The SaaS Management Year In Review with Arlo Gilbert, founder and CEO of Meta SaaS
The start of a new year is always the perfect time to reflect on the year prior. What did we learn and how can we take what we’ve learned to better the year ahead? It’s not about idealistic resolutions but using what we know to be better prepared to identify opportunities, reduce risks and become more efficient at whatever we do.
The SaaS industry is perhaps one of the fastest growing industries out there, particularly in cloud services, and trying to grab hold of it is like trying to catch the tail of a comet. According to IDC, the public cloud services market grew nearly 30 percent in 2017, and the SaaS segment holds nearly 69 percent of the overall public cloud market share. How is SaaS evolving and how do companies manage its rapid expansion across the enterprise?
We sat down with Arlo Gilbert, founder and CEO of Meta SaaS, one of the first SaaS management software vendors on the market, to discover his perspective on the SaaS trajectory.
Q: What are some of the trends you saw in 2017 in the SaaS industry?
Arlo: From the overall SaaS industry perspective, 2017 was all about expansion without much consolidation. We continue to see many new companies entering the SaaS market with specializations. There are SaaS applications for virtually every task and function across all business segments, making it easy for SaaS spend and all of its related data to get out of control quickly.
From a management perspective, 2017 was the beginning of the bell curve of awareness that SaaS is something that has to be managed collectively as opposed to letting individual buyers manage their own instances. Major public security breaches forced IT to assess their exposure and what they may not be managing, such as shadow IT.
Beyond security, Gartner, Forrester and other analyst groups started to beat the drum of SaaS spend management. They are bringing awareness into the amount of financial waste due to unused SaaS licenses and SaaS redundancy, compelling companies to manage SaaS for security, compliance and financial reasons.
Q: Did any of these trends surprise you in any way?
Arlo: Two of the biggest surprises for me were (1) how quickly the SaaS management topic is becoming mainstream, and (2) how much sensitive information is vulnerable via API connectivity.
SaaS management is still a young category, yet it’s top of mind for everyone. I was somewhat surprised to see how much coverage it’s receiving — especially from the major analyst firms like Gartner and Forrester that are speaking with organizations daily about their IT challenges. There’s a real interest there, which affirms the need and gives a credible warning for companies.
I am also surprised we didn’t see more security failures or major breaches due to poorly-developed APIs, ignorance and the sheer number of connections we allow into our systems and data. From 2014 through 2016, APIs were big components in order for your app to talk to other apps and share data. You end up with a spider web of interconnected systems that by proxy have access to sensitive data – and there are literally thousands of these connection points in some organizations. In 2017, companies began to realize their exposure. Now, it’s time to do something about it.
Q: How has Meta SaaS responded to these trends?
Arlo: Meta SaaS started in 2016, so we have evolved our product based on what we’ve experienced and learned from our prospects and customers. In every conversation, three key drivers bubble to the top — SaaS spend management (which includes properly managing renewals), security, and compliance.
Spend management almost always leads the conversation. It is important but not the only thing that matters.
Security is increasingly important as companies look for shadow accounts, particularly if those accounts have access to sensitive information. Every organization faces the challenge of protecting their data – company data, employee data, customer data and partner data. It’s only possible if you know what data is out there, who is accessing it through which apps and when, and if those people are authorized. We’ve added security components to our product to provide granular insights into data, users, apps and real-time utilization of those apps so SaaS is no longer in the shadows, particularly those applications that don’t fall under the Single Sign On (SSO) umbrella.
The other area driving these conversations is compliance, and specifically GDPR. With the GDPR deadline fast approaching, organizations can’t afford not to have a plan in place. IT, finance, HR, procurement and other business divisions have stakes in SaaS management because they are all using cloud-based applications with potentially sensitive data that falls under the GDPR regulations. Flexera SaaS Manager expanded from being only about SaaS spend management to heavily emphasizing data transparency and security.
Q: Do you believe any of these trends will be short-lived, more of fads than trends?
Arlo: In the past, most companies didn’t have firewalls, then everyone saw how dangerous that was and firewalls became standard. Then mobile showed us the risks with BYOD, so employers installed mobile device management systems for added security. In these cases, we saw an introduction of a new technology, the realization of the associated risk, then adoption of solutions.
Similarly, with SaaS, we’ve seen the growth of SaaS and the opening of APIs. It is accepted we need all these technologies; now it’s implementing solutions to keep them secure. A SaaS management platform is as mandatory as firewalls.
Q: What do you predict for the SaaS management industry in 2018 – where is it headed?
Arlo: GDPR compliance enforcement starts in May, and I expect we will see enforcement actions against some large companies. We don’t know yet if the EU will issue slaps on the wrists and give companies time to remediate or come down hard with a huge penalty to scare everyone.
We will also start seeing some of the legacy software asset management vendors dipping their toes into the SaaS management category. Most will repurpose old software to shoehorn SaaS management into their workflows versus developing solutions from the ground up to specifically solve SaaS management challenges. Retrofitting legacy software is rarely a real solution, however.
Finally, I predict an acquisition in the space by a large security or SSO company. It’s a natural extension of their stack but requires entirely new code.
Q: What do you think companies need to be thinking about or taking action on in 2018?
Arlo: GDPR may be intimidating, but it also gives companies the perfect opportunity to look at all compliance across the board – to clean house and get data under control.
We’ve also seen a bull market from the perspective of public markets and private equity and venture capitals. Companies are able to get away with being operationally inefficient because they are growing so fast. You don’t think much about your expense lines, yet the moment you see your first down quarter, being operationally efficient suddenly becomes important.
With a start up and with this dynamic, volatile economy, there are lots of unknowns. Companies in 2018 need to focus on their bottom line and ask how they can be prepared in the event of a major market shift. Being efficient and good fiduciaries of their investors’ money will be key: not wasting money on unnecessary employees, software, equipment, etc.
What are some of Flexera’s plans for 2018?
Arlo: As a leader in SaaS management, Flexera is focused on educating companies about their SaaS risk and spend, and developing products that solve real problems. We listen to our customers and we know they need SaaS management tools that empower them to take control of their expanding SaaS environment.
In 2018, we will continue to roll out new features and functionality that give customers the necessary visibility into their data, with actionable insights to improve their overall SaaS management spend, security posture, and compliance readiness. Part of this includes ongoing enhancements to our reporting capabilities, with additional workflows to support compliance with standards such as GDPR and HIPAA.