SaaS management is the practice of managing SaaS applications to effectively improve security and optimize costs. As with any practice, it requires a combination of people, process and tooling. Organizations can use a SaaS management platform with their own staff or leverage a managed service provider who uses SaaS management tooling.
Why do organizations need SaaS management?
The main reasons why organizations need SaaS management is to identify risk and reduce spend.
Security: It is IT’s responsibility to check if the SaaS provider has good security policies in place, but if IT has no knowledge that a vendor is used throughout the organization, they are unable to do these critical security checks. Because SaaS is easier to buy and use, most spend for this application type is done outside of the IT purview and budget, which means IT has little to no awareness of these applications. This leaves the organization at risk because end users may be using insecure passwords or uploading company or customer data to these applications.
Compliance: Another risk is being out of compliance with data privacy regulations. There are a growing number of international and national regulations and failure to comply can result in exorbitant fines (e.g. HIPAA, GDPR, etc.). As a result of these regulations, it’s often critical that IT understand where it’s data is being stored or leveraged, in the event of any issues with vendors that mishandle its sensitive information.
Cost Reduction: Application sprawl is a common result of shadow SaaS. When individual users or business units purchase software outside of IT’s approval or purview, redundancies occur. Without well-defined policies in place to check on license allocations and usage to reduce or reclaim licenses, organizations can end up buying more than what is need.
Who in my organization cares about SaaS management?
If you ask who is responsible for managing SaaS applications, there is a difference in opinion between IT leaders at the manager/director level versus the executive level, according to a recent Snow survey of IT leaders.
While security is the top priority for SaaS management among IT leaders, the security function was not well represented in terms of being a responsible party to managing SaaS applications. Historically, IT asset management (ITAM) and software asset management (SAM) teams have been focused on license compliance and cost reduction, not security. Given what’s on the line, it is important to understand if the team responsible for SaaS management at your organization is looking at all aspects of SaaS management.
Here are typical roles in your organization who care about the effective management of SaaS applications.
- ITAM/SAM team: The ITAM/SAM team is responsible for optimizing the software asset management lifecycle which includes requisition, procurement, deployment, monitoring usage and entitlements, and retirement. As SaaS purchasing has become decentralized and enterprise software has largely moved to the cloud, the SAM lifecycle has broken. Most organizations procuring SaaS software often stop at deployment, and software asset management professionals normally learn about the purchase when the renewal bill is sent. This is why capabilities of most SaaS management platforms start at discovering usage and entitlements. With SaaS management, SAM teams can help distributed procurement teams fix the SAM lifecycle by providing visibility of software used across the organization.
- Security: The security team is heavily invested in understanding where company data is stored and if it is secure. They cannot answer this question without an understanding of all the paid and free applications used by employees. Most security tools on the market today, with the exception of cloud access security brokers, fail to provide visibility into SaaS applications.
- IT Operations: When there is a problem with application performance, IT Operations needs to investigate and respond. When an employee joins or quits, IT Operations is often responsible for provisioning the license and correct permissions. IT owns the budget for a significant chunk of business operations applications, such as Microsoft® 365, project management, IT monitoring and telecommunications software. As such, IT would benefit from SaaS management by understanding if licenses are being wasted, if applications and related complexity can be removed, and if application license provisioning/reclamation can be automated.
- Procurement, sourcing and vendor managers: This team works with vendors to include selecting different services, negotiating contracts, and evaluating performance. Vendor managers will review contracts to determine if the vendor is providing expected value, cancel contracts for vendors no longer needed, and research and evaluate vendors when new products and services are required. Vendor managers would benefit from SaaS management to determine if there is a vendor already used by the organization and to check if the organization is getting the best value from their vendor by comparing licenses spent versus licensed used.
- CIO: SaaS management helps IT reduce complexity so that key IT initiatives can be addressed more quickly. When organizations are able to minimize application sprawl, IT has fewer support cases, fewer security risks and lower costs in terms of license costs and integration costs.
- CFO: Large and new purchases are being scrutinized even more by CFOs. A SaaS management platform would help the CFO have peace of mind that they’re not over buying during renewal time or paying for multiple applications that do the same task.
SaaS management platform capabilities
To reduce costs, identify risks and streamline processes, you should consider the following capabilities in a SaaS management platform (SMP).
- Discovery: The SMP should be able to discover the presence of sanctioned and unsanctioned SaaS applications from various sources such as single-sign-on applications (like Okta), cloud access security brokers, browser extensions, vendor portal APIs and financial records.
- Usage details: To determine value received, it is critical to understand usage details at the user level. Usage details can include at a basic level, last log-in date ,and more detailed information, such as average hours/minutes per session, which are features used to identify downgrade opportunities from premium tiers.
- Contracts and subscription management: This capability will help you capture the cost of SaaS applications, when the subscription is due for renewal, if you are able to consolidate subscriptions across business units with better terms, and so on.
- Data recognition, normalization and augmentation: This capability helps you bring in SaaS data from multiple discovery sources and automatically normalize software titles, vendors, SKUs and so on.
- Cost optimization: With the usage and financial data captured, some SMPs provide insights into how much you can save by optimizing licenses against actual usage, against licenses allocated or optimizing for redundant applications.
- Reporting against unsanctioned applications: After IT has vetted SaaS application acceptance, you can mark these applications sanctioned or unsanctioned and then report usage against unsanctioned applications to inform the security team who needs additional security training.
SaaS management benefits
Depending on your organization’s goals, you may value some benefits more than others.
Optimizing subscription costs
- Identify unused licenses or convert expensive licenses to less expensive licenses based on user needs.
- Cost optimization can also be achieved by identifying redundant applications and streamlining the number of vendors and applications in use. How many messaging platforms are you using? Are there multiple file sharing systems in use throughout the organization? In addition to subscription savings, there are also management savings associated with reducing the number of vendors and applications in use (help desk ticket reduction, etc.).
Subscription cost avoidance
- This can be achieved by continuous monitoring of subscription usage so that you don’t get an unexpected bill. When you consistently re-harvest unused licenses, you may not need to buy additional licenses when new users are added.
Maximizing value of contracts and enterprise agreements
- Sometimes vendors won’t let you reduce spend, but if you can argue that you are not getting value in one area, you might be able to secure use of another application that would be included in the contract, free of charge.
Reducing risk of data leaving the company or unauthorized data use
- This risk can be quantified by the number of applications in use versus the ones stationed by IT. You might be shocked to learn how many free and unauthorized applications are used in your own organization.
- According to an IBM 2022 study, the average cost of a data breach is $9.44M for US companies. In addition to actual remediation costs, data breaches damage revenue potential due to loss of trust and disrupt an organizations’ strategic objectives with so much time and attention devoted to remediating the issue.
- Another risk is being out of compliance with regulations (GDPR, HIPAA, etc.). For example, healthcare organizations must obtain a business associate agreement from providers who store, create, receive, maintain or transmit protected health information (PHI). The business associate agreement provides assurances of how the provider will safeguard PHI data. To obtain this agreement, organizations must know about all applications employees are using that are storing, transmitting, creating and receiving PHI. There are numerous examples of organizations being fined for not assessing provider risk by obtaining a business associate agreement.
Save time in preparing for renewal conversations
- This can be measured in time and number of steps it takes to prepare for a renewal negotiation versus what it would take using an automated SaaS management solution.
SaaS management versus software asset management
If your organization has a software asset management function, you may be asking, “What’s the difference between SaaS management and software asset management?”
These disciplines are very similar, however, with SaaS, some aspects of the software asset management lifecycle need to be adjusted. Because a large percentage of SaaS applications are purchased outside central IT, monitoring usage of SaaS applications and sharing this information across the organization becomes more critically important to identify risk and control SaaS sprawl.
|Lifecycle Process||On-Premises Software||SaaS Applications||SaaS Impact|
|Requisition – The process for identifying and requesting software.||Centralized purchasing||Sometimes decentralized||Ideally, you can provide the business unit with a list of authorized software and allow them to request licenses.|
|Procurement – The process for purchasing software.||Centralized purchasing||Sometimes decentralized||If the above doesn’t exist, expect redundancies or multiple subscriptions for the same application.|
|Deployment – The process of installing software and provisioning licenses.||Automation tooling + patching and upgrading||Automation tooling to provision licenses||Less work is required to maintain SaaS apps, but IT still needs to ensure permissions are provisioned for SaaS.|
|Support/Monitoring – The process of tracking software usage and entitlements; this includes renewal negotiations and payments.||Orgs can use an agent (or third-party tool like SCCM) to detect installations & reconcile those to entitlements.||Orgs need a broader level of discovery to understand SaaS application usage in the organization.||New methods are required to capture SaaS usage in the org to identify risk, distributed spend and waste from inactive users.|
|Retirement – The process for removing software that is no longer needed or transferring the software/license from one location or individual to another location or individual.||Leveraging data, orgs can uninstall software and re-harvest unused licenses to prevent over-buying.||Leveraging data, orgs can uninstall software and re-harvest unused licenses to prevent over-buying.|
SaaS management versus IT management
IT management is focused on the monitoring and administration of an organization’s technology including hardware, software and networks. The goals of IT management are to ensure technology performs well to support business services, and that technology operations are run efficiently. A related term for SaaS applications is observability. Observability is the ability to measure a system’s current state based on the data it generates (logs/metrics/traces) to understand if it is performing according to expectations.
As stated previously, SaaS management is the practice of managing SaaS applications to effectively improve security and optimize costs.
SaaS management, IT management and observability all have a common goal of improving IT efficiency by reducing costs, allocating the resources required to support business services and automating processes. When there is a problem with a SaaS application, employees normally call IT. IT is then on the line to triage the problem and work with the vendor to report the issue. IT management can benefit from SaaS management by having an understanding of all the applications used in the environment, so these applications can be secured or reduced to free up IT resources to support mission critical applications.
EVERYTHING STARTS WITH VISIBILITY Snow SaaS Management
Snow SaaS Management delivers unmatched discovery capabilities. Shine a light on your SaaS environment to discover all your applications that would otherwise go unseen. Leverage verified usage data to effectively optimize and govern your entire SaaS portfolio – known, unknown, paid AND free apps – with Snow SaaS Management.LEARN MORE