For several years now, software development and devops teams have been “shifting to the left.” The concept is simple. Give software developers more responsibility and control over all the things needed to run the software beyond just writing the code. And so, platform operations teams provided ways for application developers to easily manage security, infrastructure and scaling, network connectivity, application delivery, and all other aspects previously handled by specialized teams.
Developers with that much power could move faster, deploy more frequently, and build better products. Moving critical tasks earlier in the development lifecycle, also known as a left shift, optimized developer efficiency and reduced development costs, while improving code quality and security.
What is good for software developers can also be good for software users. Call it self-service or call it DIY. The bottom line is that bringing management of critical SaaS applications closer to team leaders and the people who need to use them improves performance on many fronts by bringing decision making closer to those who are actually doing the work.
Shifting left to SaaS will also directly improve organizational security by removing barriers to productivity. In research published in the Harvard Business Review, a study found that 67% of 330 survey participants reported failing to fully adhere to cybersecurity policies at least once, with an average non-compliance rate of one in 20 job tasks. When users were asked why they violated the policy, the top three responses were “to better perform my job tasks,” “to get something I needed,” and “to help others do their jobs.”
Empowering users could improve worker safety, productivity, and satisfaction. So how can we think about shifting SaaS products and responsibilities to the left? There are a number of useful paths to follow.
Shift of administrative duties to the left
For many companies, SaaS applications provide the core of their operations. According to BetterCloud research, “Businesses estimate that 70% of the business applications they use today are based on SaaS. By 2025, they expect 85% of the business applications they use to be based on SaaS.” This rapid adoption has led to the rise of a new term, SaaS Ops, to describe the operational requirements driven by a primarily SaaS technology footprint.
One of the main benefits of SaaS applications is that they are easy to deploy and use, without requiring a lot of setup or maintenance overhead. However, they still require administrative tasks, such as adding or inviting new users, changing user roles and privileges, creating custom roles, and resetting passwords. These tasks can be time consuming and tedious for IT administrators dealing with multiple SaaS applications and platforms. Additionally, these tasks often introduce delays and errors into the user experience, especially if administrators are unfamiliar with the specific SaaS application or its configuration.
For users, too, waiting for IT to reset a password, change privileges, or update an account can reduce productivity and satisfaction. By shifting these administrative roles to the left, we can allow end users to perform these tasks themselves using self-service portals or APIs. Users can also customize their roles and privileges based on their needs and preferences without compromising security or compliance. In cases where some type of administrator is required to manage user behaviors, IT teams and SaaS applications can change the administrator role to someone from the user team.
Altogether, shifting SaaS management to the left reduces the workload and stress on IT administrators, who can focus on more strategic and complex tasks. The result? Happier IT, happier users, and an overall more productive team.
Scroll user security to the left
When well-designed, SaaS applications offer greater security and reliability than on-premises options, thanks to their cloud-based architecture, consistent encryption, and distributed nature. However, SaaS suffers from some security risks, such as data breaches, unauthorized access, phishing attacks, or identity theft. These risks can be mitigated by implementing security policies such as IP blacklisting, forced 2FA (two-factor authentication) in the appropriate contexts, and security enhancements (additional verification for sensitive actions).
By shifting control of these user security policies to the left, we can give team-level administrators and end users more control and flexibility over how they protect their SaaS accounts and data. They can choose the most appropriate and convenient authentication method for their team without compromising security or compliance. They can also adjust their security settings based on their context and level of risk, such as configuring service-level 2FA or designating regional IP blacklists based on the use case.
In some cases, users can better determine when to apply forced 2FA or security boosts, with the default settings set by the security team. By empowering local computer users and administrators to take ownership of security, you also encourage them to learn more about it and understand how it works. This is beneficial for general safety hygiene in the long run.
Shift developer-facing services all the way to the left
Increasingly, SaaS users are actually developers consuming SaaS as a “dial tone” for key components of their applications. (Communications as a service through the Twilio API provider is almost a literal example of this.) While SaaS APIs have always offered some of the elements that developers require, the best ones expose high degrees of customization to developers, effectively changing the management and control of consumption. On the left. The stakes of the table are API tokens and webhooks, but more modern SaaS platforms also include the ability to create custom functions, offer the flexibility to integrate one or more enterprise SSO standards or directory integrations, and provide a multi-tenant hierarchy. for developers building multiple tenants. Applications
Building a robust set of management capabilities around machine-to-machine connections and tokens, the fastest-growing segment of application connectivity and API interactions, also enables developers to configure their SaaS tools to be behave exactly as you want to offer the best combination of functionality. and cost Software is eating up the world and developers are eating up SaaS. Feeding them the right SaaS self-service diet is a critical ingredient to your success.
Left scrolling for user productivity, developer speed
There are some risks of shifting SaaS control to the left. Any time security is handed over to people who are not necessarily security experts, education is required. An additional danger is fragmentation, where policies and standards become inconsistent and unenforceable. Fortunately, SaaS presents a canvas where the guardrails are often already in place, and SaaS or platform operations teams can work together with their constituents to find a happy medium between agility and convenience and core compliance.
The left-shift model has transformed software development by involving developers more closely in security, development, and networking processes. By applying the same principles to SaaS users, we can empower them with more control over their experience and more agency in their interactions with software applications. For developers using SaaS, giving them more DIY and composability means faster iterations and faster development of new features. Shift left has already taken the world of app development by storm. Now is the time to shift SaaS to the left so regular users and developers building with SaaS tools can reap similar rewards.
Aviad Mizrachi is CTO and co-founder of Frontegg.
New Tech Forum offers a place to explore and discuss emerging business technology in unprecedented depth and breadth. Selection is subjective, based on our choice of technologies that we believe are important and of most interest to InfoWorld readers. InfoWorld does not accept marketing guarantees for the publication and reserves the right to edit all content contributed. Please send all inquiries to firstname.lastname@example.org.
Copyright © 2023 IDG Communications, Inc.