SaaS management platforms are helping IT solve a new version of an old problem: user behavior and software application visibility. With endpoint solutions like remote monitoring and management (RMM) agents, MSPs and IT teams have had deep visibility into desktop applications for years. But, once a user opens a browser and logs into a SaaS app, it’s a different story. Apps and user accounts are often manually tracked via spreadsheets, and shadow IT is common.
The lack of SaaS visibility is contributing to real business problems. In fact, unused SaaS subscriptions cost almost $40 billion in 2020 and waste is doubling inside of businesses every year. Additionally, limited SaaS visibility makes it harder for companies to prevent insecure practices like using personal accounts to access business assets (case in point: the Yanluowang ransomware group compromising a Cisco employee’s personal Google account last year).
SaaS management platforms are a key ingredient to solving these problems. Organizations that implement SaaS management effectively can increase visibility, reduce cost, and improve overall security posture.
In this article, we’ll take a deep dive into the world of SaaS management and SaaS management platforms, including key SaaS management features, benefits, and five best practices for implementation.
What is SaaS management?
SaaS management is the practice of discovering, administering, and securing SaaS apps in an organization.
SaaS applications are a cornerstone of modern businesses. With SaaS apps, organizations offload the complexity of infrastructure management to a third-party and focus on business outcomes instead of traditional IT ops work. However, the explosive growth of SaaS over the last decade has created new unique challenges and complexities that IT departments and MSPs must navigate.
Organizations have an average of 125 different SaaS apps. The standard approach to managing SaaS for many teams is to track apps with a combination of spreadsheets, employee surveys, and traffic analysis, all of which are error-prone and create business risks.
Exactly what level of risk?
Well, it depends on a few factors, including the extent of your SaaS sprawl (more on that below). You can get a better sense of your organization’s shadow IT risk factor by taking the quiz in the Modern Professional’s Guide to Shadow IT
But let’s talk solutions.
SaaS management enables businesses to mitigate these risks and operationalize SaaS by enabling:
- Continuous discovery of SaaS apps
- Detection of shadow IT and risky user behavior
- Streamlined employee onboarding and offboarding
- Detailed license reporting and cost optimizations
What is a SaaS management platform?
A SaaS management platform is a software solution designed to discover, categorize, monitor, and report on all the SaaS apps in an organization with a single pane of glass.
SaaS management platforms typically integrate into an environment using an agent compatible with a tool such as an RMM or mobile device management (MDM) platform, browser extension, or by syncing with an identity platform such as Azure Active Directory or Google Workspace.
Once a SaaS management platform is integrated into an environment, it captures information on what SaaS apps are being accessed by users as well as how they use those platforms (usage, which accounts are being used, etc.).
After initialization, a SaaS management platform continues to catalog and track SaaS app usage in an environment. This allows IT and MSPs to see the actual state of SaaS usage in their—or their clients’—environments. And that’s where the power of SaaS management becomes clearer. With real-world SaaS usage data, you can capture insights related to shadow IT, shelfware licenses, redundant apps, and even security issues.
Because of how it works and what it does, SaaS management is often compared to single sign-on (SSO) and/or Cloud Access Security Brokers (CASBs). Comparing the scope of these tools is a much larger topic, but for context, let’s quickly summarize the key differences.
- SaaS management solves the problem of simple and scalable SaaS app monitoring and management.
- CASB configurations tend to be a bit more complex to setup and focus on data security and threat protection.
- SSO streamlines authentication across platforms.
The importance of SaaS management for modern businesses
We can summarize why SaaS management is an important aspect of modern business in two words: SaaS sprawl.
Simply put, even for many smaller businesses, SaaS adoption has exploded beyond what manual tracking and spreadsheets can responsibly handle. With dozens to hundreds of SaaS apps across an environment, IT loses visibility and control. In fact, when we analyzed data across our entire Auvik SaaS Management (ASM) client based, we found that the average number of business applications used at a 100-person company was 334.
This level of SaaS sprawl can lead to security and compliance risk, wasted spend, and even lower employee productivity due to context switching resulting from lack of SaaS governance. (Check out our shadow IT guide for a simple way to assess your risk level.)
The security and compliance risk is simple enough to understand. If an employee registers a new SaaS app without IT oversight, the security and compliance of the data on the platform is unknown. For example, there’s no shortage of SaaS file-sharing programs, and a well-intentioned sales or support person may sign up for a subscription to quickly solve an immediate customer need.
And then, like most shadow IT, that license hangs around out of convenience. The file share becomes an undocumented repository for sharing critical business data with customers. Without some form of SaaS management, IT cannot validate the platform’s security and compliance (important to fulfill cybersecurity insurance requirements, among other things), lacks visibility, and can’t implement proper controls.
Top business risks of SaaS sprawl
As a result, business face risks such as:
- Data exfiltration: Without proper security controls, sensitive data is at a higher risk of falling into the wrong hands. In some cases, this is a result of malicious actors. In others, it’s simply human error.
- Delayed responses to vendor breaches: Cloud data breaches regularly make tech headlines. However, it isn’t always easy to know if your users are affected. If the app is inventoried, you can quickly respond and take corrective action such as resetting passwords or updating MFA settings. If the app isn’t on your radar, any risk requiring user action is less likely to be addressed (eg. Mailchimp).
- Shared credentials: Sharing account credentials across multiple users increases the risk of credential leaks and reduces auditability. With unmanaged SaaS apps, shared credentials can go undetected for extended periods of time.
- Poor offboarding practices: While SSO can help simplify offboarding workflows, it isn’t a cure-all. Our data suggests that only 6% of monitored login events used SSO, which might help explain why 83% of employees report continued access to accounts from an ex-employer. Coupled with the fact 75% of insider threat cases were reported as caused by disgruntled ex-employees, poor offboarding practices are a major business risk.
- Fines for non-compliance: Failure to comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS), and General Data Protection Regulation (GDPR) can lead to costly fines. Without insight into how shadow IT applications handled data, this is a risk organizations can’t easily mitigate.
Additional productivity risks
There’s also a subtler cost associated with SaaS sprawl and unmanaged SaaS: productivity loss.
First, it simply isn’t efficient for IT and MSPs to administer dozens of SaaS apps using siloed dashboards. That often leaves teams stuck with the unhappy tradeoff of limiting oversight on SaaS subscriptions or spending significant time manually tracking SaaS activity.
Further, it can become harder for employees to be productive when business data is spread across multiple SaaS platforms that serve similar purposes. Redundant apps can mean duplicate “sources of truth” and stale data floating around an organization. This dynamic might help explain why Qatalog and Cornell University found that employees waste 59 minutes a day looking for information, 58% say they’re not certain all departments use the same apps, and almost half report making mistakes because they couldn’t keep track of information spread across different tools and apps.
Shadow IT can also make onboarding challenging when new employees replace predecessors that leveraged shadow IT. For example, if a sales manager created key reports and tracked KPIs using an unmanaged SaaS service, how would their replacement know? Typically, they wouldn’t unless the tribal knowledge was shared somehow.
Understanding SaaS management platforms
The SaaS management category is still emerging. As a result, the lines might seem a bit blurry between solutions like SaaS discovery (a subset of SaaS management), CASB, and SaaS management.
To simplify, let’s dig into the SaaS management features that help drive business value, particularly what IT departments and MSPs need to get SaaS sprawl under control.
A centralized dashboard enabling IT to visualize and control the state of SaaS apps in their environment is one of the most important SaaS management software features. That’s because SaaS usage and billing information is typically distributed across multiple siloed accounts and control panels. Without centralization, IT can’t make informed decisions about subscriptions and governance.
User and access management
Supporting security controls and achieving visibility over all the SaaS apps in an environment is one of the biggest value-adds SaaS management tools can provide. When comparing platforms, look for solutions that provide broad support SaaS discovery to detect apps, support SSO and MFA, flag issues like shared credentials, and offboarding workflows to help improve IT visibility and streamline account management across services.
Application usage and monitoring
Visibility into which apps users access and how often they’re used helps differentiate between apps that solve new business problems and wasteful duplicates. It also allows IT to detect behavioral red flags, such as expensive apps that are rarely used or those that represent insecure file sharing.
SaaS management platforms enable IT to detect insecure practices like using an unauthorized account (e.g. a personal account to access a business app) and support remediation through reporting, alerting, and automation capabilities. Some SaaS management platforms can also notify you if a client uses a SaaS app impacted by a recent vendor security incident so you can take remediation steps if necessary.
SaaS account inventory for compliance
RMM tooling streamlines endpoint application inventories, but cataloging SaaS is a different challenge. SaaS management tools enable IT and MSPs to create detailed app inventories based on actual user activity. As a result, teams can generate more complete inventories to assess risk and support compliance.
Cost optimization and analytics
In addition to SaaS discovery, SaaS management software can help quantify the cost of SaaS subscriptions and identify areas where teams can cut unnecessary spending. These features are a great way to eliminate waste.
Custom reporting and alerts
No two environments are exactly alike. Custom reports and notifications help teams optimize a SaaS management platform to meet their needs. For example, an MSP may want to receive an alert every time generic credentials are received. Alternatively, a custom report detailing the SaaS apps, their usage, and associated risk can be an excellent talking point at quarterly business reviews (QBRs).
4 Essential benefits of SaaS management platforms
Exactly how a team will implement SaaS management and which features they’ll use the most will vary across environments. Still, in most cases, SaaS management provides these four essential business benefits.
1. Enhanced visibility and control
SaaS management platforms bring RMM-like visibility to cloud apps and help restore governance and control in a world where accessing a new app is often as simple as filling out a form. With SaaS management, IT teams can:
- Create a detailed SaaS app inventory
- Track application usage
- Identify redundant and abandoned subscriptions
- Detect risky behavior and shadow IT
2. Stronger security posture
Increased visibility and control directly enable a stronger overall security posture. For example, increased visibility into shadow IT and behavior like credential sharing make it significantly easier to take corrective action and implement security controls. Further, some SaaS management platforms can alert administrators when vendor breaches occur and alert based on security log events.
3. Cost savings and optimized resource utilization
With increased visibility into SaaS activity, teams can reduce costs and optimize resources. For example, MSPs can use a SaaS management platform to gain insights about shadow IT and orphaned apps in their clients’ environments and develop a plan to begin managing or canceling them.
This creates a win/win: clients save money and the MSP improves client satisfaction (and maybe even generates new revenue by managing additional services). In a world where SaaS app subscriptions can easily cost more than $20/month per user, savings can add up fast.
4. Streamlined administration and user management
Manual user lifecycle management is error-prone, risky, and tedious. In fact, one study found that 21.7% of US companies take up to a month to deprovision employees and 14% take up to six months. SaaS management platforms help streamline the process and enable simplified onboarding/offboarding checklists that help make user management workflows faster and more robust.
5 Considerations for choosing a SaaS management platform
As you evaluate different SaaS management platforms, it’s important to hone in on the features that drive the most business value for your organization. Every use case is different. What’s essential for an MSP may not matter to an enterprise IT team. That said, these five considerations provide a useful framework for evaluating different SaaS management platforms.
1. Scalability and flexibility
There are several ways to view scalability and flexibility. As you evaluate different solutions, ensure they’re scalable and flexible enough for your business without overpaying for features you don’t need.
Key questions to ask include:
- Do performance and pricing scale align with your growth expectations?
- Does the platform offer customizable reports and notifications?
- Can you modify the interface so users see your branding?
2. Integration capabilities
Integrations help reduce data silos and generally make life easier for IT. When you’re evaluating a SaaS management platform, consider what integrations it supports for:
- Identity providers
- Professional services automation (PSA)
3. User-friendliness and ease of adoption
Your SaaS management platform should reduce the overall complexity in your environment. If it doesn’t, there’s a problem. Ensure you choose a platform that enables you to derive value quickly without becoming a subject matter expert first.
4. Security and data privacy measures
Like RMMs and network monitoring tools, SaaS management platforms provide teams with access to sensitive data. That makes platform security an important evaluation criterion for businesses comparing platforms. Key indicators of platform security to consider are:
- SSO and MFA support
- Encryption of data at rest and in transit
- ISO 27001 certification
- SOC 2 Type II audits
- A vulnerability disclosure platform
5. Pricing and licensing models
Ultimately, licensing a SaaS management solution is a business decision. The benefits are one side of the equation and cost is the other. Make sure to choose a pricing model that meets your business needs.
Typically, flat per-user monthly rates are a simple and transparent approach to pricing that doesn’t penalize teams with a large number of managed devices or apps per user. Pricing in the SaaS management space tends to be quote-based, so consider requesting quotes from multiple vendors to perform an objective cost/benefit analysis.
5 Best practices for implementing and maximizing SaaS management platforms
The five SaaS management platform implementation best practices below provide a framework for selecting and implementing a solution that meets your organization’s business needs.
1. Start with a needs assessment
Understanding what problem you want to solve is the right first step for implementing any new tool, and SaaS management is no different. Key questions to ask during this step include:
- Can you detect shadow IT in your environment?
- How much are you spending on SaaS apps today?
- Which SaaS apps get the most (and least) use?
- Do you have compliance requirements?
- How are users logging into SaaS services?
💡Pro tip: Determine your organization’s shadow IT risk factor using the worksheet in our Modern Professional’s Guide to Shadow IT.
2. Research and evaluate solutions
With your business requirements in mind, the next step is to find platforms that seem to fit the bill. Begin by narrowing your list to a few options that meet your business requirements. Then, put them to the test with free trials or demos. Compare how well different platforms perform SaaS discovery in the same environment and take key features for a test drive. Once you find the right combination of features and price, you’re ready to make a buying decision.
💡Pro tip: Perform a trial deployment in an environment with at least 30 workstations and target user groups likely to leverage multiple SaaS platforms to get the most out of your evaluation.
3. Plan the implementation
Once you have a platform, it’s time to plan the production implementation. At this stage, you’ll need to decide what deployment options you’ll use. Typically, integrations with identity services like Azure AD are fast and a good way to perform initial scans. Endpoint agents and RMM integrations can help you capture deeper insights, but may take a bit longer.
For reference, Auvik SaaS Management takes about two minutes to integrate with Azure AD and about six minutes to deploy using an endpoint agent.
4. Train users
After deployment, the platform will need several days to analyze and aggregate usage patterns before it begins providing useful insights. Once it does, you can implement corrective actions and improvements based on your learning. One of the most powerful actions to reduce risk is to train users to avoid the insecure practices the tool detects.
For example, if the SaaS management platform detects frequent use of unauthorized file-sharing apps or shared user accounts, consider performing end-user training explaining why those practices are insecure and what they should do instead.
5. Assess, act, repeat
SaaS management is a continuous practice. Once you’ve deployed a solution, regularly review reports and alerts to identify areas for improvement. When you do detect shadow IT or insecure behavior, always ask why. In some cases, well-intentioned users simply may not have the tools they need to do their job effectively.
Take back control with SaaS management
The proliferation of SaaS apps has had a lot of upside for businesses. But it has also created new challenges for IT.
Along with offloading the complexity of infrastructure management to cloud service providers came a loss of visibility and control. That tradeoff is usually easy to manage for a small number of apps. However, for modern organizations that use dozens or hundreds of SaaS apps, the complexity, visibility, and security challenges have quickly become real business problems.
SaaS management platforms enable teams to take back control, increase visibility, and improve security posture. To see the benefits of SaaS management in action for yourself, sign up for a free trial.