SaaS applications are becoming more pervasive as enterprises realize the speed, flexibility and cost reductions they bring. However, the spread of multiple SaaS apps in an enterprise raises the issue of siloed management. The Conformity platform provides a centralized point of management for all cloud applications and users, and includes user provisioning, role management, workflow approvals, directory integration, compliance reporting, usage analytics and change management capabilities. They announced their initial general reIease on September 30. I spoke with Scott Bils, co-founder and CMO, about their offering.

Scott said that they recognized that SaaS would be the way of the future. However, as enterprises implement multiple SaaS applications they will need a means to manage them.  Conformity is designed to offer the centralized management platform to go across silos. For example, a salesperson might use a CRM app, a collaboration app, an incentive app, and an expense management app. They would have to provisioned with all these apps and their usage monitored. Then, if they leave, they would have to be checked out of each app.  Frequently, these apps might be administered by four different people. Firms need to be able to both monitor usage for expense control but also for compliance issues.  With Conformity, the management of all four apps could be combined in one central function with automatic provisioning.

Here is a sample administration screen shot. The applications being managed are on the left. The usage data is shown in the bar chart and the workflows tasks are shown on the right. In the central space under the usage charts, you can see the events occurring within the system.

Scott mentioned that many SaaS applications provide open APIs to facilitate the automation of provisioning and monitoring.  Others require some manual effort but Conformity can generate a notification email to the right person to make management more efficient. The Conformity solution is designed to provide the same level of visibility and control over on-demand applications that IT organizations expect with traditional packaged apps.  This will ease some of the concern that IT has over bringing new cloud applications into their business environments as they know there will not be compromises made in the areas of management processes, insight and control. Here is a sample user access screen.

Specific capabilities of the Conformity solution include user provisioning with centralized point of provisioning and deprovisioning of users accounts within cloud applications, and ongoing management of user permissions and authorizations. There is also role and profile management to enable organizations to centrally manage cloud application roles, profiles and permissions through normalized permission models, and maps policies to users and roles. Conformity also supports directory integration for Microsoft Active Directory, and is compatible with industry standards such as SPML, SAML and WS-Federation.

Approval workflows provide auditable cross-functional approval processes for users requiring new or amended access permissions, or role and profile changes. Directory integration enables organizations to seamlessly synchronize Conformity’s user repository with on-premise directory services. Compliance reporting provides reports required for effective preparation for audits for SOX, HIPAA, PCI and other regulatory mandates and standards. Usage analytics provides visibility, analytics and reporting on cloud application and license utilization and change management enables archiving, management and recovery of application configurations and role models.

There two types of reports. First, for public companies there are the compliance reports required by SOX including user access (shown below), user change, and the segregation of duties report that goes across applications. There is also usage tracking for financial monitoring purposes.

Conformity has also led the creation of an Enterprise SaaS Working Group, which it conceptualized and organized. This group of SaaS and cloud experts will share their perspectives on how enterprises can best leverage, and manage these new on-demand applications in their business environments.  They will discuss issues and corresponding best practices in the areas of: management and governance, security and compliance, and APIs and management access, Here is a recording of their first meeting.

I think that Conformity provides a much needed service to accelerate the adoption of SaaS applications. It should make IT organizations more comfortable moving to SaaS and enables organizations to better realize the savings and flexibility that SaaS offers.