In my last post on Cloud-native organisations I said:

“we should be clear about the principles that apply and help our people understand what we need to watch out for when choosing technology.”

As the responsible people in an organisation we need to be thinking about things like:

  • We need to be confident that when people leave our organisation we retain access to information on the work they’ve been doing
  • We need to be sure that the sensitive information we handle in our organisation can only be accessed by authorised people
  • Where we have time-sensitive business commitments, we need to be confident that third-party software will be available for us to use when we need it

The specifics like how important that is, what types of information, etc. will be context sensitive.

Being clear about those concerns, and then translating them into the sort of features we need (eg. good archiving tools, single-sign-on integration, etc) helps us think about what’s really essential and then be clear with the market about what we need and why.

Approaching it with those two steps–what is important to my organisation, and then what might that mean in terms of features–helps us in a few ways. It:

  • Helps us work out when these things become important - is it whenever someone uses a tool, or is it when they’re used for certain purposes?
  • Lets us consider which measures are best dealt with through product features, and which are about how we shape our processes or use our tools
  • Provides space for innovative approaches as we’re free to consider what we’re trying to achieve, not how we expect it to be done

That said, most of the time the basics we want are covered by pretty standardised, common features.

(As an aside: it’s worth recognising that these are all things we’d think about regardless of who provides our software, it just happens that they come into focus for many people when thinking about “cloud”)

Catching up on blog posts recently I was delighted to discover “The Enterprise Ready SaaS Feature Guides” (via Tomasz Tunguz). It’s very much a supply-side resource that covers those basic implementation requirements, and well worth anyone making software decisions (whether supply-side or buyer-side) taking a look.

It’s been really good to see the UK’s National Cyber Security Strategy covering some of that ground in its recent blog posts. It’d be great to see more consumers sharing their thinking.