It is awfully tempting to transfer the plug & play mindset to all things.
You start by adding one new tool to fulfill a specific need, then you integrate one solution because the teams is asking for it (or demanding it), and you end up with piled up services and absolutely zero clue on its toll on your systems’ architecture.
Although each add-on brings an amount of complexity to your information system. Alongside this complexity, the risks of breaches rises.
In 2012, Google learnt the lesson the hard way. A simple change in the Wi-Fi password generated a cascading failure situation for its internal password management system.
Said system was only able to restart after the intervention of an engineer. They had to powerdrill open a safe located in Australia to get access to a chip card.
What was the root of this situation? A system complexified over time by knotty dependencies and opaque recovery processes.
Design simplicity is not a cosmetic fad. It is a strategic bedrock, ever more in a context where centralisation of SaaS tools is capital.
Nobody wakes up on a random day to choose and build a complex system.
As stated in the Building Secure and Reliable Systems guidelines of Google:
“Complexity often accumulates inadvertently, but this can lead to tipping-point situations where a small and apparently innocuous change has major consequences for a system’s reliability or security.”
Let us look at a concrete example: in October 2018, Youtube suffered a global failure for over an hour because of a minor change made to the logging library.
This - apparently - innocent change passed all tests before being pushed to production.
What developers did not consider at that time was the scale of fallout this little change would have. On a platform such as YouTube, the little change quickly got server memory full.
In a SMB with many SaaS, this phenomenon happens all the time.
Each new integration, each additional connection between tools creates invisible dependencies.
They remain invisible until one some update throws it all to light by producing an unprecedented domino effect.
“Keeping system design as simple as possible is one of the best ways to improve your ability to assess both the reliability and the security of a system.” Says Google in their guide.
A simple design offers three direct benefits:
Owning less tools decreases the number of potential entryways to your IS’s vulnerabilities. Each additional SaaS to your stack is a entry point to be made secure, up-to-date, and monitored.
In a fragmented SaaS environment, all tools interact in an opaque manner. The simpler your architecture is, the less you are exposed to accidentally discovering buggy interactions between tools.
When a crisis happens, simplicity is of the essence to handle it. If your team wastes time browsing through 20 tools to make out how failure occurred, it means you are not using this time to treat fallout.
Centralising your SaaS is not priorly a topic of operating costs or usability. It boils down to simplifying your information system.
Instead of managing more than 10 messaging and collaboration tools, 3 project planners et 5 other SaaS for cloud storage, centralising enables to sensibly decrease the number of elements in place and their interactions.
Practically speaking, this is equal to:
Simplifying your information system is a means to improve your day-to-day operations efficiency. This is the way.
Once it is time for a coworker to leave the company, its access management and retrieval can take a few seconds when everything is centralised.
The same goes for onboarding a newcomer, you ease out their learning curve and shorten the time they will need to focus on their work.
When faced with a security breach, you can quickly act and contain damages if your architecture is clear to you.
Design intricacies are not a fatality. You can prevent them and gain strategic leverage to protect your assets and data from accidents they create.
Being able to take in the tools you need without indulging in the new, superficial plethora of software the market offers is a critical skill to maintain.
