How do employers control their SaaS applications? In reality, very few do. Not because it isn’t important. It just hasn’t been important enough – until now. Although working from home is by no means a new concept, it is clear employees are still in the early stages of this global experiment. And there are several reasons why IT departments are concerned.
Their main worry is that they cannot track which cloud applications their employees are using. Policies for managing cloud service consumption are lacking, with few security policies and standards in place.
That leaves employees with carte blanche to sign up to whatever cloud apps they can pay for, leaving IT departments back footed and always one step behind.
Then there is the issue of compliance. If the customer provides personally identifiable information that is breached while in the SaaS vendor’s environment, this can leave companies liable under legislation such as SOX, CCPA, HIPAA, GDPR, PCI-DSS, and SOC 2.
That's why it is critical to an organization’s success that its CIO understands their SaaS portfolio. The alternative is to risk disseminating sensitive internal data to unvetted vendors.
There are immediate costs to be saved too. With SaaS spend growing at a rate of 25% year-on-year, it already ranks as the second biggest expense for many organizations. However, even this outlay would be dwarfed by the expense of any security or compliance breach.
As the SaaS industry has steadily grown over the years, these questions have always been there. But the coronavirus pandemic escalated matters that perhaps weren’t quite as important before the seismic shift in working activity.
What about SaaS security
When considering what could go wrong with remote working culture, LeanIX’s developers and IT staff are all aligned. Security takes first place.
Backup and recovery, and the reduced security available on mobile devices are just some of the security challenges enterprises face. But even something as simple as the ability to track and manage cloud-based software like SaaS presents its own particular challenges too. The key problem here is misinformation. On average, enterprises underestimate the number of SaaS applications they own by 50%.
Unfortunately, this lack of visibility, and the resulting absence of control, means that CIOs have no reliable SaaS intelligence available. That’s why this part of the cloud has become a growing security challenge for enterprises. And the recent surge in remote working has only accelerated this urgency.
Controlling the remote working paradigm
With a typical enterprise in the United States using over 1,000 cloud applications across the organization, and 97% of CIOs unable to see all of their SaaS stacks, the situation is serious. Without visibility, it is clear why security threats have become a major problem.
In 2020, the number of cyberattacks continued to rise. In total, 61% of businesses reported a breach – and the average cost per incident has now ballooned into hundreds of thousands of dollars.
Leading commentators often cite third-party risk as to the main reason for this trend. Now, following a 2020 study from the European Journal of Operational Research, it is clear that improving communication among supply chain partners is the best way to avoid difficulties. And that starts with understanding what software you own and pay for.
Trying to keep pace with your SaaS security is difficult. But it’s important to remember that this race to close loopholes is winnable. Although employees routinely bypass IT departments, it’s also important to note that they aren’t trying to be difficult. They want to be proactive, improve operations, enhance customer experiences, and push your business forward.
Since there are few obstacles to doing so, SaaS is employed which prevents companies from easily tracking experimentation, licenses and subscriptions. This simply underlines the need for security awareness to be encouraged, and this is an issue finance and technology leaders can escalate.
A SaaS management fix for enterprises
Although the problem is riddled with complexity, SaaS management tools make it possible for IT to perform corrective measures iteratively. Here is a four-step, holistic approach to doing so. Once achieved, the CIO gets back in control.
- The path toward SaaS intelligence starts with discovery. It’s far easier said than done but, once you have a system in place that automatically identifies your SaaS services, then life instantly becomes easier. Not only does LeanIX help you see every license owned by every employee, you can also fully understand how much you are spending on each SaaS app used. Seeing is believing.
- Assessment requires measuring software utilization to understand risk exposure in order to see exactly where companies are wasting SaaS subscription spend.
- Less waste leads to greater optimization. To help you achieve this crucial goal, LeanIX SaaS Management Platform uses machine learning and AI to understand which licenses customers either don't use, under-use, or shouldn't be using. This makes it possible to quickly identify all duplicate licenses, overlapping functionality, and other examples of waste.
- All of the above feeds into the control that CIOs need. Only through a thorough SaaS management platform can enterprises hope to get the visibility, intelligence, and actionable insights they require.