I started off the new year engaged on a project to assist a cloud-oriented service provider with some risk analysis, with a large side of compliance obligations. Going over this organization’s environment and looking at the substantial efforts they had already made, I was struck with just how different enterprises are in terms of their compliance challenges. While many software-developing companies and cloud-based organizations have to contend with managing a sprawl of micro-services, dissolved network boundaries that would strike fear into an on-premise firewall engineer’s heart, and a deployment speeds that singe the eyebrows of big company change control boards, the cards are often stacked in favor of these young Turks.
While many successful software as a service platforms offer one or two major product lines, each of which is designed, built, and operated by development teams within those same business, the typical enterprise is comprised of hundreds of distinct commercial off the shelf applications, ranging from huge monolithic legacy applications, to two-folks-in-a-garage specialty programs, to everything in between. A SaaS company may be fighting for survival, but an enterprise is fighting to make the simplest elements of interoperability between organizations, working in an environment where cultural and technical ossification often runs rampant, and with constant pressures for growth and extreme performance under a host of regulatory regimes.
Neither organization type is inherently “better” than the other. In fact, I often go on (and on and on, if given the chance!) about the need for finding ways of bridging the gaps between these two poles. Many are far too quick to dismiss enterprise shops, perhaps condemning themselves to repeating the same mistakes. How much better to have a bit of sympathy, and some taste, for the modern enterprise and its well-learned politesse.