At Zylo, we believe SaaS will overtake traditional installed software. For example, one of Zylo’s largest enterprise customers (40K employees) recently analyzed their cloud vs. on-prem footprint and found that for the first time in company history, cloud overtook traditional software.
Regardless of the size of the company in which you work, now is the time to build a strategy around your enterprise-wide SaaS investment. Now is the time to enact the same level of rigor and controls around SaaS that have traditionally been placed around all other large categories of investment in the company. Now is the time to professionally manage SaaS.
At the ProcureCon Indirect West conference, Zylo was fortunate enough to host a panel discussion with IT and Procurement leaders:
- Carla DiCastro, IT Procurement, Workday
- Josh Pickles, IT Procurement, Salesforce
- Aleta Jeffress, CIO, City of Aurora
We have collated our three ProcureCon leaders’ insights into six best practices for balancing risk and innovation in the age of SaaS.
IT Procurement Best Practices for SaaS Adoption
- Set Expectations: Security and Innovation
- Build a Standardized Intake Process
- Discover All SaaS in Your Environment
- Build Relationships with Business Owners
- Determine Thresholds to Push Centralized Governance
- Manage Renewals and Ongoing Vendor Relationships
1. Set Expectations: Security and Innovation
Zylo provides full visibility into the enterprise’s SaaS investment. Therefore, our customers do not need to sacrifice security for the sake of business agility: when SaaS is bought in any function in an enterprise, Zylo notifies procurement and IT professionals.
However, without complete visibility into their software stack, businesses must rely on processes and controls that can stifle growth. Consequently, leaders must weigh and prioritize their values to meet security and innovation expectations.
Software as a service (SaaS) is the future. Gartner predicts that 55% of enterprises will implement an all-in Cloud SaaS strategies by 2025. These strategies must strike a difficult balance between security and innovation within an enterprise.
In a perfect world, enterprises would never sacrifice security when adopting services that increase employee productivity. However, now that SaaS is bought across the enterprise, business owners are adopting services that don’t innately have enterprise controls in place.
Before ensuring visibility, compliance, threat prevention, and data security across an enterprise SaaS stack, leaders must build security policies that create the standards. Secondarily, these processes must not stifle their business functions’ ability to acquire solutions that drive value across the enterprise.
For example, during our panel discussion, Josh Pickles often affirmed the value Salesforce places on security. However, the need for agile software adoption is acknowledged in this Cloud-native enterprise. To balance business agility and security, Josh has created IT Procurement best practice processes that vet SaaS applications but allow business owners to manage the purchase and implementation of the solution within their function (up to a critical mass of users).
In addition to maintaining a security standard, the City of Aurora (a public entity) must meet all compliance standards. Beyond compliance, Aleta Jeffress passes the responsibility of balancing risk and innovation back to the businesses at the City of Aurora.
Aleta’s team prioritizes mitigating risk. In the case that a SaaS application does not meet the enterprise’s security standards, Aleta requires the business to sign the dotted line, assume risk, and manage the fallout: no function can outsource risk.
2. Build a Standard Intake Process
Zylo-enabled visibility ensures that buyers throughout the enterprise are respecting the standard intake process set forth. When a new SaaS application purchase is detected in an organization, IT and procurement leaders are notified. Through Zylo, leaders can source the contact info of the buyer to ensure due diligence.
To maintain the security standards determined internally, enterprises must create and maintain an intake standard, whether through a process or a master service agreement.
At Workday, Carla DiCastro has built out IT Procurement best practices that allow sourcing or the business unit to vet SaaS application. While sourcing is hands-on with many of the SaaS applications bought within the organization, the responsibility to vet SaaS applications also falls on the functions. Business units know the steps to take and the questions to ask, then they report up to sourcing whether or not the software meets enterprise security standards.
When building a standardized intake process, educating all lines of business across the enterprise is necessary. Functions must understand the steps to take and the resources available when evaluating a new software solution. More often than not, education is only possible when relationships between sourcing and the lines of business are built.
Consequently, Aleta has created a creative solution for the City of Aurora that she lovingly calls her “IT wedding table chart” or, more formally, the Solution Rationalization Model. The chart contains all departments and an inventory of all SaaS within the organization. Aleta utilizes this high-level view of business owners and their corresponding applications to build relationships and educate effectively within the enterprise.
Aleta has also enacted a master service agreement. Vetting all potential vendors through the agreement has led to learning opportunities across the organization. From the change in price structure to growing security concerns, the agreement has opened the door to insightful conversations between sourcing and the business functions.
3. Discover All SaaS in Your Environment
Through our patent-pending matching model, Zylo regularly discovers 2x to 3x more applications bought throughout an enterprise than our customers manually track: a fact that never ceases to surprise our customers. Even customers who have a handle on their organization’s SaaS investment will be shocked to see that both application count and spend are grossly underestimated.
Shadow IT arises within an enterprise in part because the relationships between IT and the business units are not solidified. With full visibility into all SaaS purchases made, and who made them, Zylo enables IT and Procurement leaders to work with the business around identifying overlapping applications, containing costs, and driving value through the software purchased.
When business units are empowered to buy software solutions as they see fit, shadow IT results. Expense and accounts payable can contain millions of data points, curbing an IT leader’s ability to scrub the data, pull all the SaaS, and provide a complete view of the SaaS investment.
Even though they are tracking SaaS through accounts payable, Carla reports that Workday is investigating tools that enable a more complete discovery. In smaller organizations, sourcing can be involved every time during the adoption of new software (enabling tracking). However, Carla wants to empower business leaders to source software solutions, leading to lost visibility into the enterprise-wide SaaS investment.
Yet, in order to gain control into an enterprise’s SaaS investment, whether to contain costs or prepare for renewals, complete visibility is necessary.
This year, Aleta audited every department under the City of Aurora to inventory the more than 200 applications in their environment. Once applications were discovered, her technical manager visited departments to present their portfolios: to educate and consolidate. Following the presentation, the CIO of one department announced that many applications were missing from the portfolio.
4. Build Relationships with Business Owners
Relationships between IT and the business functions ensure standard intake processes are respected, renewals are strategic, implementation is successful, and ROI is driven.
Driving ROI for sourcing and IT departments means more than strictly cost savings. Rewards that aren’t necessarily quantifiable can provide the most value to the enterprise. The trust that leaders put in the enterprise’s sourcing and IT professionals is unmeasurable.
At Salesforce, Josh knows he is driving value when he is invited into meetings with executives where important decisions are made about software adoption, implementation, and management. When he is approached as a trusted advisor by Salesforce leaders, that spells success as much as savings.
On average, Zylo customers underestimate the spend and number of software applications in the organization by 2-3x. zylo.com Relationships across the enterprise open lines of communications which increases visibility, security, and value. Regular communication between teams, whether through stakeholder meetings or one-off service request, also enables IT and sourcing professionals to be more proactive than reactive.
Through the foresight that regular communication enables, sourcing can prepare for strategic renewal negotiations. Meanwhile, IT can proactively predict support requests and configure implementation strategies. Relationships produce candor: candor produces proactive assistance to the business.
Rather than relying on the City of Aurora’s Solution Rationalization Model (IT wedding table chart), to track applications back to the admin within a department, Zylo delivers the contact information of all SaaS buyers within an organization. Once the point of contact is established, the relationship can be built and collaboration to drive value can start.
5. Determine Thresholds to Push Centralized Governance
For our customers, the insights Zylo provides helps build the threshold over which software must be centrally governed. Through full visibility of the democratized purchasing of SaaS applications throughout the organization, IT and procurement teams can determine if an application is appropriately governed. If not, Zylo enables leaders to get involved.
Centralized governance of the complete SaaS stack is not the goal of most enterprises. Therefore, a hierarchy (whether informal or formalized) must be in place to determine what software systems must be governed by IT and procurement.
In many cases, without full visibility, the hierarchy is determined by cost and user count. Sourcing and IT will naturally spend the most time on high-dollar investments with a large cross-functional user base.
However, low-cost software that has a high security risk can take time to vet and contain. For example, if a software start-up provides a coveted solution but requires the enterprise’s source code, legal needs a seat in the negotiations. Likewise, legal needs a seat if a potential SaaS solution is owned by a competitor.
For low-risk, low-cost SaaS applications, wrapping a strategy around the intake process is often enough. Salesforce empowers business units to adopt safe solutions that drive efficiency. The department will retain ownership of the SaaS cost, implementation, and management until the user base reaches a critical mass or crosses functions.
For low-risk, low-cost SaaS at Workday, Carla maintains a “light touch” to ensure that a vetted contract is in place with each software investment. While contracts are not always customized for each investment, sourcing will guarantee that the language in the contract accurately mitigates risk, no matter the cost.
At the City of Aurora, Aleta believes that there is no such thing as a pilot. Security and visibility are top priorities, no matter the cost. Every vendor, no matter the size or terms of the agreement, must meet the standards set out in the master service agreement.
Resources often limit enterprises from enforcing centralized governance. However, with our three experts, when assistance is requested, thresholds evaporate: assistance is guaranteed.
6. Manage Renewals and Ongoing Vendor Relationships
Zylo enables our customers to prepare for each renewal. The calendar highlights renewals by the size of the user base as well as subscription cost. Additionally, Zylo identifies the buyer associated with each SaaS application and provides utilization metrics and sentiment analysis. This wealth of information enables IT and sourcing leaders to hold necessary stakeholder meetings and prepare for negotiations.
From pairing down user licenses to consolidating redundancies, renewals present procurement with opportunities for big cost savings. To allow time for stakeholder input and utilization analysis, upcoming renewals much be recognized months in advanced.
The first obstacle, of course, is discovering all applications. Then, the owner must be identified, the contract must be obtained, and feedback must be disclosed.
To drive value through the renewal process at Workday, each week, sourcing professionals are assigned accounts three to six months ahead of renewals. In the months leading up to a large renewal, Carla requests the vendor’s entire product catalog to build the most informed negotiation. Sourcing re-evaluates pricing, new products, use cases, and legal.
Three months in advance, Josh calls Salesforce business partners to determine the scope of work. Through stakeholder meetings, Josh ascertains the function’s software use and needs. When forecasting growth, he takes a conservative approach, but Salesforce ensures room to grow by purchasing some additional licenses. Preparation rarely, if ever, includes the vendor.
At the City of Aurora, renewals present Aleta with a unique opportunity. Vendors who have serviced the city for a number of years must now be vetted through their standard service agreement to question the vendor’s security and processes. Therefore, renewals are prime time for the City of Aurora to continue raising their standards of security and compliance.