With enterprise workloads shifting to the cloud, it is becoming increasingly important to establish a sustained plan for SaaS discovery and visibility. Today, much of the value conversation around SaaS license and optimization tools center on cost savings.
Patrick West, Head of Solution Engineering & Delivery at Cleanshelf
“Few enterprises actually have the SaaS visibility and control they think they do. One of our clients believed they had a handle on their app management. They said they had 80 apps. We found 170.” – Patrick West, Head of Solution Engineering and Delivery – Cleanshelf.
However, while reducing expenses is a byproduct of managing software license flow into an organization, it is just one element.
Architecting an enterprise-wide plan for SaaS visibility and discovery is fundamental to establishing security and control. Besides, it is essential for companies pursuing organizational maturity.
Leaders intent on safeguarding data, maximizing productivity, reducing security vulnerabilities, and emphasizing loss prevention must commit to a control process.
Yes, there will be savings. But more importantly, there will be effective administration and the ability to unlock the efficiency, collaboration, agility, scale, and availability benefits of cloud technology. Company culture as a whole can change.
CIOs cannot control what they cannot see
Shadow IT, the use of personal apps, and sloppy employee on-boarding and off-boarding have reduced enterprises’ ability to see and control the applications being used inside their organizations.
Duplicate and hidden licenses are common – and companies tend to address these issues one-off. Usually, this looks like a harried FP&A analyst running down department managers to reconcile invoices with headcount.
If not that, then they are wading through financial system data to figure out what software the company owns during year-end planning therefore priorities of the effective leaders need to change to stay on top of the SaaS wave.
The problem of zero control, according to Patrick West, is more than just wasted hours and frustrated staff.
“Constant and continuous discovery and visibility are marks of an efficient enterprise. Discovery leads to better compliance. Companies need a platform that supports data organization, particularly where SOC 2, PCI or HIPAA compliance matter.”
PCI compliance, for example, requires that a company processing credit card transactions comply with a series of protective measures.
These include the first steps of assessing their “...technology infrastructure and business processes…” to identify threats that compromise card data. Enhancing application discoverability and management certainly fall under this.
Ongoing SaaS visibility and control key to cloud management success
In a recent article on the emergence of cloud access security brokers (CASBs), Cloud Computing News shares the functional pillars of cloud management success. These include: visibility, compliance, data security, and threat protection.
In particular, they note the importance of discovery. Organizations have hundreds of applications, which routinely leads to widespread loss of visibility and sensitive data management.
Further, the article suggests pairing CASB tools with Identity and Access Management (IAM) services. This is to reduce security risks and poor user experiences associated with employees trying to manage their own identities, accounts, and passwords across multiple accounts.
Many organizations have the same ultimate end goal. Understandably, they want a sanctioned, well-governed cloud application process approach that is both comprehensive and consistent. But most lack the infrastructure to gain visibility, which is critical to achieving this.
In recent discussions with growth companies, Brendan Crane, Account Executive at Cleanshelf, has noticed the recurring theme of leaders working to create organizational leverage.
One company, in particular, had recently completed multiple acquisitions and was struggling with overlap and redundancy due to multiple software contracts and deployments.
The acquiring company’s leadership was concerned with compliance but was also faced with ineffective software management processes. These were reducing the productivity and collaboration of the new teams.
Ongoing SaaS visibility is crucial
Crane guides companies to develop a sustainable and ongoing approach to improving security and reducing SaaS spend:
Brendan Crane, Account Executive at Cleanshelf
“You cannot control SaaS without having consistent visibility. New software enters an organization all the time. Your discovery process needs to be real-time and continuous to be effective with your oversight or governance approach.”
The moment an organization acquires cloud technology is the moment it also needs to also evaluate an adoption management tool.
In a white paper titled, How to ensure control and security when moving to SaaS/cloud applications, Deloitte shares critical criteria for enterprises assessing SaaS applications.
One of the key points in their recommendation on an effective approach to identify suitable cloud deployment models is this:
Evaluate the asset: this step consists of determining how important the data or application is to the organization.
Essentially, it means assessing confidentiality, integrity and availability requirements for the assets and how the risk changes if all or part of the asset is handled in the cloud.
The article also suggests that enterprises carry out a rough assessment by asking this question:
Are there any sensitive data that should not be placed into the cloud (at this time)? For example, should client names, private asset information, health information, personal data, etc. be placed in the cloud? What regulatory restrictions exist?
Enterprise SaaS visibility: the takeaway
There is a shocking takeaway here for maturing enterprises that can’t be missed.They all need to ask essential risk-assessment questions before even entertaining the idea of cloud services. However, most organizations ignore these questions as soon as they actually acquire SaaS.
Companies routinely weigh data security and vulnerability issues before moving to the cloud. Then quickly neglect proper controls to ensure that apps and data remain secure, managed and assigned with intent.
The primary cause of worry to CIOs is that they lose track of what SaaS the company is using.
Fewer still establish guidelines around the white paper’s Security Operations recommendations.
- a policy-based approach for consistently consuming cloud services, and
- creation of explicit security operations policies and standards for cloud apps
More common is that individuals have unfettered access to cloud apps, making administrative a reactive exercise. Cleanshelf’s West describes the unregulated scene of most enterprise customer’s SaaS environments:
“...we discovered that one of our customers was using NINE different project management solutions…”
“..by identifying customer exposure and application overlap, we found nearly $200,000 in waste that become immediate, direct-to-bottom-line savings…”
Putting CIOs back in control
As these observations confirm, companies woefully underestimate the volume of SaaS that their staff are deploying. While costs, unwieldy contracts and lost productivity balloon, so too do compliance and security concerns.
Each of these reduces companies’ push for leverage. As a result, they inhibit their ability to do more with less and expand organizational maturity. Any company considering M&A, large scale product expansion, global growth or a similar strategic agenda must regain processes and control.
Finding this in the software and app experiences that underpin nearly every corporate function and employee activity is a smart place to start.