Software-as-a-service has transformed how businesses operate and innovate. SaaS technologies are game-changers, delivering new functionalities that support innovation for staff throughout an organisation.
But while SaaS is easy to adopt, it’s difficult to manage. As usage of SaaS applications grows rapidly, the complexities associated with it can grow greatly. IT staff may have a hard time identifying which applications employees have accessed, what they’re using, how they’re using them, what information (possibly including sensitive data) is accessible, and what security exposures they may create for an organisation. All of these are risks associated with SaaS sprawl that must be addressed before they grow to be unmanageable.
Today more than a third (37%) of IT professionals and executives report that “finding ways to optimise software use” is a “significant challenge,” as detailed in the Flexera 2024 State of ITAM Report. Now is the time to fold SaaS management into overall software asset management (SAM) and IT asset management (ITAM) initiatives.
1. Improve SaaS visibility
Many SaaS applications are easy to try, making uptake of them easy. Try-before-you-buy options, low initial pricing, flexible subscriptions, and appealing functionality are among some of the reasons users will seek them out. Frequently, staffers end up acquiring SaaS without going through their company’s centralised IT procurement process, even if the company has made it clear that IT purchases (including software licences) should go through IT.
Ideally, a company has comprehensive knowledge of all of its IT assets (including software and hardware), but this often isn’t the case. As applications proliferate, they become part of shadow IT – “any software, hardware or information technology…resource used on an enterprise network without the IT department’s approval, knowledge or oversight.”
Unsanctioned SaaS usage means that the company does not have critically important visibility into:
- How those SaaS applications are being used,
- How much is being spent on SaaS,
- The security risks that those SaaS applications may carry.
A SaaS management platform can help improve SaaS visibility and mitigate against common risks. Effective SaaS management initiatives require detailed usage data for complete visibility into the organisation’s IT landscape. A comprehensive discovery step reveals the sanctioned, unsanctioned, licensed, and free SaaS applications running anywhere in the company. Data must be accurate to support the overall IT environment and, subsequently, the efficacy of decision-making across the enterprise. The clarity supports effective management of security threats.
Improved visibility into SaaS not only helps mitigate sprawl and strengthen security; it can improve the bottom line. Clarity into highest-spend vendors (e.g., Salesforce and ServiceNow) can help with effective licence negotiations. The may be possible by optimising subscriptions and consolidating contracts, by reclaiming unused seats and eliminating redundant applications.
One of the largest gaps in visibility is the clarity of the data. Data is often pulled from sources that don’t go deep enough or have a normalisation process, yielding incorrect results, for example, identifying software as “Adobe,” rather than specifying “Adobe Acrobat.” The level of accurate, clear detail is important when gaining visibility.
Similarly, the ability to identify shadow IT can highlight areas staff may need new software that previously hadn’t been considered for purchase. The may indicate where additional budgetary commitments may be necessary (e.g., the growing reliance on generative AI services, like ChatGPT or Microsoft Copilot) to meet staff’s tooling needs and to help optimise their productivity.
2. Assign ownership of SaaS responsibilities
While SaaS applications are often easy for users to access and download, they’re difficult for an IT organisation to identify and monitor. The lack of a clear owner of SaaS procurement, management, and related responsibilities can lead to confusion and problems. Commonly these include inefficiency, overspend (often difficult to pinpoint), disjointed renewals, fragmented use across the organisation, security risks resulting from unsecure applications and data practices, and drains on IT resources when it’s time to remedy issues related to these purchases.
Rather than dealing with fragmented SaaS acquisition and the complications that often follow, organisations can improve their SaaS management initiatives by assigning ownership of SaaS responsibilities. A team dedicated to overseeing SaaS governance can set and maintain guardrails that manage risks and prevent SaaS sprawl.
As a business, you’re not going to stop SaaS spend or SaaS sprawl. But the next time the marketing team requires an XYZ service, a feature of a module from their favourite marketing campaigns, you can’t stop, block, or judge the decisions. The goal is to ensure teams are educated and helped to understand the total cost of ownership of the SaaS spend–not just the user licence costs.
Organisations looking to improve SaaS management should empower this team to oversee responsibilities, including:
- Enhancing application rationalisation, which is the identification of redundant IT applications to assess which to eliminate in order to minimise application duplication and the resulting expenses and risks,
- Preventing installation and use of non-compliant software,
- Ensuring accurate configurations of SaaS apps to minimize security risks,
- Unifying strategic efforts by ending the siloed purchases of SaaS to enhance business growth,
- Identifying the TCO of the SaaS spend vs the user license models,
- Improving the negotiations for licensing deals.
3. Improve SaaS governance
Effective governance of SaaS often proves to be challenging for many organisations. Gaps in control and standardisation for sourcing, procurement, and billing can leave the company exposed to risks. But overspend, security vulnerabilities, and the regulatory risks of possible data governance violations don’t need to become the norm, even as SaaS grows in popularity.
SaaS leaders can improve their company’s governance around SaaS through a variety of measures:
- Take a thoughtful look at your tech ecosystem and get to the root of why employees may be sourcing SaaS applications. Their needs may speak to a desire for innovation and a more agile approach to technology procurement,
- Prioritise the elimination of the disjointed, siloed SaaS usage and buying patterns that are so common today. Instead, amplify a unified vision for business growth that’s supported by a centralised approach to SaaS,
- Establish a regimented SaaS vendor sourcing process. Integrate a vendor scoring system that evaluates factors including data protection, encryption, and vendor reliability. In the instances when users still acquire applications without going through central IT, this structure will help ensure responsible sourcing,
- Empower your staff to understand the risks around unregulated SaaS usage – and the benefits of the visibility, security, and savings afforded by a more cohesive approach,
- Be certain that the organisation is compliant with data privacy regulations that govern the access and handling of data (including that of your customers and your employees).
Success with SaaS
You can be an ally who helps your business thrive. Identify and manage SaaS in an effective way. Rationalise and recognise how software is being used. Introduce new ways your business can innovate via good IT practice and governance, while enabling SaaS for your users.
The best course for success is to ensure good stakeholder communication, help them use good data to negotiate better deals, ensure that cost savings are documented across the business, and report back the success to your leaders. Remember, you can’t manage what you can’t see. It starts with visibility.