International 
Politics 
Local 
Finance 
Sports 
Entertainment 
Lifestyle 
Technology 
Literature 
Science 
Health 
1 month ago
9
Casey Carlton is Head of Technology Operations at Treeline, an a16z-backed company transforming the managed services industry.
getty
A decade of building IT orgs at high-growth startups taught me that the problem is almost never what executives think it is.
The first thing I did when I joined one of my previous companies was audit the SaaS environment. The company had fewer than 300 employees. What I found was over 400 active SaaS applications—most of them redundant, many of them unowned and almost none of them centrally managed. Nobody knew what they were paying for. Nobody knew who had access to what. And nobody, until that moment, had thought to ask.
That’s not unusual. That’s the norm.
At every company I’ve built IT for, the pattern is the same: IT is treated as a reactive function until the moment it becomes a crisis. And by then, the cleanup costs far more than prevention would have.
The Ghost Access Problem Nobody Talks About
During that same audit, I found something that should have kept the executive team up at night: former employees and contractors still had admin-level access to critical infrastructure—months, in some cases, after they’d left the company. Salesforce. AWS. Code repos. Financial systems. People who had moved on to competitors. People the company had parted with on difficult terms.
This isn’t a security edge case. It’s an epidemic. The reason it happens is structural: offboarding is almost universally manual. Someone submits a ticket. Someone else processes it—eventually. In the meantime, access persists. And in a world where a single compromised credential can trigger a breach that costs millions and ends careers, “eventually” is a liability.
The traditional model doesn’t solve this; it adds a technician who processes the ticket slightly faster. What actually solves it is automation—access revocation is triggered the moment an offboarding event fires in your HRIS, with zero manual steps required and a full audit trail for your next compliance review.
What "Days To Minutes" Actually Means for Your Business
When I rebuilt the onboarding workflow at one of my previous companies, we took new employee time-to-productivity from multiple days down to under an hour. Laptops shipped before start dates. Accounts provisioned automatically. Access scoped to exactly what the role required, applied the moment the offer was countersigned.
The reaction from leadership wasn’t “great work.” It was, “Why didn’t we do this sooner?” Because the metric they’d been tracking—ticket resolution time—was the wrong metric entirely. The right metric is how fast a $150K-a-year employee becomes fully productive. Multiply even a two-day improvement across 50 hires a year and you have a six-figure impact that shows up nowhere in the IT budget conversation and everywhere in business performance.
The traditional model was designed to close tickets. Not to ask whether the ticket should have existed in the first place.
The Exec Who Almost Killed the Wrong Tool
Early in one engagement, a CFO flagged a SaaS platform that looked, on paper, like an expensive redundancy. She wanted it cut. It was a reasonable instinct given what the invoice looked like in isolation.
Before the decision was finalized, I pulled the usage data. The tool had over 90% adoption across the organization—one of the highest of any platform in the stack. The teams using it had built workflows and integrations that would have taken months to recreate. Cutting it would have saved a modest annual fee and cost multiples of that in lost productivity and migration pain.
The CFO changed course immediately once she saw the data. But the more important lesson wasn’t about that specific tool—it was about what the moment revealed. Nobody had ever given her visibility into what the technology stack was actually doing for the business. IT had been reporting in tickets and uptime. Not in adoption, ROI or strategic dependency mapping.
That’s a leadership failure, not a tools failure. And it’s the clearest sign that the traditional model—where IT is a vendor relationship managed by finance and a support function managed by operations—has run out of road.
What The Next Model Looks Like
I'll tell you how that 400-app audit ended. Eighteen months later, we were under 80 applications. Every one had a named owner, a usage baseline and an automated renewal workflow. Provisioning and deprovisioning happened without tickets. The cost savings alone covered the entire IT function for the year. And for the first time, the executive team had a real-time view of what their technology stack was doing—and what it was costing them.
That's an operating model story masked as a technology story.
But here's what I want you to sit with: none of what I described in this article—the 400 apps, the ghost access, the CFO who almost made a six-figure mistake in the dark—is unique to the companies I’ve worked at. These aren't war stories from outliers. They're Tuesdays at most venture-backed companies operating right now.
The difference between the companies that fix it and the ones that don't isn't budget. It isn't headcount. It's whether someone within their organization has both the mandate and the operating model to treat IT as infrastructure rather than insurance, and whether leadership gave them that mandate before the crisis—not after.
After a decade of doing this work, I've stopped being surprised by the dysfunction. However, what still surprises me is how consistently the same investment—real ownership, automated workflows, visibility into what the stack is actually doing—produces the same result: a company that scales cleaner, moves faster and stops paying twice to fix what should have been built right the first time.
The companies that figure this out don't talk about IT as a function anymore. Those days are behind them. Instead, they talk about IT the way they talk about Product—as something that compounds.
The question is much less whether your company will actually get there. The question is will you get there on your terms or under pressure.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
English (US)