The rise of SaaS has caused a fundamental shift in the way software is purchased and managed.
When on-premise software ruled, the responsibility of purchasing software rested almost exclusively with the IT team. But today, it’s not unusual for business units (and even individual employees) to identify a need for a SaaS application and then buy it on their own — without IT’s knowledge or approval.
And in the past year, it’s gotten even more common for teams and individuals to forgo traditional procurement processes and purchase their own SaaS solutions. Last year, business units controlled just over half (54%) of SaaS spending. But today, business units are responsible for 65% of SaaS spend — a 22% year-over-year increase. In the meantime, IT’s share of SaaS spend has dipped to 27%, which is a 35% year-over-year decrease.
IT must develop a solid software intake process so security and compliance are preserved — but business units are still able to access the solutions they need to innovate. Now’s the time to take action to improve purchasing hygiene.
What is purchasing hygiene?
When you hear the word “hygiene,” you likely think of practices such as frequent hand washing which stave off illnesses and help keep you healthy. Similarly, purchasing hygiene is a set of practices for bringing new software into your environment that helps prevent unnecessary costs and risk.
But why does it matter?
Generally, SaaS applications purchased by business units and individuals don’t go through a formal vetting process to ensure they’re safe, secure and compliant. And even a single rogue application introduces risk to an organization.
If it turns out the application isn’t secure or compliant, the consequences can be large — and costly. Per IBM data, the average total cost of a data breach in the U.S. in 2020 was $8.64 million.
What’s more, when applications enter the environment from all different directions without a clear, consistent intake process, it often leads to unnecessary costs and diluted purchasing power. Applications are unknowingly purchased by multiple employees. And multiple apps exist within the technology environment that compete to fulfill similar functions.
3 Essential Steps for Improving Purchasing Hygiene
Organizations must improve their purchasing hygiene if they expect to effectively cut the costs and risk of unmanaged SaaS growth. But how? There are three essential steps to take.
Step 1: Address Shadow IT
Shadow IT — which is any software not managed by or visible to IT — introduces risk. So reducing (and ideally, completely eliminating) shadow IT must be a top priority for improving purchasing hygiene.
In order to address shadow IT, organizations must first gain full visibility into all SaaS that’s been purchased throughout the organization. This includes everything from enterprise-wide solutions purchased by IT (such as video conferencing) to random applications charged to an employee’s credit card and reimbursed via expense.
Discovery is critical. After all, you can’t improve your intake processes if you have no line of sight into what SaaS is being purchased. But once you have full visibility, you can start taking action to curb Shadow IT.
Step 2: Rationalize Your SaaS Portfolio
Once you’ve discovered all SaaS in your tech ecosystem, it’s time to rationalize it. Sure, you know what you have. But you’ve got to dig deeper to understand why you have it — or if it even makes sense for you to have it.
This step requires close collaboration between IT and line of business owners. Each application should be tied to a specific business outcome or team process. And if it isn’t, it’s probably time to retire that application.
During the rationalization process, it’s also important to look for instances of the same application being purchased by multiple employees or teams throughout the organization. This is an opportunity to combine duplicates into a single license agreement — and potentially leverage greater purchasing power to negotiate better rates or terms.
In addition, look for instances of multiple applications with nearly identical functionality. Keep the best ones — and jettison the others.
Step 3: Establish Governance
The share of SaaS spending and application quantity controlled by business units will only continue to grow — while IT’s share continues to diminish. While centralized governance of all SaaS is rarely a goal these days, turning a blind eye on purchases made outside of IT also isn’t an effective approach.
Instead, IT must develop governance policies that balance the organization’s need to innovate with security and risk management concerns. Collaboration with business units is key. Active, ongoing collaboration helps ensure IT has a line of sight into new SaaS entering the business — which at most organizations, is a regular occurrence. And by having visibility, IT is better able to provide guidance and best practices.
Next Steps: Provide One Clear Point of SaaS Access
Of course, even the best policies are useless if they aren’t well-communicated and widely adopted. Organizations must ensure SaaS buyers know and understand purchasing policies — and that it’s easy to abide by those policies. If it’s difficult for users to get access to the SaaS they need to be effective, they’re likely to circumvent the policies altogether — and introduce unnecessary costs and risk.
Consider this scenario. An employee identifies a need for a video conferencing license. But the process for obtaining such a license is unclear — or it simply takes too long. So the employee signs up for a free trial of a video conferencing solution, and their card is charged after the trial is up. Unbeknown to them, this solution has already been purchased by a dozen other employees.
The purchasing hygiene practices outlined above can certainly help prevent this situation. And some organizations are making it even easier for their teams by giving users self-service access to pre-approved SaaS applications via an app catalog. That way, employees get fast access to the tools they need, while organizations prevent shadow IT — and the risks and costs associated with it.
The share of SaaS spending and application quantity controlled by IT is rapidly decreasing. Today, anyone can be a SaaS purchaser. Organizations must make it a priority to establish solid purchasing hygiene practices — or risk the unnecessary costs and risks of unmanaged SaaS growth.