How SaaS Management Bolsters Security and Reduces Costs

‍

Software-as-a-service (SaaS) is becoming increasingly popular. SaaS adoption keeps growing every year. In 2021, companies were using about 110 SaaS applications on average. That’s like installing 110 applications on every workstation.

‍

Without an efficient software management strategy, your SaaS portfolio can quickly turn into a SaaS sprawl with unmanageable risks to your company. That’s where SaaS management comes in. In this article, you’ll understand what SaaS management is, its benefits, its workings, and its best practices.

‍

What Is SaaS Management?

‍

SaaS management is the centralized administration of your company’s complete SaaS portfolio, i.e., every SaaS that any business unit in your company is subscribing to.

‍

The administrative goals here include:

‍

• Getting insights into the list of SaaS and their usage in your company
• Securing your information and interactions with these SaaS
• Optimizing SaaS expenses
• Integrating the SaaS ecosystem into your organization for higher productivity

‍

Although SaaS has a specific meaning in cloud computing — especially in the context of related concepts like infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) — we use “SaaS” here as an umbrella term for any service that’s offered as a set of functionalities over the internet, either as a web application or as an application programming interface (API) URL. The concerns and benefits of SaaS management apply to IaaS and PaaS too.

‍

So, SaaS management covers all the popular applications like Zoom, Google Workspace (formerly, G Suite), Slack, and Salesforce. But it also covers IaaS — like Amazon EC2 — and PaaS — like Heroku, Stripe, and Netlify.

‍

Why Is SaaS Management Necessary?

It may not be immediately obvious what problems SaaS management solves. For that, you should understand how software was procured traditionally and how the SaaS model disrupted that model.

‍

Traditional Software Model

‍

Traditionally, software procurement was centralized. A team requested some software from the information technology (IT) department. The IT and finance departments coordinated, negotiated a deal with the vendor, counted it as a capital expense, and got the vendor to deploy it in the company’s on-premises equipment (workstations and servers).

‍

The old model meant delays and frustrations for the requesting team but benefited the company in some aspects. Because deployment and expenses were centralized, security and expenses could be controlled better.

‍

SaaS Model

‍

In contrast, everything about a SaaS is available publicly — its features, pricing, and onboarding (registration and sign-in) are all public. Any team can subscribe using their discretionary budget. SaaS has turned software procurement into an operating expense.

‍

The team can start their tasks because they get the SaaS they need. For the company, SaaS apps bring higher productivity. But they also have some downsides. On average, a company has 80-110 SaaS subscriptions. Because of this increased attack surface area, cybersecurity and information security face more risks. Because it’s decentralized, it can result in wasteful expenses if multiple teams subscribe to different SaaS apps that do the same thing.

‍

SaaS management allows your company to get the SaaS model’s productivity and decentralized decision-making benefits. At the same time, it introduces a bit of centralization to control security risks and wasted costs.

‍

6 Benefits of SaaS Management

Instituting a SaaS management program in your company involves framing policies to guide your SaaS management and selecting the technologies you need to implement them. Such technologies may be full-featured SaaS management platforms (SMP) or a set of SaaS management solutions that specialize in particular management functions. Let’s see how your company benefits by doing this.

‍

1. Get Insights Into Your Company’s SaaS Usage

‍

SaaS management tells you all the SaaS apps your business units are using for their specific use cases. Plus, it provides your IT operations and IT teams with real-time, full visibility into their application usage. Such usage data is helpful at several levels.

‍

Your management gets a better understanding of the functionalities your employees need for their work. SaaS management shines a light on your shadow IT, i.e., the SaaS applications and APIs your employees are using unofficially. If many employees are heavily using a particular SaaS you don’t know about, it’s a hint that your management should officially subscribe to its enterprise plan.

‍

Acquiring that SaaS or building an in-house alternative are other possible business decisions that SaaS management can guide you towards.

‍

2. Manage SaaS Security Risks

‍

Every SaaS subscription adds several cybersecurity risks:

‍

• Your data security is affected because some of your data is now stored on another company’s (i.e., your SaaS vendor’s) systems.
• Misconfiguration of subscription settings or objects inside the SaaS by your employees may open up vulnerabilities in your systems.
• Permissions given by your employees on objects (like documents) inside the SaaS may break the principle of least privilege and create opportunities for cyberthreats to exploit your SaaS account, network, or other IT systems.
• Shadow IT is the set of SaaS apps your employees are using unofficially without your IT department‘s awareness. Shadow IT expands your attack surface behind your back, increasing the probability of facing devastating cyberattacks.
• When an employee or contractor ends their contract with your company, their access to SaaS applications should be systematically withdrawn as part of user offboarding. Without it, you leave the door open for data thefts, data breaches through phishing, or digital vandalism by a disgruntled worker.

‍

SaaS management addresses these important SaaS security concerns like access management, data security, and software asset management. SaaS discovery is a type of IT asset management, or ITAM, an important stage in security assessments.

‍

3. Support Compliance and Legal Departments

‍

SaaS management enables your compliance and risk department to analyze and track the overall risks and compliance procedures of all your SaaS vendors. This is critical because your data resides in multiple SaaS applications. A data breach in one may impact your business operations, bring regulatory penalties, or damage your reputation.

‍

Your legal department can use the SaaS usage data to negotiate better service level agreements and liability agreements to reduce legal and financial risks.

‍

4. Optimize SaaS Costs

‍

Above a certain company size, decentralized procurement of software is more efficient and productive. Each business unit or team is given the freedom and a discretionary budget to purchase the SaaS applications that best suit their specific needs.

‍

However, multiple teams may end up purchasing the same SaaS under separate accounts and pricing plans. Your company as a whole may lose out on all the features and financial benefits of using a single enterprise plan that the vendor is offering.

‍

SaaS management provides spend management features to give you insights into your SaaS spending. It can help you streamline multiple subscriptions under a single or smaller number of optimized subscription plans. If you’re bringing a large user base to a vendor, you can negotiate with their sales teams to rightsize the pricing and get special discounts.

‍

5. SaaS License and Lifecycle Management

‍

Every SaaS subscription involves licenses and renewals. License management keeps track of any changes in the vendor’s SaaS licenses or terms and conditions that may have legal, financial, or security impacts on your company. Renewal management ensures your SaaS subscriptions get renewed and invoices get paid on time. Your operations teams are alerted on important dates like credit card expiry dates or SaaS resource expiry dates (such as domain name registration and browser certificate end dates).

‍

SaaS lifecycle management is the process of managing a SaaS subscription from initial procurement to its end of life, including onboarding, ongoing SaaS operations, SaaS renewals, data withdrawals, and replacement or retirement. SaaS management simplifies and streamlines these stages.

‍

6. Simplify Employee Onboarding and Offboarding

‍

SaaS management provides automated tasks and customizable workflows to help you with end-user and employment lifecycle management.

‍

An employee — or contractor or partner — should be onboarded to your SaaS apps before they can start using them. Onboarding involves registering them with each SaaS, setting their profiles and preferences, granting them appropriate permissions, provisioning necessary cloud resources (such as storage quotas), and running SaaS-specific procedures.

‍

Similarly, when a contract ends, offboarding should remove the employee, contractor, or partner from each SaaS by deactivating their accounts and access.

‍

How Does SaaS Management Work?

Automation plays a major role in SaaS management. It’s essential because manually managing dozens of SaaS subscriptions and their details is impractical and ineffective. We’ll explore some of the techniques SaaS management solutions use.

‍

SaaS Discovery Using Network and Cost Analysis

‍

How do you find out the SaaS applications your employees are using? How do you find out the extent of your shadow IT? One option is manual reporting. But that information goes stale quickly because of busy employees who don’t update, employee transfers, changes in jobs roles, or employee resignations.

‍

Automated approaches work better. By analyzing and processing the network traffic from your network monitoring solution, a SaaS management solution can find out the SaaS applications and APIs your employees are using. It can also estimate the frequency and volume of usage.

‍

By analyzing SaaS invoices, a SaaS management solution can infer additional information like the names of services and subscription costs.

‍

SaaS Introspection Using APIs

‍

Once it knows all the SaaS applications in use, a SaaS management solution uses its APIs to get additional details. Most SaaS applications provide introspection APIs to access their usage logs, billing details, access control configuration, and much more.

‍

A SaaS management solution combines all this information into a system of record about your company’s SaaS portfolio — a single source of truth that contains all the details of how they’re being used and is updated in real-time.

‍

Automation and Workflows

‍

Automation and workflows are essential for day-to-day SaaS management.

‍

SaaS management solutions support management tasks through integrations with your accounting system, security systems, HR information system, and other internal systems. They provide workflow builders and other management tools to customize and simplify workflows like employee onboarding and expense consolidation.

‍

SaaS management solutions support automated security workflows for managing — and even automatically remedying — SaaS security risks.

‍

3 Best Practices for Effective SaaS Management

Here are three best practices we recommend when designing your SaaS management strategies.

‍

1. Remember That Everything Else Is Optional but SaaS Security Is Not

‍

Most of the benefits of SaaS management — like cost optimization and SaaS insights — are needed only after your organization has grown to multiple departments. The one exception to that is SaaS security. You may be a one-month-old startup, but your security risks start as soon as your first customer’s information gets stored in your database.

‍

We recommend that you choose a SaaS management solution that specializes in SaaS security early on in the life of your startup.

‍

2. Implement SaaS Management Alongside Risk Management

‍

Every SaaS subscription brings business, operational, legal, cybersecurity, and other risks you should plan for. They affect your enterprise risk management, supply chain risk management, and cyber risk management strategies. Implementing SaaS management is a step that satisfies many guidelines of these risk management strategies.

‍

3. Assign Clear Roles and Responsibilities for SaaS Management

‍

By its nature, SaaS management involves multiple departments — IT operations, security teams, compliance department, legal department, management roles, and others.

‍

In some organizations, bringing these diverse teams together on a single SaaS management platform may work smoothly. In others, specialized SaaS management solutions may work better — finance gets a solution for SaaS expense analysis, security teams get a solution for SaaS security, and so on.

‍

Either way, make sure your SaaS management process is tuned to your organization’s structure, and responsibilities are assigned clearly.

‍

ThreatKey for SaaS Security Management

ThreatKey is a service for SaaS security management. We support popular services like Google Workspace, Microsoft 365, Box, GitHub, Okta, and Slack.

‍

We use our system-of-record technology, coupled with API-based agentless scanning and log ingestion, to ensure full discovery of your SaaS assets.

‍

Our service continuously monitors the configurations and logs of these SaaS applications to detect possible vulnerabilities and remedy them automatically. Try ThreatKey for free.

‍