What is SaaS management?
SaaS management is the practice of managing the day-to-day operations across an organization’s software-as-a-service (SaaS) applications. This includes managing processes like identity and access, user lifecycle management (ULM), spend optimization, application configuration, and visibility and auditability across SaaS apps.
SaaS management is a key part of a broader IT practice known as SaaS Operations, or SaaSOps. SaaSOps refers to how SaaS apps are discovered, managed, and secured through centralized and automated operations, resulting in reduced friction, improved collaboration, and better employee experience. This practice aligns products, people, and processes to effectively support a “best-in-breed” software strategy and drive broader organizational transformation. By tackling the slew of new challenges generated by SaaS, SaaSOps empowers IT to realize the full potential of SaaS.
Now more than ever, companies are depending on IT to drive business transformation, innovation, and planning for cloud success, including protecting data from afar. And with the average company using 80 SaaS apps now, SaaS management has become a critical part of IT’s role.
In this guide, we’ll provide an overview of SaaS management. You’ll learn about the biggest SaaS management challenges, common SaaS management workflows, best practices for SaaS management, and how you can benefit from a SaaS management platform, or SMP.
Unique challenges of SaaS for IT departments
Within many organizations, SaaS adoption starts slowly in a smooth process with adequate upfront planning. But challenges arise, particularly as more apps are used. Given how easily users can procure and deploy SaaS, organizations can soon find themselves using dozens of apps. Before long, the amount of data, number of users, and apps all go through the roof. IT now must think about every user and the data they have access to within this ever-growing sprawl of apps.
The explosion of SaaS creates several new unique challenges for IT. Below are three of the biggest ones:
- Lack of visibility on app usage
- Slow, manual management
- Inability to mitigate security risks
Let’s explore each in further detail.
1. Lack of visibility on app usage
The digital workplace consists of dozens, even hundreds of SaaS applications, making full visibility virtually impossible. In fact, only one-third of surveyed enterprises routinely search their corporate network for new app subscriptions. It’s hard for IT to know which apps are being used, who’s using them, how much they cost, what read/write permissions they have, or what data people have access to. But why is visibility important?
Because you can’t manage and secure what you can’t see.
Without full app visibility, you can’t fully enforce your security policy. And because you can’t prove it either, it’s hard to claim that your organization is in compliance.
Also, unsanctioned SaaS applications may have security issues in source code or infrastructure flaws that inadvertently risk your entire enterprise. Simply put: The more unauthorized apps an enterprise’s employees use, the larger the security risk.
Additionally, lack of visibility means you may have redundant or unused apps without realizing it. In fact, BetterCloud Discover trials uncovered that on average, companies had 135 redundant apps.
And with many SaaS applications, you pay whether you use the licenses or not. Without visibility into actual usage, roughly 30% of SaaS spend is wasted due to lack of use or duplicative apps, revealing a prime opportunity for cost savings.
For more info on SaaS app visibility, check out these resources:
- How BetterCloud Discover Helps IT Know the SaaS Environment
- The Hidden Risks of SaaS
- Insight Alert #3: Why It’s Essential to Have Full App Visibility
2. Slow, manual SaaS management
User lifecycle management (ULM) is the practice of onboarding, offboarding, and managing user accounts on a day-to-day basis. This includes managing mid-lifecycle changes (e.g., an employee changing roles), resetting passwords, updating profile information, and so on. If that sounds like a lot of tedious, manual work, it is! ULM is the area where many organizations struggle most without automation, as it’s particularly challenging with SaaS.
In an ideal world, dealing with changes throughout users’ lifecycles would be identical across all SaaS apps, effortless, and seamless for both IT and end users. But in reality, the process is fragmented and extremely manual. Instead, these problems are common:
- New employees lack access to job-critical apps
- Permissions/entitlements are not properly updated as users move roles
- Former employees retain access to sensitive data
Why is ULM so complex in SaaS management?
The primary challenges center around the complexities of onboarding and offboarding, and something as simple as changing an employee’s role can become complicated across multiple SaaS apps. Offboarding workflows are typically manual processes and can consist of upwards of 60 steps. In fact, according to the 2020 State of SaaSOps report, IT organizations spend an average of 7.12 hours offboarding a single employee from a company’s SaaS apps.
The sheer volume and variety of data types, objects, and configurations across SaaS apps drive ULM challenges. Additionally, without a SaaS management platform, ULM processes are typically managed through spreadsheets, making them error prone.
3. Inability to mitigate security risks
The 2020 Verizon Data Breach Investigations Report found that errors, including misconfigurations, were causal events in 22% of breaches. Eight in 10 companies across the United States have experienced a data breach made possible by cloud misconfigurations, according to research by IDC.
It’s especially easy to misconfigure the sharing settings in a SaaS application. They vary from app to app, and well-meaning end users may not realize the implications of the settings they choose when sharing files. SaaS apps give end users the power to collaborate and share files publicly, but IT is unable to easily see how files are shared and which contain sensitive material. This lack of visibility not only blinds IT teams to risks, but also makes it impossible to mitigate those risks.
Additionally, SaaS applications generally do not provide the granularity of permissioning you need. Inconsistent levels of access for admins often result in giving out access to more data and controls than necessary, leading to increased risk. Without the ability to provide access only to what’s needed, it’s difficult to achieve least privilege.
The need for a SaaS management platform
Many of the existing ways of managing IT are no longer applicable to environments dominated by SaaS. Put simply, you can’t manage new tech with old tactics. In their report, “I&O Leaders Must Transform Their Teams to Lead With SaaS Cloud,” Gartner analysts write, “I&O leaders equipped with legacy tools to manage on-premises environments will be unable to take advantage of SaaS applications to lead digital disruption.”
As SaaS adoption fundamentally changes the operating model, the role of IT teams must change accordingly as well. According to the Gartner report, “The competing pressures of IT operations and user enablement will demand new skills, tools, and roles to lead the transition to SaaS.”
Enter: the SaaS management platform.
How organizations can benefit from a SaaS management platform
SaaS management platforms serve as a force-multiplier for IT, enabling teams to scale at the least cost with the fewest errors.
It’s a force-multiplier for IT for two reasons:
- Centralization. SaaS management platforms centralize data and administrative actions into one platform, allowing IT to manage policies, remediate violations, visualize all assets and users, and audit administrator activity across all their apps from one place. Centralization is critical. Managing SaaS apps separately—through individual tabs in your browser—quickly becomes unsustainable as SaaS adoption grows.
- Automation. Without automation, IT has two choices for tackling SaaS operations: either scale IT staff alongside SaaS adoption, or block additional SaaS adoption. For most companies, neither option is realistic. Thus, IT must turn to automation in order to manage the growing sprawl of SaaS apps and data; managing it manually becomes unsustainable over time. SaaS management platforms use APIs exposed by SaaS applications to create powerful automated workflows across apps, resulting in significant time savings, less human error, and the ability to scale.
Similarly, in the Gartner report “I&O Leaders Must Transform Their Teams to Lead With SaaS Cloud,” the authors point out that these types of workflows enable broader digital innovation for the entire organization. As an orchestrator, IT becomes “focused on creating business-centric workflows as opposed to building services from scratch. APIs exposed by SaaS applications enable these innovative workflows. I&O leaders will, therefore, be able to drive digital innovation and business enablement through SaaS adoption.”
A key benefit of an SaaS management platform is that it makes processes like onboarding and offboarding much more efficient. These quantified benefits were documented in “The Total Economic Impact™ of BetterCloud: Cost Savings and Business Benefits Enabled by BetterCloud,” is a commissioned study conducted by Forrester Consulting on behalf of BetterCloud published June 2020. Among the study’s key findings, benefits include:
- More efficient management and security of employee offboarding, from 9 hours to less than 1 hour
- Employee onboarding tasks reduced from 6 hours to less than 1 hour
- Employee status change tasks reduced from 2 hours to less than 1 hour
- Security compliance time savings: a 90% reduction in time for collaboration and file security management
The last bullet underscores how challenging and painstaking SaaS security is. The report says: “It is time-consuming to set and maintain proper management and security settings for file directories, collaboration groups, conferencing software, and other SaaS solutions. Some of the interviewees said it previously required so much time that their organizations were not able to prioritize this task at all.”
Why is it so difficult? Because SaaS apps have a myriad of settings and controls for users, groups, and files, and it’s nearly impossible for IT to monitor them all manually. This is where an organization can benefit from a SaaS management platform. This type of tool can identify changes in configurations and alert IT of suspicious behavior in real time. Once identified, that information is fed into a workflow system to assess the risk and automate the appropriate remediation path. The workflow system provides flexibility to set thresholds for expected behavior, giving IT teams the option to speak with colleagues to understand their goals and intentions.
SaaS management best practices
To succeed with SaaS, IT must address these operational challenges and embrace best practices for SaaS management. A report by Forrester Research entitled Best Practices For Software-As-A-Service Operations outlines several recommendations, which include:
- Facilitate excellence by forming a cross-functional team to tackle SaaS operations. “This may be an extension of an existing infrastructure-focused CCOE [cloud centers of excellence] or a separate group entirely focusing on SaaS,” according to the report.
- Strive for highly automated and iterative SaaS operations. “Simply put, there’s too much stuff to manage; only AI and automation can help deal with the scale of new demands and the increasing threat landscape. I&O pros must borrow from what they’ve learned from DevOps.”
- Use tooling wisely, but expect forthcoming industry consolidation. “Effective tooling is essential to coming to terms with SaaS sprawl . . . Until consolidation happens, expect a need for establishing integrations and maintaining them.”
For more best practices from the report, head here: Forrester Report: Best Practices for SaaS Operations
Common SaaS management workflows
To scale efficiently, IT must automate work whenever possible. Automated workflows allow busy IT teams to eliminate human error, drastically reduce time spent on manual tasks, and fix security vulnerabilities in real time.
Some of the most popular SaaS management workflows include:
Automatically onboard employees
Onboarding workflows can eliminate your tedious checklist of steps and ensure new employees have access to the right SaaS apps, groups, files, folders, calendars, and entitlements on day one.
Automatically offboard employees
Revoking an ex-employee’s access to your SaaS environment is critical, but it’s just the tip of the offboarding iceberg. There are dozens of additional steps you must take for business continuity, data retention, compliance efforts, and data security. A robust offboarding workflow can automatically take care of these steps, such as transferring ownership of assets to a user’s manager, deleting 2-step backup codes, removing connected devices, setting up email forwarding and autoreplies, removing licenses, and deleting the user.
Automatically manage guest users
Guest users are often (inadvertently) granted indefinite access because it’s easy to forget to revoke their access once their time is up. However, this oversight can pose a security risk. A guest management workflow can automatically wait 30 days, ask for approval to remove guests, and if approved, offboard the guest.
Automatically clean up empty Slack channels
A graveyard of defunct Slack channels can be messy, confusing, and counterproductive for employees to sift through. This popular workflow can automatically archive or delete a public channel after checking that the channel is no longer needed.
Automatically secure sensitive data
While this may fall more in the SaaS security realm, this workflow is worth mentioning. If sensitive data is overshared and exposed, this workflow can automatically detect the misconfiguration, unshare the file, revoke public sharing links, alert the IT and security team, etc. to ensure your data is secure.
Automatically revoke excessive super admin privileges
Implementing least privilege is a best practice for any organization. If any users have been granted super admin access, and the number of users exceeds your threshold, this workflow can automatically revoke those excessive privileges.
Reduce SaaS costs with spend optimization
As noted, you often pay for SaaS licenses whether you use them or not. So another onus that falls on IT is to monitor usage and ensure that existing SaaS licenses are claimed and used. This is particularly important as budgets shrink. But the ease of procurement with SaaS apps makes it difficult for IT to understand where funds are allocated, if licenses are being used, and where you may have redundancies in apps.
Related blog post: The Ongoing Challenge and Opportunity of SaaS License Spend Management
SaaS renewal management is another challenge for IT, which requires continual iteration and updating. IT must figure out the right purchasing department and owner—both a primary and secondary owner—for each application, which can be difficult to track down.
A SaaS management platform can help you reduce costs and optimize spend by finding applications that aren’t being used or are being underused relative to how many licenses you’re paying for. SaaS management requires a data-driven approach and full visibility so IT professionals can understand application usage and determine which apps are delivering value.
Related: See how BetterCloud helped Fullscreen saved $100,000 in license costs
With the astronomical rise of SaaS adoption in recent years, SaaS management is becoming an increasingly important area for IT. The pace of work is too fast, and the stakes are too high, to keep manually managing SaaS apps. To tackle these new challenges, IT must turn to centralizing and automating their SaaS operations. Armed with these advantages, IT can finally manage their SaaS portfolio more effectively—and regain control over their SaaS environment.
Want to explore SaaS management further? Check out this blog post: Gartner’s New Market Category: SaaS Management Platforms (SMPs)
To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.