SaaS responsibilities

[Thomas Carter <tcarter () AUSTINCOLLEGE EDU>]

Here, as I'm sure is happening everywhere, SaaS usage is exploding across campus. We in IT are struggling with forming 
policies around such usage and our responsibilities around those services. I would appreciate input in how others are 
handling this SaaS hydra. Does IT track all external services used? Does IT have the rights and/or information and/or 
responsibility for administration of these services? Does IT have any right of refusal for possibly insecure or 
unvetted services? Does IT have any other applicable policies such as SSO requirements, etc?

We're struggling with issues like when an employee leaves, how can we make sure they no longer have access to any 
school resources when some of those only reside in the cloud? Or when we don't even know about the service? How do we 
make sure a chosen solution integrates well into the rest of our environment when we may not be involved in the 
selection process?

I appreciate any answers, advice, or suggestions you can offer.

Thomas Carter
Network & Operations Manager
Austin College