Flexera logo
Image: Are You Making These Common Mistakes in Your SaaS Management Practice?
This post originally appeared on the Snow Software blog. Snow Software has been acquired by Flexera.

Organizations of all shapes and sizes are beginning to realize that SaaS applications can be a double-edged sword. The convenience, flexibility and accessibility that makes these apps so attractive has also led to waste, sprawl and security risks that must be identified and managed.

While we talk extensively about the best SaaS management practices, you simply may not realize where you’re introducing trouble into your current processes. In fact, the most commonly employed SaaS management methods often present the biggest struggles along the way. By learning from these four common pitfalls, you can pave the way for a smoother and more successful SaaS management journey.

Using internal surveys

Let’s start with one of the more straightforward and basic methods organizations employ to uncover SaaS in their IT environment – an internal survey. When you want to know what SaaS applications your employees are using, why not just ask them? 

Unfortunately, this method falls short for a number of reasons. First, the results of the survey are likely to be inaccurate and incomplete, because some percentage of employees simply won’t respond. Of those who do, it’s unlikely they’ll provide a comprehensive account of all the SaaS applications they’re using either due to honest oversights or to a reluctance to list apps they have a hunch would not be approved for internal use. 

Secondly, employees are prone to overstate the value an app provides. No one wants to admit to wasting company resources, so the natural inclination is to ascribe value to a purchase even when that value may not be there. 

Finally, even if it were possible to gather a perfect account of all SaaS apps in your environment via this method, it would be out of date the moment the survey was complete thanks to the decentralized and often spontaneous nature of SaaS procurement. Today’s survey won’t capture the additional waste, sprawl and risk that will be added to your environment tomorrow.

Creating spreadsheets

Tracking and managing SaaS apps via spreadsheets has been the fallback for many organizations for as long as SaaS apps have been around. While certainly better than doing nothing at all, spreadsheets are notoriously tedious and difficult to manage when dealing with dozens, if not hundreds, of SaaS apps each with their own pricing, usage terms, start and end dates and internal ownership. 

Like surveys, spreadsheets are perpetually out of date and backward-looking. Users come and go within organizations; new SaaS apps are added while licenses for others expire. And, as with any human endeavor, spreadsheets are prone to human error in the form of mistyped entries, inadvertent omissions or other data inaccuracies. 

Relying on a CASB or network monitoring tool

As cloud adoption has continued to expand, organizations have turned to Cloud Access Security Brokers (CASBs) or other network monitoring tools to provide some governance and security over their cloud footprint. These tools sit between the cloud application and the user to monitor activity and enforce security policies. They can help discover SaaS applications present in the environment and shed light on who is using what. 

Relying on a CASB to monitor SaaS, however, can leave you with multiple visibility gaps, as a CASB only sees activity taking place on the corporate network. When employees are working outside the office (at home or on business travel, for example), the CASB won’t be able to track activity unless the user is on a VPN. 

CASB’s also provide no information on license terms or application costs, so getting a complete picture of your SaaS environment requires marrying multiple data sets with the information provided by the CASB, which can be cumbersome and time-consuming.

Not using the right SaaS management platform for your organization

An increasing number of organizations are using SaaS management platforms (SMPs) to get visibility into their SaaS environments and begin to eliminate waste and mitigate risks. An SMP combines in a single, unified location information the presence and usage details of an app, with additional data such as:

  • License start and end dates
  • License cost information
  • Application type
  • User department and location
  • App approval status

This information is automatically updated eliminating the need to manually gather the data, like in the methods above. As apps and users come and go, the platform should reflect these changes, so you always have a real-time view of your SaaS environment. Not all SMPs are created equal, so you’ll want a platform that has the latest capabilities to keep your organization looking forward. Keep in mind, a SMP is only as powerful as the discovery methods it relies on for SaaS visibility, and many of these methods only tell a part of the story. Consider API and single sign-on connectors. APIs allow you to connect to vendor portals and bring into your SMP any license and usage data the vendor provides. SSO connectors allow you to leverage the login data maintained by your SSO platform, so you can track app usage. Both methods, however, are only good for apps you already know are in your environment. All of those unknown apps accessed and put into use without the knowledge of IT will remain unknown when relying on these discovery methods.  

Another common discovery source is financial data. This method involves connecting to your expense management tools to find the SaaS apps that have been purchased within the organization. While financial data can reveal both known and unknown applications, any free applications will escape discovery. It’s not unreasonable to assume, for example, that nearly every organization with more than a handful of employees has at least one experimenting with the free version of ChatGPT. This usage would go undetected by financial data.

There are also significant differences in the types of usage data SMPs provide. Some provide little or no data regarding when and how often an app is used, or they provide that data for only a subset of the apps discovered. Others rely on API and SSO connectors, which provide limited usage information such as logins. Without detailed usage information, including the actual hours and minutes a user spends in an application, it’s difficult to fully understand its true value and make informed optimization decisions.

Improve your SaaS management processes

When it comes to discovering assets and improving SaaS management processes, you want the most comprehensive view of your SaaS environment possible. Whether it’s paid, free, or known and unknown applications, you don’t want to develop blind spots with significant costs in the form of waste or regulatory and security risks. Contact us now to get started on the path to improving your SaaS management practices.