Flexera logo
Image: 3 Ways to Curb Rogue SaaS Spending
This post originally appeared on the Snow Software blog. Snow Software has been acquired by Flexera.

Most employees strive to make valuable contributions to their organizations, but they occasionally run into obstacles on the path to productivity. So, what happens when employees need fast access to a tool or platform to do their jobs? Rogue spending.

Rogue spending occurs when employees stray outside of the standard IT procurement procedures and policies, and it can happen for a number of reasons:

  • Employees feel like the path to getting the tools they need to do their jobs is too burdensome.
  • In a remote or hybrid workforce, employees may not know the right person to contact in their organization to discuss the purchase.
  • Employees simply aren’t aware of the policies and procedures in place.

Regardless of the cause, rogue spending can quickly spiral out of control. The resulting shadow IT introduces significant risk, from costly compliance failures and security threats to blown budgets.

Growing SaaS reliance

In our digital, work-from-anywhere landscape, SaaS spend continues to grow at a brisk pace. Gartner estimates organizations spend $1,040 per employee on SaaS and forecasts that spend will grow 15-20 percent annually. In the Snow Software 2023 IT Priorities Report, 69 percent of IT leaders report an increase in their organization’s investment in SaaS applications.

An even costlier challenge, however, comes from unsanctioned software and cloud services. In fact, IT is only aware of about a third of the estimated 125 different applications in use, according to Gartner. In a closer look, 76% of IT leaders found that business units are procuring far more cloud and SaaS than IT knows about, according to the 2023 Snow IT Priorities Report.

Shadow IT risks

Unsanctioned software and cloud services bring a host of risks, including cyber threats, overspend and failure to comply with regulations such as GDPR, HIPAA, PCI and others.

  • Cyber threats. To keep data secure, IT reviews the security policies of the SaaS provider. If IT is unaware of applications in use, they are unable to vet the risks associated with these providers or how they interface with other organizational IT. They are also unable to implement vendor patches for known security vulnerabilities because teams can’t secure what they can’t see. Breaches are expensive from all points of view.
  • Overspend. Budget over-runs are a big risk, especially in the current economic climate when keeping a lid on costs is mandatory. When individual users sign up to use their own software, you’re likely missing out on potential volume discounts. Redundancies also occur, and you can find yourself paying for multiple solutions directed at the same use case.
  • Compliance failure. There are numerous laws and regulations designed to protect employee and customer data, and they vary by government and region. Take HIPAA, for example. Healthcare organizations must obtain a business associate agreement from providers who store, create, receive, maintain, or transmit protected health information (PHI). The business associate agreement provides assurances of how the provider will safeguard PHI data. To obtain this agreement, organizations must know about all applications employees are using that are storing, transmitting, creating, and receiving PHI. To not know is to be out of compliance with HIPAA and that comes with costly fines.

3 ways to curb rogue spending

We know from the same study that reducing IT costs in 2023 is a top priority for organizations (33%). One way to achieve that goal is curbing shadow IT’s rogue spending. But where do you start? Here are a few ideas:

1. Build and widely share an approved vendor list. Keep your employees productive (and happy) by building an approved vendor list. A vendor list is your organization’s way of saying, “Here’s what we’ve found works well and what we are actively managing and securing.”

The vendor list will make it easy for those in charge of purchasing, whether in a decentralized or centralized purchasing environment, to make quick and easy decisions and reduce the approval time, a key instigator to rogue spending. Be sure to share this list widely and often. Two-way communication is also key. It is important for IT professionals to confer with other business units to make sure they have as much information as possible to best serve their needs.

2. Gain visibility with a SaaS management platform. Despite your best efforts, it’s impossible to determine every application being used in your environment and whether or not you have the correct controls in place without visibility. The right SaaS management platform will help you discover sanctioned, unsanctioned, licensed, and free SaaS applications and curb the rogue spending shadow IT creates.

3. Focus on the user. There are many ways to discover SaaS applications in your environment, but to effectively separate those applications that are adding value from those that are contributing to waste, you must understand usage. Comprehensive usage data that goes beyond simple login information to detail duration in the app will allow you to identify the apps that employees find essential to their individual roles and eliminate those that aren’t.   

Put shadow IT in the crosshairs in 2024 and curb the rogue spending that it brings. You’ll reduce costs, lower risk, and keep employees productive.