Skip to content

What Is SaaS Management? The 2023 Guide


February 16, 2022

7 minute read

SaaSManagment2021Guide featureImage

Editor’s Note: This article was updated to include more recent data and new functionality from the SMP marketplace.

What is SaaS management?

SaaS management is automating and centralizing management tasks across a company’s entire portfolio of software-as-a-service (SaaS) applications. The first step of SaaS management is understanding and controlling identity and access to SaaS. The next step in SaaS management is streamlining the processes across a company’s entire SaaS portfolio for:

  • user lifecycle management (ULM)
  • spend optimization
  • application configuration
  • visibility and auditability

When these SaaS management practices are implemented well, IT departments can benefit in many ways. They get hours of time back, produce fewer errors, shorten their ticket queues, and keep their fellow employees productive.

To put these best practices for SaaS management into action, IT administrators often turn to a SaaS management platform (SMP) like BetterCloud.

What is a SaaS management platform?

According to Gartner, a SaaS management platform (SMP) is a standalone tool that can discover, manage, and secure multiple SaaS applications from a central admin dashboard. A fully featured SMP should help IT admins with all of the following:

  • optimize SaaS app usage to boost collaboration and productivity
  • automate day-to-day SaaS management tasks
  • gain visibility into all apps in use, including shadow IT
  • protect the files and sensitive data in their environment

A SaaS management platform is an all-in-one tool that helps IT implement the three core practices of SaaS operations (SaaSOps):

  1. SaaS management (as discussed above)
  2. SaaS discovery
  3. SaaS security

We discussed SaaS management in detail earlier, so we’ll take a quick look at the last two items.

What is SaaS discovery?

SaaS discovery provides full visibility into what SaaS applications are running within your environment. An SMP should be able to show you both sanctioned apps (the ones approved and vetted by IT), and unsanctioned apps (shadow IT being used by employees without approval). 

SaaS discovery allows IT admins to optimize SaaS application usage and SaaS spend in their environment. They can consolidate SaaS licenses if multiple apps are performing the same function. App consolidation cuts SaaS costs and increases collaboration as more employees use the same apps. If an unsanctioned app is being heavily used, IT can step in to sanction it and make sure it is properly licensed and secured.

Check out the two resources below to learn more about SaaS discovery.

What is SaaS security?

SaaS security is the process of understanding where sensitive and proprietary data is located in your SaaS portfolio, and actively working to mitigate security risks. An SMP should be able to secure your SaaS apps by responding to security incidents immediately with automated alerts and remediation. 

Another important part of SaaS security is creating and enforcing security policies to fulfill compliance regulations. SMPs help IT admins prove compliance with the ability to implement IT security policies and document them with non-expiring audit logs. Finally, an SMP should give you the granular access controls you need to implement least privilege access models.

We invite you to check out the two resources below to learn more about SaaS security.

How Do I Get Started with SaaS Management?

Step 1: Gain full visibility into your entire SaaS portfolio

With companies now using an average of 110 SaaS apps, gaining a complete picture of a company’s SaaS environment is a critical need. More than half of IT professionals surveyed say the #1 challenge in their SaaS environments to solve is a lack of visibility into all user activity and data. 

SaaS management platforms like BetterCloud are designed to give IT full visibility into all the SaaS applications in use. From a single, centralized dashboard, you can:

  • See every app in your environment
  • Identify who is using each app
  • Uncover which apps have been granted OAuth access
  • Gain visibility into shadow IT—unsanctioned apps that employees are logging into with their work credentials that aren’t approved or vetted by IT

IT admins should use these insights to make strategic, informed decisions on what apps to use. With the data from your SMP, you can optimize your SaaS usage by:

  • Uncovering potentially redundant apps 
  • Consolidating SaaS usage to save on license costs
  • Identifying functionality gaps in your SaaS portfolio

In our 2021 State of SaaSOps report, 69% of IT professionals were concerned about unsanctioned apps creating security risks. This is why it is important that an SMP be able to mitigate security risks and protect sensitive data. To improve data security, we recommend using an SMP to:

  • Set up real-time alerts to notify you when employees log in to risky apps
  • Automatically log employees out of risky apps

Step 2: Automate everyday SaaS management tasks, especially user lifecycle management

User lifecycle management (ULM) is the practice of onboarding, offboarding, and managing user accounts on a day-to-day basis. This includes managing mid-lifecycle changes (e.g., an employee changing roles), resetting passwords, updating profile information, and so on. If managing these processes sounds like a lot of tedious, manual work, it is! 

In a recent survey, we found that offboarding one user takes an average of 7 hours of staff time. A whopping 82% of respondents said they spend at least 20% of their work week (i.e., an entire day) working on repetitive tasks.

To make IT’s job far less tedious and time-consuming, we recommend using an SMP to automate as much as they can. To get automation up and running as fast as possible, it is important that your SMP includes a no-code workflow builder. No-code builders should make it easy enough that anyone in your IT team can update and manage automated workflows. 

We recommend the following steps to get started with automation:

  1. Start with the library of pre-built templates to make sure you’re following best practices for the process you want to automate
  2. Customize each workflow to meet the specific needs of your company
  3. Regularly update your workflows when new apps are added to your portfolio

When you have mastered the basics of workflow management, you can move towards a zero-touch IT model. Here are just two of the many ways you can save even more time with your SMP through automation.

  1. Leverage custom triggers to create workflows that can start in another business unit, such as HR. (For example, when someone is given a start date in an HRIS, it automatically kicks off an onboarding workflow in your SMP.)
  2. Create self-service IT portals where users can request SaaS app access through a form or ticket, and a workflow kicks off that automatically adds them.

Step 3: Mitigate data security risks and protect sensitive data

Let’s just be honest for a moment. The use of SaaS, especially across 100 or more apps, has been amazing for productivity and collaboration, and awful for data security.

In 2021, SaaS file security violations have spiked 134%, and the number of files containing PII has grown 1944% year over year. 

Over half (55%) of IT professionals say the biggest security concern is not knowing where sensitive data exists. It’s not just the apps themselves that are the biggest threats—72% of IT pros feel that the well-meaning but negligent user poses the greatest risk for data loss.

To mitigate these data security risks (and sleep better at night) we recommend using an SMP to:

  1. Automate file security: An SMP can be set up to immediately notify you when a document has been shared publicly, or with a user outside your organization. That alert can also kick off a workflow that automatically unshares the file and notifies IT and the user.
  2. Implement and automate a least privilege access model: Implementing least privilege is a best practice for any organization. If any users have been granted super admin access, and the number of users exceeds your threshold, an SMP can automatically revoke those excessive privileges. Additionally, an SMP should provide the granularity of permissioning most SaaS applications do not offer natively.
  3. Locate and protect sensitive data: When you first get started, you should use your SMP to perform a one-time search of all files in your SaaS portfolio that contain sensitive data. You can then take action to protect those files if needed by unsharing them or reaching out to the file’s creator. After the initial scan, you can automate “go-forward” policies that alert you immediately when sensitive data is exposed, and even take action to properly secure the file.
  4. Create and enforce IT security policies: An SMP should provide the tools you need to create and enforce your IT security policies, such as timely offboarding and sensitive data protection. With lifetime log retention, your SMP can help you prove you followed your policies, as well as investigate past incidents.

With the astronomical rise of SaaS adoption in recent years, SaaS management is becoming an increasingly important area for IT. The pace of work is too fast, and the stakes are too high, to keep manually managing SaaS tools. To tackle these new challenges, IT must turn to centralizing and automating their SaaS operations. With a fully featured SaaS management solution, IT can finally manage their SaaS portfolio more effectively—and regain control over their SaaS environment.

To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.