February 20, 2018

The “Unmanaged SaaS” Conundrum for Finance and IT Leaders

According to a 2017 report from management consulting and research firm Everest Group, unmanaged software spending comprises more than 50% of corporate technology spend in large enterprises. Another survey of technology executives released by the Cloud Security Alliance finds that nearly 72% of executives don’t know how many “shadow” software applications are being used within their organization.

Unmanaged SaaS - spending on applications and cloud services not officially “sanctioned” by a company.

Defined, unmanaged SaaS is simply: spending on applications and cloud services not officially “sanctioned” by a company and thus, not under the budget influence of business leadership. For technology and business leaders owning software service management, security and deployment, these statistics are terrifying.

“Today, when a business leader goes to the CIO and says he wants a new service and the CIO says it will take six months to set up, test, and deploy, the business guy goes to a cloud provider who says he can get it set up in two weeks.”

Cathie Lesjak, Hewlett-Packard CFO


Fueled by the emergence of SaaS and cloud-based software that can easily be bought and deployed by any business user with a corporate card or budget, this amounts to users simply sidestepping standard procurement or management procedures around software. Hewlett-Packard CFO Cathie Lesjak explained, “Today, when a business leader goes to the CIO and says he wants a new service and the CIO says it will take six months to set up, test, and deploy, the business guy goes to a cloud provider who says he can get it set up in two weeks.”

Besides budgetary concerns, this behavior presents a major security risk for an organization. According to Gartner, by 2020, a third of successful attacks experienced by businesses will be related to unmanaged software purchases. Companies have guidelines for introducing new software into the environment and when those procedures are bypassed companies are left susceptible to attack.

Without minimizing the security and financial liability concerns this poses, finance and technology leadership also need to keep in the mind the little-recognized opportunity that shadow, or unsanctioned software buying represents.

Unauthorized purchases are generally not made with malicious intent, but because workers are hustling to find technology to improve productivity, profitability and bring software innovation into aging workflows and processes. While procedure is unfortunately disregarded in the acquisition of these tools, the spirit behind the purchase is often one of trying to reduce business pains or inefficiencies.

Business users know that technology is often constrained by time or resources and tend to prioritize enterprise-wide projects closely connected to sales or customer experiences. As TechCrunch acknowledges:

“The IT task requests that often get relegated to the back of the list are those focused on worker productivity enhancement, simplifying communications or process improvement. These are not sexy customer or consumer-facing projects, but they can significantly impact the bottom line.”

While the rogue buying is ill advised, consider the innovation and improvement that can be achieved by extending some software or service acquisition freedom to ambitious individuals or teams.

To do this responsibly while mitigating security vulnerabilities and cost overruns, leadership must have a central view of what is being used, where, and by whom. To do so, Cleanshelf recommends these steps:

  • Encourage inter-departmental communication about software use. Cleanshelf tracks SaaS subscription spending by department, allowing leadership to determine what software is being used, where redundancies exist and how improvements can be made. For a company, this may look like consolidating multiple SaaS subscriptions into one, eliminating unnecessary costs and redundancy, and creating one cross-departmental solution that is centrally managed and negotiated.
  • Create standardized processes and procedures. Improving the processes by which a company manages license adoption and spend serves their corporate goals and keeps workers engaged. Process improvement begins with a understanding of inter-departmental spending. It builds momentum as leaders streamline, create visibility and strengthen security. Cleanself lays the foundation for effective SaaS management that puts finance and technology leaders in the driver's seat by equipping them with the needed tools to deploy standardized processes within a company. These guardrails for business behavior serve a twofold purpose--they save money and protect a company from cyber attacks.

Here’s a key, however: the improved visibility and transparency around spend should not always result in finance or technology leadership sniffing out and removing unsanctioned licenses.

Discovery can be the impetus for a good interaction too – where finance and technology help assess and prioritize places where innovation, productivity and collaboration may be happening. Those obscure places where an excellent use of a new software is found, can be nurtured at scale. This builds trust and creates safe channels for the best software to extend into the organization.

Don't let unmanaged software risks grow unchecked or the opportunities for improvement get ignored.

Cleanshelf can help companies monitor software usage across departments and support new risk, security and profit enhancing activities. Contact the team today for a demo and see how easy it is to take back control of the cloud ecosystem and make software better work for you.

About Cleanshelf

Cleanshelf is the leading SaaS spend optimization solution focused exclusively on tracking, controlling, and benchmarking subscription SaaS applications. Cleanshelf’s cloud technologies help companies save up to 30% on their SaaS spending by automatically identifying unused, underused, or unmanaged licenses and subscriptions.

Headquartered in San Francisco, CA, Cleanshelf serves dozens of clients, including Drawbridge, Revinate, Dynamic Signal, Qumulo, and Service Rocket.


Comments (0)