The Heavy Price of “Free” SaaS Applications
As organizations continue to adopt SaaS applications at an accelerating pace, there’s a growing focus among IT leaders on cost optimization to eliminate the waste associated with SaaS subscriptions. Gartner® estimates the average company wastes 25% of their SaaS spend on licenses that go unused.
But what about free SaaS applications? Employees routinely download free SaaS applications and incorporate them into their daily work. However, given the millions of dollars that organizations are spending to purchase SaaS, it can be tempting to overlook the free apps that aren’t directly impacting the bottom line – not yet, at least.
Unfortunately, free SaaS applications can ultimately lead to a heavy price tag. Security breaches, regulatory fines, data loss and unexpected license costs are all potential outcomes of unmonitored, free SaaS use.
The challenges surrounding free SaaS apps
Getting a handle on free SaaS use in an organization’s IT environment is easier said than done. Almost by definition, free apps are accessed outside of IT. In fact, they’re often accessed outside of the business unit and are simply the result of individual users or groups of users deciding to download software.
Even if an organization is leveraging a SaaS management platform (SMP), there’s no guarantee they’ll uncover free SaaS applications. Most SMP discovery methods have a blind spot when it comes to free SaaS.
Financial records, for example, are a source of discovery for many SMPs. The platform connects to an organization’s procurement or accounts payable systems and looks for keywords associated with known SaaS vendors. But if you’re not paying for the app, it’s not going to show up on an expense report.
Single-sign-on (SSO) connectors are another popular discovery method. Data from this source shows logins for known applications that are accessed via an SSO platform, such as Okta or Microsoft Azure AD. However, free applications used without the knowledge of IT aren’t going through an SSO platform.
Finally, like SSO discovery, API connectors to vendor portals are useful for getting information on apps IT already knows about. They’re not going to provide any information on free apps downloaded without IT’s awareness. Despite best efforts to manage their SaaS, organizations are still left in the dark, and that leaves them vulnerable to a host of risks.
Security vulnerabilities
Security is a concern with any cloud software, but when IT is aware of the application, it can take steps to mitigate the risks. Adding the application to an SSO platform is a great place to start. As mentioned above, however, free SaaS apps aren’t going through an organization’s SSO for access. That means users are selecting their own passwords, which are often weak and present attack vectors for would-be hackers.
Another potential security vulnerability comes in the form of misconfigurations. SaaS apps have multiple settings options to control admin privileges, data protection, encryption and more. A single misconfiguration can dramatically increase the risk of a security incident.
Data concerns
Protecting the data and privacy of employees and customers is the thrust of numerous laws that vary by geography and government entity. To ensure compliance, it’s imperative to know what data is being shared with your software vendors and what policies those vendors have in place to handle and protect data. Steering clear of regulatory missteps is a shared responsibility between customer and vendor, and if you’re not aware of all the vendors with access to your data, you can’t possibly ensure those responsibilities are being met.
Then there’s the issue of data ownership and what happens to your data when you decide to no longer use the app. Is there a process for retrieving it? Does the vendor have the right to retain the data? Answers to these questions are found in the service-level agreement (SLA), but you’re not able to review the agreements for vendors you’re not aware of.
Unexpected costs of free SaaS apps
Most SaaS applications that are free are only free up to a point. Once some predefined threshold is met, the vendor expects to be paid for the software.
For example, some apps are free for personal use, but there’s a requirement to pay for commercial use. Consequently, if an employee uses a free app at home and later begins using it at work, perhaps even converting some colleagues, you could be exposed to unexpected license costs.
Many SaaS vendors offer a freemium pricing model where certain minimal functionality is offered for free, but additional functionality comes at a price. After using the free features for weeks or months, employees often realize that additional functionality is required to meet business objectives. After investing so much time and energy in the app to that point, transitioning to an alternative can be more costly than paying the original vendor.
What are organizations supposed to do?
Fortunately, there’s a solution to these challenges, and it starts with visibility. Simply being aware of the free SaaS applications in your environment allows you to get ahead of these issues, address any data and security concerns before they pose a problem, and prevent unexpected licensing costs from busting the budget. Contact us now to get started.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.