SaaS solutions have exploded in the past decade, largely in part to their flexibility, scalability, and the collaboration they foster. Nearly 78% of small businesses have adopted SaaS options, and companies that have adopted cloud platforms report that “they can bring new capabilities to market 20-40% faster” (Zippia).
For the most part, this growth is all good. SaaS options are popular—86% of businesses using SaaS report higher employee engagement (Zippia). They can help make work more efficient and solve even niche needs for affordable prices.
But with growth also comes the need for management, to help ensure your business's SaaS use is under control, secure, and still convenient. Without proper management, you risk SaaS sprawl, Shadow IT, and all the risks associated with them. Luckily, like any tool in your business, you can get a handle of them and start moving from disorganization to optimization. Ahead, we're sharing our top SaaS tips to secure and optimize your business.
Precisely because they're so easy to use and sign-up for, the rise in SaaS has also led to the rise in what's called Shadow IT: any technology in use at your organization that is "outside the ownership or control of IT". Employees who sign up for SaaS outside of IT's knowledge typically don't even know they're doing something wrong. Most often, they're simply trying to do their jobs efficiently and find a tool to help them do so.
But when an application is in use at your business without IT's knowledge, this automatically makes it risky. Things like file and data sharing may be unsecured. And any application that's connected to your network makes for another potential access point for cyberattacks, making it vital for IT to be able to keep track of it.
Fortunately, the first step to optimizing and securing your SaaS use is simply bringing it out of the shadows. Working with a trusted partner, your business can tap tech tools to uncover every SaaS app in use so you can start to manage them all together strategically.
SaaS sprawl-and with it, data and cost sprawl-is another risk that emerges with all this unfettered use. SaaS options are popular with employees, so the SaaS optimization process really represents an opportunity to engage your employees and bring IT and the organization together. Involving employees in the process helps them feel their needs are being heard and ensures their buy-in on any changes. Plus it helps IT learn and understand where the needs are and how current company technologies are--or aren't—meeting those needs.
Once this is understood, IT can reduce redundancies in SaaS use and right-size your applications and licenses. Not only does this help reduce your costs, but it helps streamline any data sprawl that's happening.
Sometimes, employees sign up for Shadow IT SaaS options when they don't like the technology provided by the business.
When you involve employees in the discovery process and value their input, you can get to the source of this information. You may even find that the best option is to move away from your previous tool and move the entire business onto the new SaaS option, albeit under IT management. Either way is far preferable than having half your organization on one technology, while others are opting for something else.
SaaS tools are meant to help improve and optimize efficiency and collaboration at your business—in fact, collaboration tools are generally the most popular and most used SaaS options.
One of the benefits of bringing these tools all under IT and then tracking them is actually optimizing efficiency and collaboration.
One of our favorite options for achieving this new sweet spot is by setting up an IT-approved SaaS catalogue. A catalogue sets up and clearly communicates the various SaaS options for employees to choose from, while ensuring each SaaS platform has been properly vetted by IT.
When you don't have a clear idea of what SaaS apps you're using, how much you're using them, and where duplication exists, you can't make a case to negotiate a better rate.
When you go through the SaaS discovery process and look at what's really in use, evaluate data points like employee usage and the number of seats you anticipate using. With that in hand, you'll be able to increase your buying power and find savings.
Some other moves you have to decrease SaaS spend include:
Downgrade or eliminate licenses altogether: when you get in and look at how SaaS applications are actually being used, you may discover you could in some cases downgrade your licenses and find savings. For example, you may have several employees signed up for Pro licenses of some applications. But if they're not using the Pro features often, they could be downgraded to a less expensive Basic license. Or you could eliminate licenses when they're not being used (versus getting dinged by those automatic renewals).
Consolidate licenses: Perhaps, through Shadow IT, you have several employees signed up for the same app, unbeknownst to each other. Consolidating licenses may help you reduce spend and increase your buying power.
You can't plan around what you don't know. All those license renewals need to be actively managed to maximize your savings and buying power. Setting up a system to track license renewals is your best bet, as you cannot only keep track of and plan for your costs better, but you can also see when renewals are upcoming in 90, 60, and 30 days and plan accordingly—whether that means researching another option or preparing your case to negotiate better rates.
As you go through discovery, IT should set up a checklist to help codify what standards need to be met for an app or platform to be secure enough for IT approval. This checklist should include:
General information: this includes contact details for the SaaS vendor or supplier, as well as who at your organization set up and owns the account or license.
Information security: this should go into details about information security through the SaaS app and whether or not it meets your business's security protocols.
Organizational security: you should also include an outline of who at the SaaS vendor is responsible for information security, what policies they have in place, and any agreements formed between your business and the supplier.
HR security: when working with a SaaS vendor or supplier, they may be exposed to sensitive business or personnel information. This section would cover items such as, whether have they signed a Non-Disclosure Agreement and do they have a proper procedure in place for their personnel onboarding and offboarding.
Physical security: SaaS data likely isn't kept onsite at your supplier's offices. This section should cover the locations of their servers and the security there.
Network security and system maintenance: next, you'll want to have a complete understanding of their network security, including password management systems and firewalls, as well as how and how often system maintenance is performed.
Sub-contractor relationships: sub-contractors are increasingly becoming targets for cybersecurity breaches. As they're often less secure than larger organizations, they're often used to gain access to larger partner networks. You should be aware of if your SaaS supplier uses sub-contractors and if so, which ones.
Incident policies: Lastly, in the case of a security issue, you'll want to be proactively aware of your SaaS vendor's policies and how they manage and handle security incidents.
Your employees' insights and input as to why they're using certain apps, why they're not using other tools, and what their needs are is all essential to the SaaS discovery process. Employee education is also essential to SaaS optimization and security.
With education, you can help your employees understand why things like security and SaaS management are so important, as well as why any changes are necessary. But you can also ensure they're helping you keep your business secure on the front lines by making sure they're educated on issues like proper password management and how to spot a phishing scheme.
So long as IT and the organization see each other as a team, there to help each other be successful, you'll be able to find your SaaS optimization sweet spot.
The risks of Shadow IT and SaaS sprawl include data protection and loss, expanded attack surfaces, and yep, increased costs.
Shadow IT grows out of a lack of knowledge on both employees' and IT's part. The good news is, it's also illuminating, shining a light on the needs employees have and the tools they value. The best approaches to reduce shadow IT risk take this into consideration, establishing policies that both protect and empower, while bringing employees along through education so they view them less as restrictive, and more as protective of the team and organization as a whole.
Fortunately, you can also take control of it and reduce it by following a three-pronged approach: technology, employee education, and policy. In our Guide How to Reduce the Risks of Shadow IT, we'll walk you through exactly how to discover Shadow IT in your business and take control of it.