Close Menu

Search for Keywords...


What is SaaS Governance?

Today, the average organization has more than 320 SaaS applications and is adding an average of eight new applications per month. Zylo’s 2022 SaaS Management Index data also shows that IT controls only 23% of those applications and often lacks visibility of the organization’s entire SaaS portfolio, creating a new dimension of governance challenges.

With tech stacks dominated by Software as a Service, it’s time that companies put a defined process in place to not only control SaaS costs but also optimize SaaS usage.

Enter: SaaS management governance — and the tools designed to support it.

In this post, we dive into the definition of SaaS governance, how to build flexibility into your framework, types of SaaS governance to choose from and a few different ways to enact effective SaaS governance.

The Basics: What is SaaS Governance, Anyway?

SaaS governance refers to the processes and practices that businesses put in place to identify, control, manage, and mitigate the use of subscription-based software or SaaS in the organization.

It’s a (admittedly more recent) subset of corporate governance more generally and IT governance more specifically. While corporate governance is driven by a Board of Directors and focuses on large scale legal and internal questions, IT governance provides a specific framework and structure to not only keep IT investments compliant but also producing measurable results.

With such a major focus on SaaS spend in 2021 and in the years to come, SaaS governance is a natural progression a key element of keeping IT investments aligned with business goals and outcomes.

The goals for SaaS governance may vary by organization, but the most common objectives for putting a specific framework in place include:

  • Reducing SaaS costs
  • Mitigating security risks
  • Consolidating overly redundant tools
  • Optimizing license provisioning.

In a phrase, effective governance prevents the so-called Wild West of unlimited access to SaaS tools — which many businesses experience prior to introducing SaaS management.

Side Note: Build Flexibility Within Your Framework

While we lay out options for SaaS governance in this guide, we recommend creating a framework for governance that provides flexibility.

Rigid frameworks don’t necessarily account for the speed and flexibility of SaaS acquisition. In other words: when you can access a SaaS anywhere with an Internet connection, and the software costs little to nothing, it will enter your organization.

The question then becomes: what can you do to mitigate the negative impact and continually audit your SaaS stack?

Zylo recommends using a strong discovery process that enables continual monitoring and approaches SaaS management from the viewpoint of managing SaaS in a lifecycle for each phase of an application’s term within the organization.

3 Types of SaaS Governance to Balance Oversight & Agility

With that flexibility in mind, the spectrum becomes about balancing risk with innovation.

A recent Forrester report goes into greater detail on this front:

“Too little governance leads to redundant applications and business risk. SaaS solutions tend to appeal to line-of-business (LOB) buyers — who like the try-and-buy, under-the-radar-screen approach and the perception of freedom from the IT organization it provides. This business-led approach to SaaS deployment can be quicker, but it can also create problems in the long run as the portfolio becomes too decentralized, siloed, and poorly vetted.

Too much governance impedes the business value of SaaS applications. At the other extreme, too much governance, too many rules, and too many processes will alienate the business users and ruin business outcomes — defeating the primary benefits of SaaS transformation.”

*Note: in this same report, the Forrester analysts noted that Zylo is “leading the way” in IT cost transparency.

To ensure appropriate governance without sacrificing agility, Zylo believes that every SaaS application should be categorized as belonging in one of three distinct levels of governance:

  • IT Managed Applications: For SaaS applications that are widely deployed throughout the organization.
  • IT Supported Applications: For SaaS applications that IT will touch only for implementation or troubleshooting.
  • Unmanaged Applications: For SaaS applications that IT neither manages nor supports. Every organization will have a handful of these with individual users.

After you have the full picture of the SaaS products you have in place, you can prioritize which tools you need to manage directly, which you can support, and which you can leave unmanaged.

3 Steps to Enact SaaS Governance

While there isn’t a single right approach to SaaS governance (see above), you most likely should start with a three-step process as you set the foundation for effective SaaS governance.

Step 1: Identify and monitor your SaaS inventory

While you can run a SaaS audit manually, the process can be extremely time-consuming — and quickly become outdated.

Instead, we work with Zylo customers to implement the Zylo Discovery Engine. The tool automatically identifies and monitors new SaaS as it comes in, providing SaaS managers with the ability to flag non-approved software (or support and manage directly, as needed).

Using the Discovery Engine as you get started is a great way to ensure you have the full picture of your SaaS licenses, whether they were sourced from IT or from individual employees.

Step 2: Build a process to manage and control SaaS acquisition

Managing and controlling SaaS spend is an ongoing process — but you should first put a concrete approval process in place.

Establishing an approval process for any new SaaS application should help your organization prevent rogue spending both now and in the future. We’ve seen Zylo customers put a few different options in place on this front:

  • Review board. A software review board must greenlight any new SaaS tool. Instead of making the purchase directly, a team or individual employee would submit a request to purchase a SaaS application, defining its specific use case and benefit. Typically this is made up of stakeholders from Finance, IT, Legal, Security and Procurement.
  • Set expense reimbursement limits. The limit dollar amount will vary depending on the size of your organization and specific functions, but placing a hard stop ensures each tool is carefully considered.
  • Put a purchase moratorium in place. Auditing your current SaaS spend and prioritizing for business impact can take a bit of time. While you rationalize, you can put a moratorium in place so the conversation doesn’t get unnecessarily convoluted in the process.

Step 3: Rationalize your application portfolio

With the foundations above in place, you can start to rationalize each application your company and employees are using.

This is our established playbook for application rationalization:

  1. Establish your baseline inventory. Take stock of what you currently have in place, whether it’s controlled by IT or not (see the Discovery Engine above).
  2. Determine your standard toolset. Your baseline inventory will likely reveal redundant SaaS applications. Instead of keeping these in place, narrow down the SaaS tools you want to use across the organization — and then communicate that across teams.
  3. Identify and eliminate non-business critical tools. If you can’t tie a SaaS application to specific business outcomes or team processes, it might be time to retire it. You can also eliminate apps tied to departed headcount (solving for shadow IT).

Looking to learn more about SaaS compliance management? See how customers use Zylo to contain SaaS costs and optimize for business outcomes.

Related Blogs