Managing a SaaS portfolio requires data from various sources to gain full visibility into users, applications, licenses, and usage patterns. However, relying on a single data source is often insufficient for a comprehensive view. Let’s take a closer look at the types of data available through different sources, the challenges they present, and why integrating multiple sources is essential for effective SaaS visibility.
Vendor API integration
Direct integration with vendor APIs enables the data collection of users, licenses, and assignments. However, these APIs often lack critical user activity and application usage data, making it difficult to generate actionable insights. Some vendors may withhold this data to protect their revenue, fearing customers will downsize or reallocate licenses.
Just as an example for ease of understanding, let’s consider Adobe Creative Cloud (Adobe CC). Like many vendors, Adobe CC has various applications that can be used in both on-premises and as cloud applications. This poses two key challenges:
Challenge 1: Limited usage data
Adobe CC’s API provides basic data like users and licenses, but lacks insight into how frequently applications are used—information crucial for license optimization. Additionally, the API does not distinguish between device-based and cloud-based usage, necessitating another data source to fill this gap.
Challenge 2: License recognition issues
Adobe’s API provides a list of all licenses that the customer has configured on their portal. However, the subscriptions come with their own configurations, making recognition of these licenses particularly challenging. For example, a single-app license could be assigned to Photoshop, Illustrator or any other application that belongs to the Adobe CC product family group. Additionally, this license can be assigned to groups of users within the Adobe portal. Without the ability to handle this separation, there is no distinction between two licenses, making it harder to accurately analyze your subscription usage.
Single sign-on (SSO) integration
SSO is a single-user authentication service used by most organizations for authentication management. APIs from SSO providers provide application login information for every user within the SSO provider. However, there are several limitations to relying on SSO data alone:
Challenge 1: Limited application coverage
SSO providers can only provide login details for applications configured within the SSO provider. This leaves unknown, unmonitored apps—a major concern for controlling shadow IT—undetected.
Challenge 2: Inconsistent application recognition
Application names in SSO configurations are often customized by admins, leading to inconsistencies. This means that “Atlassian Jira” might be simply labeled as “Jira.” When we receive this data, we must run rules to ensure that applications are mapped correctly, without which recognition will not be successful, resulting in duplicates of the same application in the UI.
Browser extensions & agents
Browser extensions and agents capture activity data whenever a user interacts with a cloud or locally installed application. With millions of applications available, it is vital to distinguish between business-critical applications that require monitoring and those that do not. While this provides deeper insights into usage, there are significant limitations:
Challenge 1: Subscription visibility
Browser extensions and agents can capture valuable application usage data, but they have no information as to whether the user actually holds a license for the app in the first place. Without this information, this method alone becomes just another incomplete source to mislead your optimization efforts.
Challenge 2: Private application recognition
Many organizations rely on various private, internally-developed applications to run their businesses. However, only a few vendors offer the capability to recognize and monitor these private applications, limiting the scope of visibility.
Cloud Access Security Brokers (CASBs)
Gartner defines CASBs as on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. They are critical to discover and control shadow IT. While they offer a comprehensive view on the usage, there are various challenges that lie within the data they provide and do not provide.
Challenge 1: Differentiating verified usage
CASBs log all application visits, but they don’t always distinguish between a mere site visit and actual application usage post-login. This lack of clarity can make it difficult to draw actionable insights from the data.
Challenge 2: Noisy data
CASBs have no scope in filtering out non-business applications and ensuring that only relevant data is tracked and reported. For example, how do you filter out LinkedIn activity and filter in Power BI activity? This leads to an overload of irrelevant data, requiring significant effort to filter out noise and focus on the critical applications.
One solution to multi-source data challenges
Effective SaaS management requires more than just data collection—it demands multi-source integration. No single source can provide a complete picture of your SaaS portfolio. By leveraging multiple data streams and consolidating them in a SaaS management platform, you can generate meaningful insights, reduce costs, and optimize your application usage.
A SaaS management platform can bridge the gaps between these disparate data sources to ensure your organization maintains full visibility into its SaaS landscape. If you’re not sure where to start, you can read our guide on how to choose the right SaaS management platform (SMP) for your organization.