Friday rant - cloud services account management is a joke
- Summary:
- Handling account service ownership and billing changes is a mess, Here's what we've found.
Over the last 10 or so years, the choice and number of services that can help businesses be more effective have mushroomed. Whether that's an email newsletter service, a needed website plugin, or just good old Office365, you can easily subscribe to any of thousands of services. But in many cases, service account management looks like an afterthought.
The well-known phenomenon of shadow IT in the form of employees obtaining subscription services on a corporate credit card is an understandable frustration for those who have to pick up the pieces. Apart from the 'WTAF?' reaction when IT gets its hand on services is a well-worn joke. What's much less of a joke is trying to get the account ownership of those same services transferred into the right hands. This is of prime importance when it comes to billing detail changes. It might be that a particular credit card or virtual card has been consistently used across services. Still, the person to which it is attached is moving out of their role or leaving the organization altogether.
Here's a selection of problems organizations of all sizes are likely to encounter:
Inventorying services
In a recent conversation, a CEO vendor told me that in a startup with which they were engaged, the business reckoned (but didn't exactly know) that the firm was using upwards of 120 service instances of one kind or another. It is all too easy to forget what you have in your technology landscape, a problem that's made worse when, as many firms do, they trial and use, then drop services. Or, they use services for a period of time and then forget to cancel the subscription.
Discounts and autorenewal
We've long been advocates of 'pay as you go,' but then many services offer attractive terms for longer subscription periods. So, for example, if you've found genuine utility in a service that provides a good discount in exchange for payment of a year upfront, then who's not going to take that? But what happens if, as is all too common, the service provider doesn't remind you that the subscription is due for renewal and automatically charges you. This may not be a problem for a popular service in use but can be a royal pain in the backside when there is a late change in the service provider. Again, it is all too easy to forget what's in the services storecupboard and then bingo! You're on the hook for something you no longer need.
The myriad of ownership models
You'd think that service ownership is an industry-standard with processes to match—au contraire. The ways in which you have to interact with a service provider's technical support are many and varied. Here are a few gotchas:
- No obvious way to change the account ownership credentials without going through technical support and an attendant email exchange.
- Submitting a change of account ownership request that gets lost in the tech support shuffle. This happens but is easy to overlook if you're making many changes at the same time.
- No obvious way to transfer account ownership to an existing user who already has admin rights. This is a bizarre one where you end up in what appears to be the IT support equivalent of running in circles as you click on My Profile, Account Settings, Billing Info, and back again in a vain attempt to find what you need.
- Changing ownership rights simply by changing the account owner's email address. This is especially nasty because there is often no linked requirement to provide a fresh password. That often means manually assigning a new password that the new owner has then to change to one of their choosing in order to keep the account secure.
- Multiple simultaneous logins on account holder change. This is a good one that demonstrates appalling security. First, you change the target user admin rights so that they gain account ownership rights. This is done while the account owner is logged in. It may also include a change of password, which is done separately from the contact details. At this point, you'd want to check that the target person does have the kind of access you want, so you initiate a call and walk them through the new credentials process. All the time, you're logged into the account, albeit with changed credentials, because guess what? The system didn't log you out when you made the account detail changes. Lo and behold, your target user can long simultaneously with no error message or alert. This is surprisingly common and begs the question - just how secure is the service in the first place?
- Inadequate or outdated documentation that triggers a tech support request. Check into any service you use and type 'ownership change' or 'account owner' into the help section and see how far you get. Too often, the information you need is undocumented or vague.
- The suggestion is that you use a generic email address such as dbadmin @... so that ownership doesn't have to change. That might be a way forward, but you still have to think about password security when the person tasked to administer accounts changes.
- Account details can be changed manually but without confirmation from the new account holder that they are an authorized person. This may not matter in a small or owner-managed business where the number of people involved is relatively small but imagine what it's like in a business with, say, 500 people, all of whom have access to services and who have also bought in their own services.
BIlling whack-a-mole
It follows from the above that many services don't seem to care so much for rigor in their billing processes. As long as they can suck money from a credit card, they're good to go. Many services do not have any degree of automation that allows for linking the service payment and invoice back to your accounting system. This, to me, is table stakes in the 21st century, but there are plenty of gotchas here too.
- If you use a third-party service to capture billing and expense information - say a ReceiptBank or Expensify - then it would be great if the functional services you use provided the ability to have multiple email addresses for those who are account holders and the processing service email address. That's not as common as you might think. Very often, a service provider only allows one email address for account holder information, which is no good at all.
- Some service providers don't issue invoices but only provide a receipt. I suspect this falls foul of local compliance requirements.
- Others will send an email with an invoice attachment. In these cases, you have to forward the invoice to the third party expensing service. It's not a huge hardship and, you can argue, acts as a reminder of what you're paying for. Even so, it represents friction.
- Others will send an email with a link to find the invoice that you then have to download and process manually. Ahem.
My take
Name me a tech vendor and I'll tell you with almost guaranteed certainty that they'll have the expression 'digital transformation' tattooed on their marketing materials somewhere. What that expression means is always open for discussion, but in my world, that starts with digitizing services and automating processes. You'd think there's enough by way of API hooks out there to make it easy but not in the area of service account management. There is no consistency of approach which I find ironic because this is an administrative function that ought to be standardized horizontally.
Having gone through the process of account ownership change across a dozen or so services, I can say that the amount of time spent solving account ownership and billing transfer is all over the map, with surprises at every turn. It should not be this way.
You might ask - isn't there an app for that? Not that I could find. If you know better, then hit me up because this is one problem that should be solved.