A Better Way to Manage Multiple SaaS Apps (Featuring New Recommendations from 451 Research)

SaaS is exploding; this much we know. It’s no surprise that enterprises use multiple SaaS vendors like G Suite, Office 365, Dropbox, Box, Salesforce, Slack, and others.

But current cloud management platforms and SaaS administration tools weren’t designed to handle SaaS proliferation within enterprises. As a result, managing multiple SaaS applications is creating unprecedented risk and challenges for IT organizations. Enter: SaaS Operations Management (SOM), a new market that solves those challenges.

In a recent webinar, 451 Research Principal Analyst Carl Lehmann explained the high value of SOM, why existing platforms don’t solve the SaaS management problem, and why he believes companies need to start paying closer attention to SOM. Our CEO David Politis was also on the webinar to explain why the SOM market is emerging now and how BetterCloud—a SOM pioneer—solves key operational challenges for SaaS admins.

Here’s a recap.

You can find the full recording of the webinar at the end of this post. 

Cloud migration trends: The shift away from on-prem architecture is happening quickly

First, let’s just set the stage. To kick off the webinar, Lehmann presented data from multiple 451 Research surveys that painted a pretty clear picture of where the market is heading. This may not be surprising to you, but in the next two years, the percentage of on-premises, non-cloud applications will decrease 29%, and SaaS applications will increase 41%.

“It’s rather obvious that the evolution of cloud deployments is going to accelerate,” said Lehmann.

He added, “It’s no surprise that for most new applications, companies are also taking a cloud-first deployment. They’re preferring to modernize their application development environment, enable cloud-native designs, and pursue cloud-first development initiatives.”

In another survey, respondents were asked which area they expect to see the largest increase in IT spending in 2018 (compared to 2017). SaaS and hosted applications dominated the list (32%). “The vast majority of application interest is in SaaS architecture, SaaS services, SaaS offerings, or multiple SaaS vendors,” said Lehmann.

And as for IT goals, survey data revealed that the top two most important goals for organizations’ IT environments over the next 12 months are 1) responding faster to business needs, and 2) reducing costs.

SaaS apps bring plenty of benefits … but also plenty of burdens.

There are plenty of benefits to using SaaS, like time-to-value. You can pay as you go, and cost becomes more predictable. SaaS apps are intuitive to use, adaptable, and highly configurable.

However, SaaS brings a host of new burdens for IT, like:

Once you have multiple SaaS vendors, those platforms, user interfaces, and administrative tools are all different, Lehmann pointed out.

“They handle admin policies in different ways. Some types of administrative capabilities are stronger than others. Some have very configurable environments; some are less configurable,” said Lehmann. “So how does IT handle all the things they need to do to offer permissions and onboard and offboard users? How do they manage data risk now that you’re exposing data to multiple off-premise platforms? How can that be governed and controlled in better ways?” The list of day-to-day operational IT burdens is a lengthy one. 

None of the existing ways to manage SaaS apps are really designed or intended to do so.

Applications management:

Applications management revolves around application lifecycle management: defining, developing, and testing it; bringing it to production; maintaining, upgrading, patching, and refreshing it; and making sure it’s running in an appropriate configurable environment. It’s good for managing projects and multiple portfolios of applications. That’s all well and good for on-prem legacy matters, but not so great for cloud service management.

“And certainly they weren’t designed—at least many of the earlier application lifecycle management platforms—to address the challenges of multiple SaaS vendors in an enterprise,” said Lehmann.

Cloud management:

Cloud management platforms have been around for six to eight years, and they were primarily designed to enable management of multiple IaaS, or multiple services of a single IaaS provider. They’re great for infrastructure provisioning, budgeting, economic analysis, workload migration, and performance monitoring—but not so great at cross-service management. 

Most SaaS apps fall out of the purview of many cloud management platforms. “Cloud management platforms were not designed specifically with SaaS administration in mind—rather more for infrastructure administration in mind,” said Lehmann. 

IT services management (ITSM):

And let’s not forget about ITSM (think IBM, BMC, CA Technologies, HP). They’re great at helpdesk and incident management, change management, and configuration management. Plus, they can be applied broadly to a lot of different ecosystems and environments. The challenge is, though, that you have to configure them to make them work in environments. It takes a bit of engineering; there’s a learning curve. They’re not really designed to enable SaaS automation.

“These approaches are doable, but they are not really intended to or specifically designed to manage multiple SaaS applications in an enterprise,” said Lehmann.

A new market, SOM, is emerging.

There’s a need for a new market. Enter: the emerging SOM market.

“[SOM] addresses the needs that the other approaches to SaaS administration fail to do,” said Lehmann. 

Why? Because:

  • Cloud management platforms were designed for multi-clouds
  • Application management platforms were designed for application lifecycle management and project management
  • ITSM is designed for broad-based IT administration tasks
  • Native admin consoles for cloud office apps are not really designed for other SaaS offerings

The management of multiple SaaS applications has been overlooked, according to Lehmann. A new IT market with an emerging set of capabilities for SaaS operations management needs to be addressed.  

So what is SOM, exactly? It’s a single pane of glass, and its strength lies in automation.

“[SOM] addresses all the IT challenges and admin challenges I described earlier. It does so by exposing the administrative consoles of multiple SaaS offerings into a uniform services platform,” said Lehmann. It’s a single pane of glass, essentially—one that can be adapted to multiple environments when properly architected. 

It also automates IT tasks and workflows. “Its strength is in automation for a lot of different things, like the administrative tasks on a day-to-day basis. Automation is a big part of the digital transformation wave rolling over enterprise IT organizations right now.

“I believe SOM platforms’ strengths within the uniform services platform environment is their ability to automate the workflows required for a variety of things like authorization, configuration, governance, etc.,” said Lehmann. 

SOM lets you automate and enforce policies, and be more productive.

What do you get from SOM? Productivity improvements. The automation piece of SOM helps businesses respond faster to business needs, which is one of the most important goals for IT. It reduces time to locate data objects and speeds up remediation. 

Lehmann also pointed out that policy enforcement, automation, and execution is an ongoing process.

“There’s a need to automate various specific things like defining policies, enabling investigations, determining violations, etc., and I believe the SOM market is emerging to help address this efficiently.” 

And lastly, SOM supplements existing security platforms. Many companies that have deployed SaaS have also deployed IDaaS for authentication access and/or CASBs for security enforcement. SOM supplements these platforms and adds value to existing investments. 

451 Research recommends exploring emerging SOM vendors as they come to market.

“The management of multiple SaaS apps has been overlooked, and I believe that the SOM market is something that companies need to pay closer attention to,” said Lehmann. 

He has four key recommendations, starting with taking stock of your enterprise SaaS use and measuring the IT resources you’ll need to track the usage and risks with current multi-SaaS use.

“It’s important to explore the emerging class of vendors that I’m calling SOM vendors as they come to market. In my opinion, BetterCloud represents one of the earlier pioneers in this market,” he said.

Why is SOM emerging only now? Let’s use MDM as an analogy.

To explain why SOM is emerging only now, our CEO and founder David Politis discussed an analogy using the rise of MDM.

In the late 90s, when employees started accessing corporate data on mobile devices, it was revolutionary. It transformed the way people worked. A few years later, though, unexpected security risks started popping up. A lost mobile device meant a possible data breach. And then, as people started realizing they needed a solution to manage and secure their mobile devices, MDM solutions took off like wildfire. Organizations began adopting them as a mainstream solution.

The same thing is happening with SaaS right now. It’s the same cycle.

We are seeing the same exact thing play out right now. People have run headfirst into SaaS applications, embracing their new productivity and collaboration capabilities, and SaaS has transformed the way people worked. Now, though, we are seeing new security risks and challenges arise. These problems only appear after SaaS apps have been in full use in organizations—i.e., as the mainstream moves to SaaS and standardizes on 100% cloud. We are just hitting this tipping point now.

BetterCloud transforms SaaS management and security.

At BetterCloud, we transform SaaS management and security in three main areas:

  • Uncovering blind spots – There is tremendous data sprawl when you use SaaS apps. You can upload a file to Drive, Salesforce, and Slack, share it in Drive, email it, etc. It’s very difficult to get visibility into that sprawl, so we help uncover those blind spots.
  • Enabling the impossible – There’s functionality that does not exist natively in SaaS applications. And of course, administrative functionality across SaaS applications definitely does not exist. It’s essentially impossible without some kind of SOM market solution. 
  • Automating manual work – For example, if you did everything required to thoroughly offboard a user, it could take hours to do it manually, in its entirety. We help automate that work. 

“We’re getting to a time now where you have to start thinking about managing your environment outside-in, vs. the traditional inside-out method,” said Politis. 

Traditionally, managing at the device level was most critical, because that’s where all the data was living and application settings were changed. By having an agent on a device, you knew everything the user was doing, all the access they had, and so forth. But now, according to Politis, we’re going back to devices being essentially dumb terminals with a browser. At this point, the device itself is really not storing a lot. The settings, configuration, and authorization are not living on the device. Thus, having an agent on a device is not really going to provide the control that you need. 

At the next level up, it’s imperative to have an identity solution, which will control access to these SaaS apps. But the data, authorization, configuration, settings, activity, etc. are all living in the SaaS apps themselves. That’s where BetterCloud comes in; we are focused on solving the problem at that layer. 

These are three of the top security blind spots for IT admins.

This data is from our last customer survey, which took place about a month ago. Broadly speaking, the top blind spots fall into three categories: 

  • Ex-employees still having access to corporate data. This typically stems from incomplete offboarding.
  • Confidential/sensitive data exposure. IT professionals are readily admitting that they have a problem with data exposure. There hasn’t been a solution that solves this, and that’s where SOM comes in. Think about the number of users who have access to SaaS apps and interact with SaaS data every day. This makes the scale of data exposure quite scary.
  • Excessive super admin access. When we ask IT professionals how many super admins they think they have in their SaaS apps, the answer without fail is always 1-3. In reality, when we look at our customer data, the average is 15-20. This problem occurs because there’s a lack of granularity in admin roles in SaaS apps. This means too many people have too much access, which can open the door for dangerous error.

Here are some examples of policies we support in the BetterCloud platform. We believe that any SOM solution will need to support these types of policies because these are the biggest challenges for IT.

The paradigm has changed tremendously. In legacy environments, IT chose the vendor and were Microsoft or IBM shops. Now we live in heterogeneous environments, where companies buy best-in-class SaaS products. Data is not on the device anymore—it’s on the SaaS platform. Controls are now in the users’ hands. You can bring external people into your environment. All of these new paradigms require a new set of policies. 

Here are real examples of how BetterCloud solved various operational challenges for customers.

Excessive super admin access

One of our customers, a fast-growing lifestyle company, outsourced IT to a company that gave everyone on their team super admin access. However, one day, one of the IT members accidentally bulk deleted 20 salespeople. Those employees thought they had been fired. The company used BetterCloud to create granular access roles, reducing the number of super admins to three.

Excessive super admin access is a problem we see again and again. Usually, it happens because an employee requests temporary elevated access for a project or task. It’s granted but never revoked, because there’s no easy way to track or remove access. Instead, it proliferates, which means too many people end up getting all the keys to the kingdom.

In BetterCloud, you can build a policy that lets you set a threshold for a number of super admins, and if that threshold is crossed, then the super admin access will be immediately removed and the correct team will be alerted. 

Public file sharing

A highly regulated internet company was doing some auditing with BetterCloud and identified an HR employee who had accidentally shared an HR folder publicly. This included files with social security numbers, salary information, and offer letters. The IT team remediated it immediately using BetterCloud and also created a policy that would check for files shared publicly by HR on an ongoing basis. If detected, those files would be immediately unshared and the correct team would be alerted.


A global retail organization saved 504 hours in their first 6 months of purchasing BetterCloud by automating their offboarding process.

Offboarding is a highly manual process that takes ungodly amounts of time. Often, IT teams simply don’t have the time to offboard employees in a timely fashion, but offboarding is critical from a security standpoint. It can be a complex process, but with BetterCloud’s offboarding policy builder, you can offboard users at scale.

Download our free whitepaper to learn what the top 8 security policies are.

If you’re new to SaaS management or security, we highly recommend downloading our free whitepaper here. After surveying and talking to thousands of modern IT professionals over the past few years, we’ve summarized the top eight SaaS security blind spots and the policies that can fix them.

Interested in seeing BetterCloud in action? Visit https://www.bettercloud.com/demo to speak with a solutions specialist and get a customized demo. 

Here’s the full recording of the webinar:


Leave a Reply

Your email address will not be published. Required fields are marked *