We've also been using WebEx heavily now for four or five years for conferences. My team has used Box for collaboration. Our engineering team has been using Rally Software for five years as well.
We wouldn't today use a product that you have to install. Basically any product we use, we just expect it to be a SaaS application or a cloud application.
So you have a completely SaaS environment?
We've got a few legacy things from when they were first put in place seven or eight years ago, but I couldn't tell you what they were because I don't use them. There must be a couple of things lying around, but I'd have to go dig up what they are.
How did people settle on the particular cloud productivity app that they use?
Oh, there was definitely trial and error. We've migrated from one vendor to another vendor because we didn't feel like that original vendor was getting it done.
It's like anything. We go through proof of concept and a prototype and a trial, and we measure that application against our requirements. If it's close, we invest in standing it up and trying to make it work. Sometimes it doesn't work, and we then have to find an alternative. We prefer not to do that, obviously, because the switching costs are expensive, but it's like any app. That's no different [than] if we were doing that with on-premises software 10, 15 years ago.
How do you keep corporate data secure in the cloud?
When I think of data security, I think of two things: How do we control access to that data? And then how do we keep that data confidential?
More on cloud productivity apps
Top 5 business cloud collaboration services
IBM SmartCloud Docs challenges Office 365, Google Docs
How to develop a mobile cloud app monitoring system
With Intel Cloud SSO, IT can manage SaaS apps
The first problem is Ping's business; helping control access to data by ensuring our people don't have to provide extra IDs and passwords to get to those cloud applications. We enforce single sign-on so they only have to authenticate once, and we don't have passwords living out in the cloud. And then we control the provisioning of those users so that you only gain access to those apps if you're in the right department, in the right role.
And then it becomes a question of, is that data kept confidential? That's something we don't actually do. We're not in an industry that requires us to encrypt all our email in Gmail or all our files in Box, so we've chosen not to invest in that level of technology. It's always a cost-benefit equation. The cost is not warranted in terms of having to put in place that level of sophisticated infrastructure, and we're willing to live with the risk.
Do you have policies for cloud productivity application use?
Our policies, compared to those of a bank, are sort of refreshing because they recognize that today's world is about bring your own device. We're looking for [employees] to do the right thing with stuff that they put on their device, how they use their device, how they secure their device. We have a lot of expectations for personal responsibility.
What was the most difficult part of migrating to a completely SaaS environment?
Really it's the initial switching. Our migration from Exchange to Gmail, I'd say that was probably the most fundamentally difficult. The client software people use and the expectations of how it works are all subtly different, and people had to get used to using Gmail over Exchange, so there were some learning curves.
Anytime someone starts to use a new application, there's a learning effort involved. People have to get comfortable, but once that's done, generally it's business as usual. My expectation is that end users should not even know or understand that this is a SaaS application versus a cloud application or whatever it might be. It's just an app, and they should be able to use it. It should just work.