Best practices for SaaS management
October 8, 2024
9 minute read
Like a captain of a ship, managing your techstack requires skill, data, and reliable tools to achieve success.
In the vast ocean – I mean SaaS landscape, is full of applications with their own unique capabilities and challenges that IT addresses. To ensure your organization stays on course and avoid pitfalls
If your SaaS stack is becoming unmanageable, let’s get you back on track with our list of the top twelve best practices for SaaS Management. Broken down into each core focus, we can help you not only become better organized but also communicate more effectively with the C-Suite.
Where are we with SaaS Management in 2024/2025?
Every year we interview IT professionals to gain insight into the issues y’all face. We break down these stats by topic, priorities, and even by the types of automation adopters. You’re likely ready for streamlined SaaS Management – 23% of IT professionals are. When you download the report, you will see the trends we’ve spotted from Automation Leaders and Automation Fast Followers.
Automation Leaders in SaaSOps (44%) are seriously concerned about data security from unsanctioned apps. Moreover, these Automation Leaders (31%) are also concerned about the security of the apps themselves.
However, before their concerns can be addressed, SaaSOps folks are worried about visibility within the SaaS stack. They’re looking for solutions that can be automated, too, not just solved – on a case-by-case basis. With an average of 158 SaaS apps used by companies with a size of 5,000 employees or more, manual, reactive fixes just do not scale.
Companies don’t often understand the complexity of SaaSOps and how downsizing has affected the morale of IT. Imagine asking the accounting department to give up their double-entry accounting program and asking them to use green accounting paper to record entries like it’s 1950. We would never do that. But the advantage that accounting has over IT is visibility within the company to C-Suite as well. Visibility equals budget.
The only way to scale IT operations is to become efficient and provide a simple, unified workflow that can scale as the company adopts additional SaaS apps.
An efficient, unified workflow is the number one best practice for SaaS Management. Like white light through a prism, this one best practice can be broken down into its individual colors. SaaS Management best practices include automating onboarding, automating offboarding, eliminating SaaS sprawl, budgeting SaaS spend, increasing cloud file security, mitigating against Shadow IT, providing help desk solutions, automating mid-lifecycle changes, minimizing & consolidating SaaS overlap, gauging organizational UX, Streamlining SSO & MFA, as well as aligning with regulatory compliance.
Best practice 1: Automate onboarding
What is user onboarding? It’s more than introducing the user to the program. In the context of SaaSOps, user onboarding is the creation of a user account in a SaaS app, also called provisioning. These accounts are tied to work emails (that also need to be created). It may also include assigning a license to that user account. User onboarding also includes access controls for their role. New accounting clerks probably shouldn’t be able to delete banking accounts, right? Right.
Automating user onboarding is an important best practice in SaaS Management as it eliminates hours of mundane tasks that eat away at your IT budget. Not only that, but any delay in user onboarding impacts Day 1 productivity of new employees.
Onboarding users is one of the most grueling tasks for SaaSOps. So why don’t we automate it? Creating workflows with a handful of tools with hooks and triggers for 100+ SaaS apps itself would be a full-time job. We’re not going to lie – this is one of the best parts of BetterCloud as your SaaS Management Platform of choice.
“
As part of their offboarding workflow, licenses, such as those for Google, Dropbox, and OneDrive, are systematically revoked. Leveraging BetterCloud’s automation capabilities, the organization has implemented a seamless data backup system.
– Steve Foley
Best practice 2: Automate offboarding
The other side of the coin of automating user onboarding is automating user offboarding.
According to Novoresume almost 30% of the workforce changes jobs every year. This volume of user offboarding is not only costly to the company in terms of investment in hiring and onboarding an employee but also adds to the technical burden on IT and SaaSOps.
Being able to automate offboarding is a best practice for any SaaS management plan. When an employee is terminated or gives notice, HR needs to let IT know ASAP. Why? Their access needs to be immediately turned off – this can be a security risk if not done in a timely manner.
Does your organization have a user offboarding checklist to ensure that users are deprovisioned and licenses are reclaimed? Not many have one, to be honest. Most IT folks have a mental note that email account passwords need to be changed and users need to be deleted (deprovisioned), but there isn’t a formal if/then plan in place. And that adds to the possibility that steps will be missed. Missed steps are a security risk.
Given the severe security risks associated with delayed offboarding, automation should be a top priority.
“
No one wants to manually assign a license or deprovision users. As important as that is, entering first and last name is not a skill set that’s going to really grow a career. I wanted to take those tasks away and give IT back time to build skill sets and do something that they enjoy.”
– FIRST Case Study
Best practice 3: Eliminate SaaS sprawl
When was the last time your company took an inventory of the number of SaaS apps used throughout the whole organization? How about comparing the features and costs? How about auditing the number of users?
The proliferation of SaaS applications within organizations has created a complex technological landscape for IT to appropriately manage. Identifying the full scope of these applications is necessary to prevent significant security risks (aka shadow IT).
A lack of visibility into the tech stack can hinder effective security measures and expose organizations to potential vulnerabilities. Which is why many IT admins seek a unified dashboard.
A single pane of glass that can be a central repository for every application in your tech stack (known and unknown), identify overlapping features across multiple applications, and of course be able to document the entire provisioning and deprovisioning process for easy auditing. (Cough cough, that’s BetterCloud)
Best practice 4: Control and manage SaaS spend
A pressing component of SaaS management is managing software spend. Pressing because many in an organization, finance and procurement for example, are involved in software costs. As IT manages the tech stack, they’re an important voice when it comes to software spend management.
A best practice for SaaS management is managing software spend which is the other side of the coin of managing SaaS sprawl. How many SaaS apps is your organization using? You must be able to track them.
You know the saying, “if you can’t measure it, you can’t manage it.” Whether your organization has less than 500 members or over 5,000, the only way to manage any kind of budget is to manage it. So how do you measure SaaS spending?
You need a list of SaaS apps, features (to ensure there isn’t overlap), license renewal dates and costs, types of licenses, and number of users for each app. This doesn’t even account for the stakeholders for each SaaS app. If you’re using a spreadsheet to manage SaaS spend, you’d need so many pivot tables, that you’d need to take a dramamine for motion sickness.
There is a simpler way. Spoil alert: it’s BetterCloud.
“
SaaS spend continues to grow by 15-20% annually, as organizations maintain an average of over 125 different SaaS applications totaling $1,040 per employee annually.”
– Gartner
Best Practice 5: Increase cloud file security
With easy access to SaaS apps, you can imagine how that impacts cloud file security. You’re no longer using Microsoft Word on your work desktop computer like it’s 1999. Your organization probably isn’t even backing up your own data on an internal server like it’s 2016.
What makes SaaS so easy is precisely what makes it risky.
You’re saving money by lowering hardware costs (Chromebooks for everyone!) but who is protecting your company’s intellectual property (IP) from being shared outside of your org?
“
It’s common for the end user to not realize they may be sharing something they shouldn’t be. This way we can put file security front and center while enabling and empowering the end users.”
– Mapbox Head of IT, Security & Compliance
Best practice 6: Mitigate against shadow IT
If you’ve read this far, you can see that each of the twelve best practices we’ve listed are interconnected. It’s no different from mitigating against Shadow IT. We found that sanctioned apps have increased from 35% to 55% year over year. Though this progress is promising, it’s still a very low number. Any app that isn’t sanctioned falls into Shadow IT and is an inherent security risk.
But that’s the problem. If you can’t see it, you can’t track it. You need to have a system for mitigating against security risks. Aside from educating your department heads against seemingly innocent purchases, IT can’t onboard or offboard users, ensure compliance, or manage spend if they don’t know the app is being used.
For example, marketing may be running out of budget (doesn’t seem like a security issue), but that’s because they’re reimbursing employees for unnecessary and unsanctioned apps (this is a security issue). So how do you shed light on Shadow IT? You need a platform that alerts IT for every app connected to a work email.
It’s not a dream – it’s BetterCloud.
“
BetterCloud offers more granular alerting than what is offered through specific apps, such as being able to audit file security.”
– Hazlitt Van Goethem, Junior Site Reliability Engineer, Curve
Best practice 7: Provide HelpDesk solutions
A robust SaaS management plan also needs to account for the day-to-day tasks IT faces. One of the most frustrating tasks that face IT is responding to help desk tickets. In other words, questions that are emailed to IT.
- “Can I get access to HubSpot?”
- “How do I change my password?”
- “I lost my password.”
- “Is my password case sensitive?”
You told us that in 2023 only 20% of your tickets were closed and 42% of you want to reduce the number of tickets you have to answer. You may have even created documents to help prevent tickets. User experience, however, depends upon, well, the user. So, you have to meet them where they’re at – and they need help with passwords.
Besides tagging, assigning, and saving responses, a SaaS Management plan needs automated solutions to common help desk tickets – not just email the user with answers. And we all know that no one reads those emails. They just reply and create more tickets.
“
With automating a priority, 42% of respondents told us that cutting the number of help desk tickets is now the most important IT metric.”
– BetterCloud
Best practice 8: Automate mid-lifecycle user management
Your SaaS management plan likely includes provisioning and deprovisioning users. But what happens when they get promoted instead of laid off? How are you handling user access for employee transfers? These important mid-lifecycle user tasks need to be efficiently handled.
Not unlike automating onboarding users, mid-lifecycle changes should also be automated. You want to eliminate the Day 1 lag for promoted employees. Nothing is more frustrating to their experience than not being recognized during that process. Going beyond SOPs in an Excel Spreadsheet is the key. Automating mid-lifecycle user management is a key component of SaaS management best practices.
“
BetterCloud eliminates a lot of the errors that are bound to happen with humans doing the work.”
– Brandon Wolf, Senior SaaSOps Engineer, Gainsight
Best practice 9: Minimize and consolidate SaaS overlap
With tighter budgets and smaller IT teams, it’s crucial to consolidate SaaS overlap. In many ways, SaaS apps are like shoes. You can buy a lot of cheap shoes or a few good pairs. And when you’re finally tired of back problems, you’ll spend the money you need on a good pair. This is no different with SaaS.
How can IT inventory all of the features of every SaaS app in your organization? That would be a task of epic proportions – and you’d need more than one monitor. You may even be thinking, sure it’s a best practice to minimize overlap, but how practical is it? With automation and workflow, you can. If your organization uses Oauth, for example, BetterCloud can discover the app and let IT know if there is overlap.
“
Up from 40% the year prior, 53% of organizations report that they’re eliminated duplicate SaaS tools.”
– BetterCloud
Best practice 10: Gauge organization UX
The user experience (UX) is often forgotten when managing SaaS apps and more often left out of best practice SOPs. Your staff are the users and your organization could be wasting quite a bit of of budget and productivity.
Regularly polling users is key. Do they enjoy the app? Is the app solving their problem? Is it what they asked for? Are they even using it? If you’re not auditing the user experience of your SaaS stack, then you’re wasting money on unused licenses. And also, if they’re not using the sanctioned app, you have to wonder what they’re using instead.
“
IT plays a leading role in providing a great [user] experience. After all, they must run the best SaaS stack and make sure employees have access to all technology resources, data, and apps to get the job done.”
– BetterCloud
Best practice 11: Streamline SSO & MFA
An underrated best practice of SaaS Management is layering of security with SSO and MFA. Single Sign On (SSO) and Multi-Factor Authentication (MFA) are extra layers of security the protect users and access. Not surprising to many IT folks, however, SSO adoption remains low for small to medium size businesses, according to CISA.gov.
With a powerful SaaS management platform, Google can be the sign-on identity for employees allowing easy logins for users and worry-free nights for IT. You won’t have to worry about authenticator apps being deleted when staff are issued new phones, for example. You also won’t need to mitigate against the security risk of apps accessing your company data. Instead, with BetterCloud, simply set up a workflow and it’s just done. Not sort of done – done-done.
“
OAuth apps are a deceptively large risk to your SaaS environment.”
– BetterCloud
Best practice 12: Align With regulatory compliance
A best practice of SaaS management that is often overlooked is regulatory compliance. Regulatory compliance is aligning with the guidelines and laws that control your company – both internal and external. Each app that your company uses should fall within those guidelines. And the content that is published through those apps should also fall within those guidelines. That’s compliance.
So how does a large financial services firm control social media apps? How do medical offices protect patient privacy? How do schools comply with COPPA? How do companies ethically and legally consolidate during a merger? With compliance.
So what’s the problem? The problem with compliance in SaaSOps is that IT people are not lawyers. Instead, you need a system that helps automate content scans for keywords that come from corporate counsel.
“
As a publicly traded company, there are a lot of regulatory boxes we had to check off to make sure we were activating and deactivating employees properly. BetterCloud really streamlined everything for us.”
– M&A Case Study
SaaS Management best practices: Your wishlist turned checklist
What if SaaS Management Best Practices wasn’t just a wishlist on a subreddit but an actual feature list for a platform? Well, we’re happy to say that it is. That platform is BetterCloud.
Depending upon your organization’s size, you could easily save up to 19,244 hours ($6.1M) with BetterCloud – every year. So, what are you waiting for?