10 pillars of a sound SaaS subscription management strategy
The adoption of SaaS in corporate environments has started in a fairly slow manner. On one hand, SaaS was seen as a source of cost optimizations. It was saving the employees time and expense for commute, was reducing the office space requirements and related costs. But on the other, it was being approached with careful evaluation and planning.
The Covid pandemic, however, accelerated this slow transition to working from home, to an extent that many companies have now allowed part or all of their employees to work from home over the next years. According to a Gallup research, more than 20% of workers would want to keep working from home even after the pandemic, because they prefer it.
Obviously each company will be adopting a different policy regarding work from home. But whatever it is, it is clear that working remotely will now be more and more acceptable. And this transition to a digital workspace is an enabler for the rapid proliferation of SaaS in the corporate environment.
The digitalization of the office workspace immensely affects the adoption of SaaS
With the workspace getting out of the office boundaries, it is essential for ITs to ensure ease of access to cloud-based software and the same high productivity, to achieve an uninterrupted and efficient working process. But, with many cloud apps available to the employees, and a big number of users, problems would often emerge. The IT needs to face an increasing number of data security, compliance, etc. challenges and handle them, without increasing the IT team size. And there’s a lot of manual work involved.
In some organizations handling these challenges has been done in a completely haphazard way, with no processes established. But, efficient SaaS subscription management requires to build a reliable process-based foundation that would work both in the short and long run.
10 pillars of a sound SaaS subscription management strategy
Ensure offboarded employees have their licenses revoked
When an employee is using tens of SaaS licenses for their job, upon leaving the company, they should be offboarded from each of these. It might sound simple, but along with revoking the license, many other things should be considered:
- Disconnecting third-party apps that would need to keep being used throughout the company
- Transferring files attached to the account to the employee’s manager
- Cleaning the employee devices from leftover data
- Reassigning the license to another employee
- If the app is used for email services, set up autoresponders, forwarding, etc as needed
The offboarding process includes numerous, repetitive and often tedious tasks to be performed by the IT department and those should ensure that the employee cannot regain access to the SaaS used and any sensitive data after leaving the company.
Thanks to SaaS subscription management platforms like Viio, the SaaS offboarding process can be completely automated, saving huge time for the ITs and eliminating the possibility for accidental errors throughout the offboarding process.
Prevent employees from forwarding data to their personal emails while working remotely
With the shift to remote work, it is not unusual that employees are combining work with relaxation. When doing this, however, they resort to using their personal devices for work. Thus, a big part of them are forwarding their corporate email correspondence to their personal emails, trying to have everything streamlined into one single inbox. However, they do not realize that they are thus compromising the corporate data security and exposing the company to the risk of compliance breaches.
Hence, it is important for ITs to ensure that the SaaS subscription management strategy they are building is monitoring the usage of devices and restricts the access of corporate data from personal devices as much as possible.
Maintain visibility on SaaS spend and usage, at any time
The easy process of onboarding a new SaaS tool, paying for it and then expensing it has made SaaS acquisition by employees pretty common, and this has become one of the key reasons for the unprecedented rate of adoption of new SaaS in organizations. A third of all employees are daily using SaaS that has not been approved and vetted for use by the IT department. Hence, ITs are completely lacking visibility on the corporate SaaS inventory.
In addition, thanks to the easy expensing of cloud software, the organizations keep paying for licenses without being aware of their usage or eventual redundancies between apps paid for. Thus, the company can end up wasting a big part of its SaaS budget for unused, underused or functionally duplicating software.
IT is critical for IT departments to keep visibility on the full SaaS stack, to track its usage and ensure no redundant applications are being paid for.
Pay attention to data shared between applications
The ability to easily share data between different SaaS and even make data publicly available with a single click is another key reason behind the fast adoption of cloud software. But, this data sharing is also posing a threat for corporate security. Frequently, employees are sharing confidential documents, folders, calendars and others with the entire world, without them actually realizing the potential risks they are exposing the company to.
Hence, ITs should ensure strict processes for data sharing permissions and configuration, to ensure data security risks are being minimized. The biggest source of potential harm nowadays is not hackers or other people intentionally causing harm, it is the company’s employees who share the company’s information unintentionally.
According to a report from Cybersecurity Insiders, 46% of IT leaders believe that the growing adoption of SaaS makes the company more exposed to insider threats and 75% of them believe that the biggest security challenge is uncontrolled sharing of files/cloud storage and email.
Ensure you are efficiently discovering new SaaS, administering user access and maintaining visibility on all apps
Before SaaS, companies had a central control on all software used throughout the organization. There was a strict software approval, adoption, installation and monitoring process, performed entirely by the ITs. The SaaS-based corporate working environment, however, is not fitting into these processes anymore. Users can access anything from their own network, can acquire and use apps on their own. They can configure apps on their own and share data without any supervision, which is a key reason for data breaches. According to a Verizon data breach investigations report for 2019, 21% of data breaches occurred because of employees using a wrong data sharing configuration.
Hence, companies need to find new ways to discover and manage their dynamic inventory of SaaS tools and control the configuration and sharing settings.
Ensure SaaS ownership is distributed within the organization as a whole
The shift to SaaS requires a complete change in the way software is being managed. There are too many tools to be handled by a single department. Hence, different levels of governance should be enforced for the different applications, depending on how critical and widely spread they are in the organization. Every single employee should be equipped with the tools and knowledge to take the role of a SaaS admin, and empowered to take part in the process of SaaS security and compliance verification.
Control the super admin rights in the organization
With many SaaS to control, when organizations need to give access to an app for a user, they usually grant them super admin rights. While this is the easiest option, ensuring this user would then be able to use whatever app functionality they need, this actually strips the organization of visibility on the number of administrators they have and the actions they take, exposing them to security breaches. Hence, it is essential to only give the access the user would actually need, right from the start.
Make sure to manage security without compromising user experience
If your security processes are difficult to execute, if the list of approved applications are difficult to find and request access to, then employees will find a way to circumvent them. Hence, try to find the balance between establishing reliable SaaS management processes and ease of executing them.
Take action to stay compliant
A company generally needs to stay compliant with laws and regulations on one end, and standards on the other. SaaS makes compliance quite challenging in a company where there is lack of SaaS visibility and hence, no way to figure out where sensitive data may potentially be exposed. Furthermore, the numerous SaaS settings and options for users allow them to change those in an instant and potentially make personal data publicly available.
Manual monitoring of SaaS is hardly possible for IT. Hence, using automated SaaS subscription management systems is essential to ensure that SaaS-driven organizations stay compliant at any time.
Train your employees about the proper way to use each SaaS
A new responsibility that IT teams should adopt is educating the employees about the proper usage of each SaaS tool. And this doesn’t really relate to training the employee on how to work with the functional features of the app - this is something that is usually tackled by the numerous SaaS training resources.
Rather, ITs should demonstrate to the employees how the SaaS should be used in the organization, so data security and compliance are not compromised. This includes showing how to turn on 2 factor authentication, how to recognize phishing attacks and so on.
How SaaS management platforms like Viio can help manage the risk and compliance challenges posed by SaaS adoption?
SaaS subscription management platforms enable the establishing of a process for discovering, managing and securing your SaaS stack through automated operations. It results in minimized risks for the company while ensuring the employee productivity and innovation. With a SaaS management platform, IT is the empowering force in the organization.
The SaaS discovery process includes getting full visibility on your SaaS inventory - what SaaS your company is paying for, are they all vetted for use, how much is being paid and to what extent is this SaaS used. The management phase includes controlling access to the apps, using identity management tools for access, plus automated SaaS onboarding and offboarding. The security phase ensures that the data shared inside the SaaS is protected from internal threats. Automated SaaS Management platforms like Viio ensure that a SaaS-driven digital workspace is both productive and secure.
Find out more about how Viio can streamline your SaaS subscription management process - request a personalized demo now.
Ready to start saving?
Viio is the modern way for finance teams to optimize their software spending.
Talk to a specialist
Oliver Quittek
CRO