According to a 2017 report from management consulting and research firm Everest Group, unmanaged SaaS spending comprises over 50% of corporate technology spend in large enterprises. Another survey of technology executives released by the Cloud Security Alliance finds that nearly 72% of executives don’t know how many “shadow” software applications are being used within their organization.
Defined, unmanaged SaaS is simply: spending on applications and cloud services not officially “sanctioned” by a company and thus, not under the budget influence of business leadership. For technology and business leaders owning software service management, security and deployment, these statistics are terrifying.
Fueled by the emergence of SaaS and cloud-based software that can easily be bought and deployed by any business user with a corporate card or budget, this amounts to users simply sidestepping standard procurement or management procedures around software. Hewlett-Packard CFO Cathie Lesjak explained, “Today, when a business leader goes to the CIO and says he wants a new service and the CIO says it will take six months to set up, test, and deploy, the business guy goes to a cloud provider who says he can get it set up in two weeks.”
Besides budgetary concerns, this behavior presents a major security risk for an organization. According to Gartner, by 2020, a third of successful attacks experienced by businesses will be related to unmanaged SaaS purchases. Companies have guidelines for introducing new software into the environment and when those procedures are bypassed companies are left susceptible to attack.
Without minimizing the security and financial liability concerns this poses, finance and technology leadership also need to keep in the mind the little-recognized opportunity that shadow, or unsanctioned software buying represents.
Unauthorized purchases are generally not made with malicious intent, but because workers are hustling to find technology to improve productivity, profitability and bring software innovation into aging workflows and processes. While procedure is unfortunately disregarded in the acquisition of these tools, the spirit behind the purchase is often one of trying to reduce business pains or inefficiencies.
Business users know that technology is often constrained by time or resources and tend to prioritize enterprise-wide projects closely connected to sales or customer experiences. As TechCrunch acknowledges:
“The IT task requests that often get relegated to the back of the list are those focused on worker productivity enhancement, simplifying communications or process improvement. These are not sexy customer or consumer-facing projects, but they can significantly impact the bottom line.”
While the rogue buying is ill advised, consider the innovation and improvement that can be achieved by extending some software or service acquisition freedom to ambitious individuals or teams.
To do this responsibly while mitigating security vulnerabilities and cost overruns, leadership must have a central view of what is being used, where, and by whom. To do so, Cleanshelf recommends these steps:
- Encourage inter-departmental communication about software use. Cleanshelf tracks SaaS subscription spending by department, allowing leadership to determine what software is being used, where redundancies exist and how improvements can be made. For a company, this may look like consolidating multiple SaaS subscriptions into one, eliminating unnecessary costs and redundancy, and creating one cross-departmental solution that is centrally managed and negotiated.
- Create standardized processes and procedures. Improving the processes by which a company manages license adoption and spend serves their corporate goals and keeps workers engaged. Process improvement begins with a understanding of inter-departmental spending. It builds momentum as leaders streamline, create visibility and strengthen security. Cleanself lays the foundation for effective SaaS management that puts finance and technology leaders in the driver's seat by equipping them with the needed tools to deploy standardized processes within a company. These guardrails for business behavior serve a twofold purpose--they save money and protect a company from cyber attacks.
Here’s a key, however: the improved visibility and transparency around spend should not always result in finance or technology leadership sniffing out and removing unsanctioned licenses.
Discovery can be the impetus for a good interaction too – where finance and technology help assess and prioritize places where innovation, productivity and collaboration may be happening. Those obscure places where an excellent use of a new software is found, can be nurtured at scale. This builds trust and creates safe channels for the best software to extend into the organization.
Don't let unmanaged SaaS risks grow unchecked or the opportunities for improvement get ignored.
Cleanshelf can help companies monitor software usage across departments and support new risk, security and profit enhancing activities. Contact the team today for a demo and see how easy it is to take back control of the cloud ecosystem and make software better work for you.
Ready to start controlling your enterprise SaaS?
Cleanshelf is the leading enterprise SaaS management platform focused on tracking, controlling, and benchmarking SaaS applications. Their SOC 2-compliant and AI-powered technology helps companies save up to 30% on their SaaS spending by automatically identifying unmanaged contracts, duplicate licenses, and wasted cloud software subscriptions. Based in San Francisco, Cleanshelf provides an enterprise-grade solution to over a hundred clients, including Hilton, Looker, and CoStar Group.