How to Choose a SaaS Management Platform

This guide will provide you with an overview of the key software-as-a-service (SaaS) trends, how those relate to SaaS management challenges and resulting capabilities organizations should consider as they look for SaaS management platforms. This guide can also provide you with key talking points when discussing the need for a SaaS management platform with your organization’s decision-makers.

SaaS trends impacting organizations

There are several SaaS application trends that can impact the feature set you may be considering for a SaaS management platform. Depending on other toolsets used in your organization, some of these trends may bring to light new requirements to mitigate risk and safeguard your organization.

SaaS platform packaging and pricing

• Bundles: Because of how SaaS applications are built, it is easy for vendors to change packaging and offer a few different bundles of their software based on the customer’s maturity or need. For instance, a trend we are seeing in more mature SaaS vendors is offering packages that meet the unique needs of vertical environments, often combining product and defined services packages.
  
  The volume of SaaS M&A is also driving growth in SaaS organizations. Despite economic uncertainty, the first half of 2022 SaaS deal volumes were second to historic high volumes seen in 2021. With microservices, SaaS vendors can quickly incorporate capabilities from these acquisitions into new packaging schemes.
• Price increases: Gartner^® has predicted that by 2025, the top 20 SaaS vendors will increase prices by more than 25%. This prediction does not seem far off as we’ve already seen many organizations over the last 18 months announce price hikes or price metric changes (e.g. the Oracle Java SE change). With increasing costs, it’s more important than ever to not over-buy or pay for licenses that will be rarely or never used. Additionally, as organizations migrate from on-premises to the SaaS version of applications, it is important to verify feature needs and not just ‘lift and shift’, as there are compounding effects to doing so.

Free trials and freemium models

Many SaaS vendors are leveraging free trials and freemium models to drive end-user adoption, in the hopes of it leading to an expansion opportunity down the road. The problem for organizations is the freemium model can often require end-users to expense the costs of these tools on their credit cards, as more and more capabilities are utilized. Free versions usually are launched without vetting the applications with their IT security team. There while there are many applications on the market that are free for individual users, it’s no longer free once a critical mass of users at the domain all on the software. This results in users either out of compliance, or surprised with a bill.

SaaS security

In late 2022, Snow Software surveyed 1,000 IT leaders and found the top issue with SaaS management is security. The main challenge with security for SaaS applications is the ease with which anyone can sign up for a SaaS application, use any credentials they decide, and upload any company data. Take for example Trello. According to this article, the “free” version of Trello actually claims IP rights for any content, code, and/or property shared within the app. How many organizations want their IP walking out the door?

Customer retention

SaaS applications are sold under subscription models and retention is critical to the vendor’s success. To ensure retention, vendors often offer customer success assistance, a technical account manager or health-check services. These services are designed by the vendor to ensure you are getting value from the software and to drive product usage or expansion. This is a great idea in practice, but it is important to know if all users are obtaining the same level of value or if it is a subset of users, so you are not paying for a higher level of subscription than what most users need.

Capabilities to look for in a SaaS management platform

The biggest challenge for managing SaaS applications is a lack of visibility. With frictionless SaaS trials, demos or purchasing, 80% of application spend is happening outside the purview of IT teams. The resulting impacts of having little to no visibility include:

• Security issues – you can’t protect what you can’t see.
• Redundant applications in use that impact spend and IT management complexity
• Over-spend and waste due to lack of visibility into how SaaS applications are used throughout the organization

Given these challenges, here are some of the recommended capabilities to seek out in a SaaS management platform.

Comprehensive SaaS discovery and SaaS usage data

There are multiple methods for discovering SaaS applications and we recommend using multiple methods to achieve your goals. Here’s an overview of each SaaS discovery method.

Browser extension

• SaaS applications detected: Using this method, you can detect tens of thousands of SaaS applications and get verified usage data (logins and time spent in the application) at the user level.
• Pros: This method is best for detecting shadow SaaS application usage, because you can also detect usage of free applications, which can be a huge security risk. Another benefit is this method does not require VPN connection.
• Cons: This method requires IT to push the browser extension to end-user devices.

Cloud access security broker

• SaaS applications detected: Like the browser extension, this method detects usage for thousands of paid and free SaaS applications.
• Pros: The primary use case for this discovery method is security. Security pros can establish policies to allow or disallow application usage based on identity, service, activity, application and data.
• Cons: This capability does not yet have widespread adoption. While this capability is great to detect SaaS usage for the security use case, it lacks capabilities for insights on cost optimization.  

Identity management connectors

• SaaS applications detected: Discovers usage for known applications going through single sign-on (SSO) providers like Okta or Active Directory by integrating with the SSO API.
• Pros: With this method, you can quickly detect usage details for multiple applications with one API connector.
• Cons: This method only detects usage for sanctioned applications going through your SSO provider. Usage details are generally limited to the number of applications or last login date and do not indicate for how long the application was used (metering data).

API connector

• SaaS applications detected: This discovery method connects to the vendor portal via API and can bring back details such as licenses allocated, last activity and other usage stats like meetings, calls, etc.
• Pros: This method is easy to set up.
• Cons: Data captured depends on what is provided by the vendor and this method only detects known applications.

Financial data

• SaaS applications detected: This method discovers known applications via financial records.
• Pros: By using financial records, you’ll gain an account of the total cost of SaaS application spend in the organization.
• Cons: This method does not discover free applications and does not provide usage data to determine if paid  applications are actively being used. It also relies on accurate data entry into financial systems.

Agent

• SaaS applications detected: Agents are useful for understanding hybrid application usage when married with other SaaS usage detection methods. Hybrid applications are those that can be used online or locally, such as Microsoft^® 365 or Adobe Creative Cloud.
• Pros: Agents are great for understanding on-premises and hybrid application usage when married with other SaaS discovery methods.
• Cons: This method does not discover web-only SaaS usage.

Data normalization and augmentation engine

Data recognition and normalization services provide complete normalization of SaaS applications, clearly identifying important information such as manufacturer, application name, SKU, license metric, license requirement, suited or bundled application, and UNSPC (application type).

The value of having a verified application database is if you are using multiple data sources to manage your SaaS applications, you’ll be able to normalize and reconcile this data into a logical view. Without an engine that can recognize, augment and clean data from multiple sources, you’ll have to spend hours manually reconciling data to ensure accuracy.

And with data augmentation, you’ll be able to bring in additional details, such as application type, to help you perform important analysis, such as application rationalization.

Ability to match costs to allocated SaaS licenses and SaaS usage

Once you bring in cost and usage data, you can combine these sources to start identifying optimization opportunities. Optimization impact will vary, depending on data sources used.

• Identify unallocated license waste: Have you purchased licenses that are not even allocated? This can be identified with financial records and simple discovery methods like API and SSO connectors.
• Identify unused license waste: For allocated licenses, are they actually being used? To get this level of detail you’ll need to leverage SSO, CASB and/or browser extension methods.
• Identify waste in premium tiers: Depending on the level of discovery, for some applications you can detect usage of premium tiers and possibly downgrade to a less expensive tier. For example, Adobe Creative Cloud offers an all-apps plan vs. a single-app plan.
• Identify waste from redundant applications: Report on application usage by type to identify opportunities to standardize on fewer applications and simplify your application catalog and related management of applications.

Flagging risky applications and monitoring usage

• Find risky applications: If your organization has denylisted certain applications, report actual usage against denylisted applications so that teams can point additional security education at specific individuals or departments. By discovering paid and free SaaS applications that are not going through your SSO, you can also identify applications that may require investigation by your team.
• Determine application candidates for SSO: With usage data of installed and SaaS applications, you can quickly identify applications widely used throughout your organization and bring those under your SSO platform to improve application security through stronger passwords.

Other considerations when choosing a SaaS management platform

Your organization’s business priorities: When identifying the must-have requirements for your SaaS management platform, align to your organization’s top priorities. According to a survey of IT leaders, the top C-suite initiatives in 2023 include optimizing IT costs and reducing security risks.

• Hybrid IT environment support: According to Gartner, spend on SaaS applications was 11% of the total IT budget, compared to 18% for on-premises applications. If your organization has a mixed environment – on-premises applications and infrastructure, SaaS applications and IaaS — it may be ideal to look for a vendor who can help provide visibility and insights across all technology domains.
• Global support: Because SaaS management is such a big problem, the number of SaaS management platform (SMP) vendors has exploded. Many of these vendors only serve certain countries or size organizations. If your organization is global, either through organic growth or via M&A, it is important to choose a vendor who can support your current and future requirements.

_{GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.}