Close Menu

Search for Keywords...


3 Steps to Create a Cloud Governance Framework

cloud governance framework

Many organizations today drastically underestimate their true SaaS inventory by two to three times, often because they lack a cloud governance framework and dedicated SaaS Management strategy. Even more, the ease of adoption and low cost of acquiring SaaS licenses means the average company sees six new applications enter the organization each month.

Chart: SaaS Ownership by Send vs Number of Apps 20233As software use and selection becomes more decentralized, IT continues to own less SaaS spend and manage fewer organizational applications — now just 31% of SaaS spend and 18% of all SaaS applications.

With SaaS projected to continue its dramatic rise over the next few years, it’s more important than ever to deploy a cloud governance framework to maintain oversight and optimize your software portfolio.

What is Cloud Governance?

Cloud, or SaaS governance, involves the processes businesses implement to identify, control, manage, and mitigate all uses of subscription-based SaaS across the organization.

It’s a fairly new subset of IT governance — one attributed to the increase in decentralized SaaS purchasing — to ensure compliance with IT purchasing and SaaS Management processes.

Cloud governance framework goals typically vary by organization, but the most common objectives for establishing a framework include:

  • Lowering SaaS costs
  • Mitigating security risks
  • Condensing redundant applications
  • Optimizing license provisioning

Ultimately, organizations practice SaaS governance to wrangle the unlimited access to SaaS tools, which many businesses struggle with prior to introducing SaaS Management.

Evolving Your SaaS Governance Framework for the Digital Workplace

Learn More

3 Tips to Launch a SaaS Governance Strategy

Before diving into the cloud governance framework, it’s important to note that an effective strategy needs some degree of flexibility, because rigid frameworks don’t necessarily account for the speed and flexibility of SaaS acquisition.

At Zylo’s SaaSMe 2021 conference, Chris Asing, Head of Business Technology at Redis Labs, weighed in on the need for flexibility. “You can have a framework that allows for a certain degree of standards, and a certain degree of access, provisioning, and IT governance controls. But I think ultimately the flexibility needs to be there to allow for acceptance and variance.”

While there’s no surefire approach to SaaS governance, we suggest the following steps to set the foundation for an effective cloud governance framework.

1. Discover and Catalog your Full SaaS Inventory

While some organizations use Excel spreadsheets or rely on self-reporting to identify SaaS purchases, manual processes are prone to user error, take a considerable amount of time, and easily become outdated.

Due to the ever-increasing amount of SaaS entering and exiting the average company, many now use SaaS Management tools to discover their full SaaS library, including decentralized purchases from business units or teams. These tools identify and track new SaaS in real-time, helping SaaS managers or IT teams flag shadow IT, or provide support and guidance moving forward.

An effective cloud governance framework needs to start from a baseline, and a dedicated SaaS Management tool ensures you begin with a clear and accurate inventory

2. Establish a Company-wide Process to Manage SaaS Acquisition

Managing SaaS acquisition requires ongoing surveillance, and with so many decentralized purchases for the average organization, we strongly recommend establishing an approval process to limit shadow IT and prevent wasteful spending or redundant purchases.

Consider these options for establishing an approval process:

  • Designate a review committee: Set a review board of key stakeholders — IT, procurement, finance, and legal — to approve any and all new SaaS purchases. It requires teams or individual employees to put in a request to obtain the application, and specify the business need and benefits of acquiring the tool.
  • Limit expense reimbursements: Expensing SaaS often leads to shadow IT, a.k.a. purchases made outside and unknown to IT, so consider setting limits on the amount of allowed reimbursements to keep spending under control. Just note, the reimbursement limit will vary depending on the size of your organization and department budgets.
  • Mandate a temporary purchase moratorium: Remember, you’re likely establishing a SaaS governance framework from scratch, so again, you need to start with a baseline of accurate and clear data. If employees continue to bring in new tools while you establish a framework, it will quickly complicate the process. Consider establishing a temporary moratorium until you can deploy your SaaS governance strategy.

3. Rationalize your Full SaaS Portfolio

After establishing a foundation for discovering SaaS and approving future acquisitions, you can start to rationalize all SaaS purchases in your portfolio. In short, application rationalization simply involves the process of reviewing data to determine which applications should stay, versus which need replacement, consolidation, or retirement.

Use these tips for application rationalization:

  • Establish baseline inventory and ownership: Analyze your SaaS portfolio and assign ownership to each license or application.
  • Choose a standard toolset: You’ll likely notice multiple SaaS applications that serve a similar function, such as web conferencing and project management tools. Your baseline inventory will likely reveal redundant SaaS applications. Determine the tools you want to use company-wide, then communicate the change to all impacted teams.
  • Eliminate redundant and underutilized tools: There’s no reason to pay for something you don’t use, or worse, an application that serves no legitimate business need. Take the opportunity to retire these applications.

Will you take a centralized or decentralized approach to your cloud governance framework? Learn more on the two schools of thought at SaaSMe on-demand.