Editor’s note: The following is a guest post from Ravi Malick, global CIO at Box.
With enterprises operating globally, technology bloat has become not just a burden to most CIOs and CISOs, but a real security risk. The abundance of apps makes content governance nearly impossible. It can also be an insidious drain on the budget.
How did we get here, and where should we go next?
Nixing redundant technology is the obvious first move and the aspiration of any CIO, but the mistake many tech leaders make is to embark upon a one-time app-consolidation effort and then forget about it. Bloat creeps back in, and eventually organizations end up back where they started: with too many apps and a lack of centralized governance around them.
In reality, app consolidation should be a consistent part of the roadmap, not just a project with a definitive start and finish. It needs to be an ongoing technology priority — something you think about all the time.
Using risk to reduce technology bloat
Using a composite rating of technical complexity, change management, and cost to achieve, there are essentially three levels of risk evaluation when it comes to simplifying the technical environment and reducing bloat.
Business-critical apps cost more and deliver a bigger bang for your buck. These include things like financial systems and CRMs — applications that are very much embedded in the business and culture of any company, and typically have a high number of users and integration points. Consolidating or retiring these apps is a big deal and is not for the faint of heart.
Apps which fall under this level of impact are more likely to be isolated to a department or team and have a lower number of users. These are low-hanging fruit, as there's a lower level of impact to the organization when it comes to consolidating or retiring in this area. They might include marketing tools enabling a single use case or an HR app that solves one discrete problem. This is where every organization can quickly and easily begin addressing app bloat.
Of course, not every application under scrutiny will fall neatly into one of the above categories. Some lie confusingly in the middle — important enough not to mess with lightly, but under consideration for a remodel. This is where leaders should devote a good portion of their time, as there is potentially hidden risk, but also significant untapped value.
Using this framework, organizations of any size can begin to scrutinize their existing tech stacks.
Pinning down tech bloat
App bloat is largely abetted by the abundance of SaaS options all around us. Today’s plug-and-play model allows employees to charge a new app on a credit card and turn it on almost immediately.
Many leaders in marketing, sales, operations, HR, and other functions are in charge of their own app procurement, which makes it easy to overindulge at the software buffet. But these teams don't always have the resources and skills to manage the platforms they choose on a long-term basis or as part of a universal tech stack.
Now, the pendulum is swinging back toward a more centralized structure where CIOs and CISOs provide oversight, guidance and a level of governance over technology procurement across the enterprise.
From their vantage point, CIOs and CISOs will look at any new technology purchase in terms of whether it meets security standards, if there’s an actual business need for it and the overall value it will yield. An effective IT team can make decisions which simplify technology complexity within an organization, upgrade security and still enable users of various teams to collaborate and be productive.
For organizations in "SaaS run amuck" mode, figuring out where to start with consolidation and simplification can be tricky. Asking the right questions is the way to begin.
The right questions to ask
Take a cold hard look at your current state of technology architecture. -What does your tech stack look like right now? How many users do you have? How many integration points are there? What are the features, functionality, and capabilities of your existing stack? Where is the technical debt and risk?
Make a list. Check it twice. There are a lot of tentacles in the app-consolidation process that CIOs, CISOs and executives in general have to think about, and knowing what they are is the first step towards being able to sort apps into the above buckets of risk.
Finally, How does software procurement work in your company?
In order to make wise choices around your tech stack — especially when considering whether to take on a new app — start with the money. What's the process for people to buy new software? Who has the ability to procure and implement a new app?
If your technology culture makes it easy and acceptable for people to put new apps on their corporate card, expense software or download free apps in an ad-hoc way, you're going to naturally see a lot more low-level bloat, with less oversight for how stuff gets in the door. Easier app onload makes for harder management of cost and complexity.
Think of application acquisition and management like a running stream. Block the flow, and that stream of never-ending apps tries to find its way around, creating a branched and choppy path. But guide the flow well, and things move smoothly — as one, and straight ahead.