Close Menu

Search for Keywords...

Blog

Align Your IT Investments & Business Goals with SaaS Governance

SaaS governance

The use of SaaS has exploded over the last 10 years, and the pandemic of 2020 certainly facilitated additional growth as more organizations than ever turned to SaaS and cloud-based solutions.

The massive proliferation of SaaS in recent years came with an increase in individuals expensing SaaS within organizations. As a result, the tides have shifted from the days when IT dominated centralized software management. Now every department from finance to engineering purchases software on their own.

This has made the need for organizations to establish systems of SaaS Governance more important than ever. It is outright essential to maintain SaaS portfolio efficiency, reel in sprawling costs, and protect organizations from unnecessary risks. 

What Is SaaS Governance?

SaaS governance is the processes and practices that businesses establish to identify, control, manage, and mitigate the use of subscription-based software and SaaS applications within the organization. It’s a critical component of SaaS inventory management.

It is a more recent form of corporate governance specifically over IT assets. SaaS governance focuses specifically on providing a framework and structure to maintain the effectiveness and compliance of the SaaS stack while producing measurable and actionable results.

When you consider the meteoric rise of SaaS over the last 10 years, this is not only a natural progression of IT governance but an essential system for any organization that utilizes SaaS applications.

Though it varies from organization to organization, the objectives of SaaS governance remain the same.

Why Is SaaS Governance Important?

The primary goals of SaaS governance are to reduce risks to the organization, reduce costs, and ensure effective investments.

Without a SaaS governance framework, many organizations find themselves flying blind. Shadow IT, SaaS applications that are acquired outside the ownership and control of centralized IT, represents a common source of risk. Shadow IT most often occurs when an employee expenses a SaaS tool.

SaaS security risksNot only are shadow IT applications a source of unknown spending and tech stack inefficiency, they increase the risks of breaches in cybersecurity and privacy regulation violations. In fact, our latest report found that they carry significant security risks. Sixty-five percent of expensed applications, on average, have a “Poor” or “Low” risk score.

Nearly one in ten employees (7%) expense SaaS. As such, these applications often proliferate throughout an organization as it grows. The risks we just discussed, therefore, increase in severity the longer Shadow IT goes unchecked. This comes at a time when the costs of security breaches cost organizations more and more every year.

According to an IBM report, the average cost of a security breach in the U.S. is now $9.44 million. Globally, it’s $4.35 million. 

Not to mention, through 2027, organizations that fail to centrally manage SaaS life cycles will remain five times more susceptible to a cyber incident or data loss due to misconfiguration.

That is why investing in bringing your Shadow IT into the light today can save you tomorrow. 

Benefits of SaaS Governance

SaaS governance offers more than just mitigating security risks. It provides a framework to build and maintain an efficient and effective tech stack. 

Reduce Security Risks

SaaS governance gives you oversight of all your SaaS applications. As such, you’re able to mitigate risks to SaaS security such as session hijacking and phishing attacks. These occur when an outside actor, i.e. a hacker, tricks a user into authorizing access or clicking on a malicious link. That is why as part of your governance system, it is vital to ensure that employees are trained on proper use and risk management while using company applications.

SaaS governance also enables better security by enabling you to understand where your data is going. When you know what SaaS applications you have, you can then investigate what data flows to and is held in each of these applications. From there you’re able to examine opportunities for possible data loss, breach, or other compromising incidents and ideally prevent them from happening. 

As for employees, this oversight ensures that only the right people have access to your SaaS tools. Anytime an employee leaves your organization and retains access to an application, you run the risk of a breach. Building proper employee offboarding into your governance program prevents exactly that.

Thankfully, a SaaS governance framework builds the tools and policy programs to mitigate these and other cloud risks. 

Strengthen Fiscal Responsibility

SaaS governance improves fiscal responsibility by providing a clear system of ownership and collaboration across the organization. It creates a system in which everyone is educated on the how and why of the management program and distributes the responsibility of SaaS applications. As a result, your enterprise at its very core becomes SaaS conscious as a matter of structure.

As a result, the sprawling costs that stem from Shadow IT, unoptimized licenses, and redundant applications are brought to heel, freeing spending to be reinvested elsewhere in the enterprise. 

Ensure Alignment of Tools With Business Needs

Utilizing a system of SaaS governance allows organizations to drive SaaS decisions based on business needs. Start by creating a harmonious collaboration between IT and business. This will align application tools with the needs of an organization’s lines of business. Getting a grasp of what tools are being used versus what the business really needs can go a long way. 

This is what Brad Pollard found and shared with us on SaaSMe Unfiltered.

Pollard, former CIO for Tenable, noticed early in the pandemic that no one seemed to be using the phones. Thankfully, he was able to quickly review the company’s phone data in Zylo. As a result, Tenable was able to shift their calls solution to Zoom phone at a fraction of the cost. 

Incorporating SaaS governance into the enterprise architecture as part of an ongoing program of management, allows organizations to constantly watch for opportunities and act on them as Pollard did. 

Empower Employees

Governance provides a system to educate employees on what tools are available to them and how to properly use them. What’s more, this same system monitors and checks applications as they come in, when they’re used, and when it’s time to mothball an unused application.

This ongoing process not only manages and maintains the SaaS stack for the sake of safety and efficiency but provides a means for employees to attain the tools they need to do their best work. 

In essence, this system lets employees know how to properly purchase SaaS without creating Shadow IT while preserving their freedom to choose the tools they use. 

Understanding the SaaS Governance Models

In the past, when on-premise software still dominated the workplace, software was the domain of IT. Today, application ownership is highly decentralized and spread throughout the organization at all levels. Now IT continues to own less and less of SaaS spending and manage fewer of an organization’s applications. 

Decentralized purchasingOn average, IT today owns 28% of SaaS spending and a mere 17% of all SaaS applications. Business units now own just over two-thirds of SaaS spending, a remarkable 69%. Forty-eight percent of applications are now divided among LOBs. But wait, that math doesn’t add up. Where is the remaining spending coming from and who’s responsible?

That brings us back to Shadow IT. With employee SaaS purchases on the rise, Shadow IT now represents 3% of all SaaS spending. Although this only constitutes a fraction of total SaaS spending, these applications make up 35% of an average organization’s SaaS stack. 

Centralized vs Decentralized SaaS Governance

At this point, you’ve likely noticed a trend regarding centralized vs decentralized SaaS ownership. The strong software centralization of yesterday can easily seem appealing to reel in the sprawl of Shadow IT and address any inefficiencies that appear. And for some organizations in highly regulated industries, it may be a necessity. However, the shift to SaaS applications over on-premise software creates an inherent problem. The pandemic has fundamentally changed how we work.

People are no longer connected to a centralized corporate network with the firewalls and carefully managed tools that come with it.

That’s why there needs to be a compromise in IT SaaS governance.

Although decentralized SaaS ownership comes with its drawbacks, it’s not a wholly negative trend. The ease of access to SaaS applications gives employees the freedom to work with the tools they are familiar with, and can lead to better productivity as a result. What’s more, spreading the ownership of SaaS with proper governance shares the responsibility of the SaaS stack throughout the organization.

So, the key to approaching SaaS ownership is to strike a balance between centralization and decentralization with a flexible SaaS governance framework. Employees want a degree of choice over their tools and strict policies can prevent your organization from acquiring the best tools available quickly. 

Evolving Your SaaS Governance Framework for the Digital Workplace

Learn More

Freedom within a Framework

Building a SaaS governance framework into the enterprise architecture of your organization means creating Freedom within a Framework. This approach builds predictability, which leads to trust, and trust leads to accelerated speed of execution.

Freedom within a Framework provides the best of both worlds of centralization and decentralization.

This means setting up some centralized processes and getting visibility to the right people within the organization. In the process, you enable employees with education on established SaaS usage and how to acquire software from within. 

Freedom within a Framework Chart

Best Practices for Successful SaaS Governance

To get the most out of decentralized SaaS governance, organizations should follow this set of SaaS Governance best practices

Identify & Monitor Your SaaS Inventory

Possibly the first and most important practice for successful SaaS governance is creating and maintaining full visibility of the applications operating within the organization. After all, you cannot manage what you cannot see.

However, full visibility is a daunting task.

The SaaS environment is by its very nature dynamic and constantly changing. Our research has found that the average organization sees 6 new SaaS applications enter their environment every 30 days. Without ongoing oversight, these applications can easily become Shadow IT, creating hidden costs and risks.  

As a result, the task of SaaS oversight can quickly overwhelm manual processes such as using simple spreadsheets. This method of management becomes more time-consuming and inefficient as the number of SaaS applications grow. As one application falls out of use, another appears, creating a continuous cycle that will rapidly outdate any spreadsheet created. 

That is why dedicated tools are necessary to maintain visibility over SaaS. However, the dynamic nature of SaaS puts it beyond the capabilities of most Software Asset Management tools. They were simply not designed to discover and catalog a dynamic software environment such as a SaaS portfolio. 

That’s why Zylo offers an innovative platform dedicated to establishing complete visibility and optimization of SaaS applications. Zylo helps enterprises control SaaS spending and ensure governance. 

Build a Process for Managing SaaS Acquisition

Managing and controlling SaaS acquisition is more than a project, it’s an ongoing program. That’s why you should first establish a strong approval process. 

This approval process will help your enterprise prevent unauthorized spending not just now, but for the foreseeable future as well.

Of course, this begins with intake, the initial acquisition of an application. Build a system that considers and weighs the merits of an application. What purpose does it serve? Do you have existing applications with the same functionality, and if so, does it fulfill the function better for the given task? These are the questions you must ask and answer for every new application in an effective approval process. 

To achieve this, Zylo has noticed some solutions put forward by our customers.

  • Software review board. A software review board that greenlights new SaaS applications offers an alternative to direct purchases. In this method, teams and individuals submit requests to the board to purchase a SaaS application, presenting its specific use case and benefits. This board is typically made up of stakeholders from across the organization such as Finance, IT, Legal, Security, and Procurement.
  • Expense Reimbursement limits. Limiting the dollar amount on SaaS spending ensures every acquisition is carefully considered with a hard stop on spending. This amount can vary depending on the organization’s size and function, but the results are similar.
  • Purchase Moratorium. Taking stock of SaaS spending and making the big decisions regarding business impact can be a time-consuming process. Establishing a full moratorium on acquisitions can provide enterprises breathing room as they build the structure for their new governance framework. 

Of course, these methods are by no means the limits of your options. 

Rationalize and Rightsize Your Application Portfolio

The program of rationalization and rightsizing a SaaS portfolio is possibly the most satisfying part of a governance framework, especially if you take joy in increased efficiency. 

Application Utilization 202451% of SaaS licenses go unused or underutilized.  This is why a critical first step in SaaS is rationalization, the process of determining which applications an enterprise should keep, and which need replacement, retirement, or consolidation.  It represents a direct solution to unproductive and outdated tools lingering in an enterprise’s portfolio. 

During rationalization, you may find several redundancies in your stack. Although some applications may serve the same function in an effective way for their given tasks, no one needs 15 project management tools. Rationalization can bring that number down to, say, 4 applications that are similar but particularly effective for their given lines of business.

Rightsizing is similar to rationalization, but instead of reducing the number of apps, rightsizing matches license size to utility. Which offers a significant opportunity for savings.

You may find multiple instances of the same application running across your enterprise separately. So rather than paying for a single license with 20 seats, you may find yourself paying for multiple licenses that equal 20 seats.

Under these circumstances, you have an opportunity to work with your vendor to bundle these applications into a single enterprise license, saving on investment in the process. 

Measure Program Effectiveness with Metrics

Another benefit of establishing a program of SaaS governance is that it gives you metrics to quantify its effectiveness. 

  • Reduction of Shadow IT. Once you have identified applications that were previously operating as Shadow IT, you can track and measure the effect of rationalizing and rightsizing these applications into your portfolio. Whether they’re removed entirely, consolidated, or rightsized, you will be able to track the SaaS spending saved.
  • Cost avoidance. Your program can and will preserve existing spending for other investments. Cost avoidance is a meaningful metric to consider when judging your SaaS management program’s effectiveness. Consider how much budget you save by rightsizing licenses, removing duplicate tools, and how much you save by creating a system to proactive handle renewals.
  • Reduction of applications with rationalization. As we mentioned before, reducing the number of applications through rationalization gives you a concrete number to measure your program’s effectiveness.

By using these metrics to measure your program, you can gauge the adoption of your new SaaS management processes across your organization. What’s more, implementing a phased approach to your process allows for a systematic way to measure the various stages of your process as it goes into action.  

This is what Zylo customer REA Group found upon starting their own system of SaaS management.

After the Australia-based company realized that its SaaS portfolio was expanding just as fast as they were, Rea Group decided it needed to make a change in its SaaS management to combat the rising costs. Partnering with Zylo, they achieved meaningful and measurable results as they implemented their system of SaaS governance.

In the process, they:

  • Identified more than $100k in yearly savings, with $400k total to date
  • Uncovered more than $550,000 in additional cost savings across top spending applications
  • Discovered 150 previously unknown expensed applications
  • Leveraged usage data to find they were 30% oversubscribed to a key IT infrastructure supplier

Today, with the help of Zylo, the REA Group continues its management program to become even more proactive when it comes to SaaS.

REA Group Takes Control of SaaS Growth and Risk Retooling Their Approach to SaaS Management

How REA Group gained full visibility into their growing SaaS portfolio to unlock cost savings and mitigate risk.

Learn More

Communicate and Collaborate Across the Business

Proper SaaS governance allows a system of communication and collaboration across the whole business. This allows the various stakeholders and departments to have a voice in the SaaS conversation. Additionally, it ensures education on the process remains ongoing.

For employees, SaaS governance systems offer a catalog of vetted, standardized enterprise applications to ease employee purchases and requests. So employees still enjoy the flexibility of SaaS while operating within a framework designed for decentralized SaaS compliance and oversight.

As an example, Aaqil Kassamali, a procurement manager at Hootsuite had this to share with us on SaaSMe Unfiltered:

“Purchase orders helped us centralize. Once it gets to the PO stage, everything’s done, so that’s not where the value is.” Said Kassamali, “But what it’s doing is, it’s getting everybody in the door to get a purchase order.”  

He went on to discuss the benefit of being a partner in the procurement process, not a roadblock. This means that communicating with employees that acquiring applications comes with the expectation that it is done the right way for efficiency and compliance.

How Zylo’s SaaS Management and Optimization Platform Powers Effective SaaS Governance

Establishing and maintaining SaaS Governance is no small task, especially for larger organizations. Thankfully, that’s why Zylo is here for you. Zylo offers a comprehensive platform to bring all of your SaaS applications into the light, and help you ensure compliance. Know exactly how much you’re spending, where you’re spending it, and determine ownership in the process.

zylo discovery engine

Put your mind at ease knowing that Zylo’s Discovery Engine monitors your integrated discovery sources for Shadow IT, revealing Shadow IT no matter where it lurks in your organization. Using an AI-powered matching model, Zylo finds applications that may have gotten around any of your existing policies. 

app catalog

And with Zylo’s App Catalog, you can provide your employees with a branded one-stop shop for their software needs. Publish IT-approved SaaS applications to your users to keep them from turning to unapproved sources. Drive awareness of business tools with a curated selection of pre-vetted cloud software, fast-track employee onboarding, and provide clear lines of communication for all of your users with Zylo. 

Align Your IT Investments and Business Goals with SaaS Governance

The bottom line of SaaS governance is creating an ongoing program weaved into the very architecture of your enterprise to achieve better results from your SaaS stack. Eliminate risky and unauthorized tools operating within your operation with improved visibility, cost control, and data-driven risk management.

Create a system that serves your employees, your stakeholders, and your business. 

Schedule a demo today to see how Zylo can help you build a healthy and effective system of SaaS governance today.

Related Blogs