SaaS management is the practice of managing SaaS applications to effectively improve security and optimize costs. As with any practice, it requires a combination of people, process and tooling. Organizations can use a SaaS management platform with their own staff or leverage a managed service provider who uses SaaS management tooling.

Why do organizations need SaaS management?

The main reasons why organizations need SaaS management is to identify risk and reduce spend.

Security: It is IT’s responsibility to check if the SaaS provider has good security policies in place, but if IT has no knowledge that a vendor is used throughout the organization, they are unable to do these critical security checks. Because SaaS is easier to buy and use, most spend for this application type is done outside of the IT purview and budget, which means IT has little to no awareness of these applications. This leaves the organization at risk because end users may be using insecure passwords or uploading company or customer data to these applications.

Compliance: Another risk is being out of compliance with data privacy regulations. There are a growing number of international and national regulations and failure to comply can result in exorbitant fines (e.g. HIPAA, GDPR, etc.). As a result of these regulations, it’s often critical that IT understand where it’s data is being stored or leveraged, in the event of any issues with vendors that mishandle its sensitive information.

Cost Reduction: Application sprawl is a common result of shadow SaaS. When individual users or business units purchase software outside of IT’s approval or purview, redundancies occur. Without well-defined policies in place to check on license allocations and usage to reduce or reclaim licenses, organizations can end up buying more than what is need.

Who in my organization cares about SaaS management?

If you ask who is responsible for managing SaaS applications, there is a difference in opinion between IT leaders at the manager/director level versus the executive level, according to a recent Snow survey of IT leaders.

While security is the top priority for SaaS management among IT leaders, the security function was not well represented in terms of being a responsible party to managing SaaS applications. Historically, IT asset management (ITAM) and software asset management (SAM) teams have been focused on license compliance and cost reduction, not security. Given what’s on the line, it is important to understand if the team responsible for SaaS management at your organization is looking at all aspects of SaaS management.

Here are typical roles in your organization who care about the effective management of SaaS applications.

SaaS management platform capabilities

To reduce costs, identify risks and streamline processes, you should consider the following capabilities in a SaaS management platform (SMP).

SaaS management benefits

Depending on your organization’s goals, you may value some benefits more than others.

Optimizing subscription costs 

Subscription cost avoidance 

Maximizing value of contracts and enterprise agreements 

Reducing risk of data leaving the company or unauthorized data use 

Save time in preparing for renewal conversations  

SaaS management versus software asset management

If your organization has a software asset management function, you may be asking, “What’s the difference between SaaS management and software asset management?”

These disciplines are very similar, however, with SaaS, some aspects of the software asset management lifecycle need to be adjusted. Because a large percentage of SaaS applications are purchased outside central IT, monitoring usage of SaaS applications and sharing this information across the organization becomes more critically important to identify risk and control SaaS sprawl.

Lifecycle ProcessOn-Premises SoftwareSaaS ApplicationsSaaS Impact
Requisition – The process for identifying and requesting software. Centralized purchasingSometimes decentralizedIdeally, you can provide the business unit with a list of authorized software and allow them to request licenses.
 
Procurement – The process for purchasing software. Centralized purchasingSometimes decentralizedIf the above doesn’t exist, expect redundancies or multiple subscriptions for the same application.
Deployment – The process of installing software and provisioning licenses. Automation tooling + patching and upgradingAutomation tooling to provision licensesLess work is required to maintain SaaS apps, but IT still needs to ensure permissions are provisioned for SaaS.
Support/Monitoring – The process of tracking software usage and entitlements; this includes renewal negotiations and payments. Orgs can use an agent (or third-party tool like SCCM) to detect installations & reconcile those to entitlements.Orgs need a broader level of discovery to understand SaaS application usage in the organization.New methods are required to capture SaaS usage in the org to identify risk, distributed spend and waste from inactive users.
Retirement – The process for removing software that is no longer needed or transferring the software/license from one location or individual to another location or individual. Leveraging data, orgs can uninstall software and re-harvest unused licenses to prevent over-buying.Leveraging data, orgs can uninstall software and re-harvest unused licenses to prevent over-buying.

SaaS management versus IT management

IT management is focused on the monitoring and administration of an organization’s technology including hardware, software and networks. The goals of IT management are to ensure technology performs well to support business services, and that technology operations are run efficiently. A related term for SaaS applications is observability. Observability is the ability to measure a system’s current state based on the data it generates (logs/metrics/traces) to understand if it is performing according to expectations.

As stated previously, SaaS management is the practice of managing SaaS applications to effectively improve security and optimize costs.

SaaS management, IT management and observability all have a common goal of improving IT efficiency by reducing costs, allocating the resources required to support business services and automating processes. When there is a problem with a SaaS application, employees normally call IT. IT is then on the line to triage the problem and work with the vendor to report the issue. IT management can benefit from SaaS management by having an understanding of all the applications used in the environment, so these applications can be secured or reduced to free up IT resources to support mission critical applications.