Companies’ battles against shadow IT are in the headlines again. This time the culprit is Microsoft's self-purchasing policy. Late last month, Microsoft stepped up its empowerment efforts for Office 365 cloud users. But after uproar from IT admins on social media, they have now been forced into a U-turn.
In late October, Microsoft announced that users could buy its Power Platform products on a self-purchasing basis. This demonstrated a failure to understand that IT admins need to gate-keep Power Platform’s low-code/no code app development, process automation and analytics applications from enterprise users. Here was the initial announcement:
“Self-service purchase capabilities for Power Platform products will be available for commercial cloud customers starting 11/19. Today, individuals within your organization are unable to purchase subscriptions or assign licenses for themselves or their departments without contacting you, their admin. Based on customer demand, we’ll soon be enabling self-service purchase and license management capabilities, which will allow users within your organization to purchase products directly, starting with the Power Platform family of products: Power BI, PowerApps, and Flow."
According to ZDNet, this new self-service capability would have arrived automatically and not been configurable.
Microsoft's self-purchasing policy
While the self-service purchasing concept has been crucial to the company’s platform strategy, Microsoft’s announcement meant that IT administrator approval wouldn’t be required. It wouldn’t even be offered for purchase and licensing by individual users of Power Platform products.
Many IT admins were naturally alarmed by Microsoft’s careful word choice. The announcement also implied that self-service purchase and license management capabilities were just “starting” with Power Platform.
In saying this, the company left the door wide open for subsequent updates. Imagine if the company were to unlock self-service for every Office 365 application for every enterprise or business user. There would be no opt-out option or mechanism to control costs and allocate expenses to budget holders. We’re talking ‘power to the users’ to the max.
As expected, technology leaders protested the news on Twitter:
@RobertPeledie: “...apart from the potential upturn in revenue for MS, what’s the advantage of allowing users to circumnavigate enterprise protocols?”
@MPECSInc: “We’ve spent decades working on user interaction and data control/sprawl. What is this supposed to accomplish?”
@MaxWiks: “Err...this is a bit weird. A governance nightmare.”
When pressed why the company was making the move, a Microsoft spokesperson responded:
"As employees become more independent and better versed in technology, we've seen increased demand from both users and organizations to enable users to buy subscriptions on their own. The intent of the self-service purchase option is to enable users to develop their own solutions to unlock productivity and drive business impact while respecting organizations' data governance and compliance."
Pressure forces U-turn
Nevertheless, the pressure on social media became too intense to bear. Confronted with sometimes severe criticism, Microsoft changed their decision. Last week, they announced that they had decided to give Office 365 admins veto rights on self-service Power tools. This means they will be able to turn off self-service purchasing on a per-product basis after all. Having regained some control, the relief among enterprise IT leadership was palpable.
But this incident highlights a wider problem. There is a disconcerting trend among SaaS vendors to take advantage of poor internal controls at companies so they can maximize their own revenues. Although Microsoft appears to have understood that IT needs to have control over their shadow IT, they are among the few that do.
In its defense, Microsoft was only adopting what has become competitive practice in modern, cloud-first market environments. Salesforce, for example, already offers self-service capabilities to users of its Service Cloud hub.
Microsoft’s big mistake, it seems, was to not have implemented self-purchasing right from the start. After all, that’s what all their SaaS competitors are doing, as noted by Microsoft Business Applications MVP and industry leader, Jukka Niiranen.
For example, if a user wants to buy Docusign, Adobe, LinkedIn, Box or Dropbox SaaS products, IT admins are rarely included in this process. But where is the outcry over this? It is quite common for an employee to buy the SaaS service they need on the company card without IT knowing. Some even choose to pay on their own credit card and charge it back to the business.
And there is a worrying trend for some employees to charge these expenses to inappropriate categories. It is impossible to manage SaaS expenditure properly with this approach.
Cleanshelf is built for this
There is a need to strike a balance between productivity and control, governance and autonomy, and trust and centralization. Besides, this is the mark of an operationally efficient and growing company. Constraining users unnecessarily makes companies uncompetitive. But so do cost overruns, data privacy issues, and redundant applications.
That’s why Cleanshelf works with companies to establish measured, internal SaaS environments. We call it: user empowerment, with a seatbelt.
Our technology integrates with financial systems and cloud subscription accounts to help finance and IT leaders track software spend and optimize the ROI of all cloud spend. Platform users have offered granular insight into enterprise software spend and maintain continuous oversight of license use and non-use.
It really does not matter what Microsoft chooses to do with admin governance policies or controls. Microsoft's self-purchasing policy, or that of any other vendor, should not really come into play. With Cleanshelf, IT leaders can maintain a clear line of sight into license deployments and usage.
Cybersecurity Spotlight - CIS Controls (Image: CIS)
Inventory and control of software assets
The Center for Internet Security (CIS), a global standard provider of IT system security best-practices, ranks “Inventory and Control of Software Assets” as the second most important aspect to protect companies from potential cybersecurity issues. Moreover, regarding the proliferation of shadow IT, professional IT news site TechGenix reminds:
There must be a system in place to track and monitor the technologies that are brought on board. Especially since users routinely install and use software applications and services without involving the relevant people or departments.
Cleanshelf works with IT to provide this, no matter what policy updates vendors put in place.
SaaS vendors are clever, and almost all of them try to pitch services direct to users. They prefer to bypass IT admins who may be more discerning and less willing to spend budget. However, while IT can’t change vendors’ tactics, with Cleanshelf, they can fight back.