The adoption of SaaS in corporate environments has started in a fairly slow manner. On one hand, SaaS was seen as a source of cost optimizations. It was saving the employees time and expense for commute, was reducing the office space requirements and related costs. But on the other, it was being approached with careful evaluation and planning.
The Covid pandemic, however, accelerated this slow transition to working from home, to an extent that many companies have now allowed part or all of their employees to work from home over the next years. According to a Gallup research, more than 20% of workers would want to keep working from home even after the pandemic, because they prefer it.
Obviously each company will be adopting a different policy regarding work from home. But whatever it is, it is clear that working remotely will now be more and more acceptable. And this transition to a digital workspace is an enabler for the rapid proliferation of SaaS in the corporate environment.
With the workspace getting out of the office boundaries, it is essential for ITs to ensure ease of access to cloud-based software and the same high productivity, to achieve an uninterrupted and efficient working process. But, with many cloud apps available to the employees, and a big number of users, problems would often emerge. The IT needs to face an increasing number of data security, compliance, etc. challenges and handle them, without increasing the IT team size. And there’s a lot of manual work involved.
In some organizations handling these challenges has been done in a completely haphazard way, with no processes established. But, efficient SaaS subscription management requires to build a reliable process-based foundation that would work both in the short and long run.
When an employee is using tens of SaaS licenses for their job, upon leaving the company, they should be offboarded from each of these. It might sound simple, but along with revoking the license, many other things should be considered:
The offboarding process includes numerous, repetitive and often tedious tasks to be performed by the IT department and those should ensure that the employee cannot regain access to the SaaS used and any sensitive data after leaving the company.
Thanks to SaaS subscription management platforms like Oveo, the SaaS offboarding process can be completely automated, saving huge time for the ITs and eliminating the possibility for accidental errors throughout the offboarding process.
With the shift to remote work, it is not unusual that employees are combining work with relaxation. When doing this, however, they resort to using their personal devices for work. Thus, a big part of them are forwarding their corporate email correspondence to their personal emails, trying to have everything streamlined into one single inbox. However, they do not realize that they are thus compromising the corporate data security and exposing the company to the risk of compliance breaches.
Hence, it is important for ITs to ensure that the SaaS subscription management strategy they are building is monitoring the usage of devices and restricts the access of corporate data from personal devices as much as possible.
The easy process of onboarding a new SaaS tool, paying for it and then expensing it has made SaaS acquisition by employees pretty common, and this has become one of the key reasons for the unprecedented rate of adoption of new SaaS in organizations. A third of all employees are daily using SaaS that has not been approved and vetted for use by the IT department. Hence, ITs are completely lacking visibility on the corporate SaaS inventory.
In addition, thanks to the easy expensing of cloud software, the organizations keep paying for licenses without being aware of their usage or eventual redundancies between apps paid for. Thus, the company can end up wasting a big part of its SaaS budget for unused, underused or functionally duplicating software.
IT is critical for IT departments to keep visibility on the full SaaS stack, to track its usage and ensure no redundant applications are being paid for.
The ability to easily share data between different SaaS and even make data publicly available with a single click is another key reason behind the fast adoption of cloud software. But, this data sharing is also posing a threat for corporate security. Frequently, employees are sharing confidential documents, folders, calendars and others with the entire world, without them actually realizing the potential risks they are exposing the company to.
Hence, ITs should ensure strict processes for data sharing permissions and configuration, to ensure data security risks are being minimized. The biggest source of potential harm nowadays is not hackers or other people intentionally causing harm, it is the company’s employees who share the company’s information unintentionally.
According to a report from Cybersecurity Insiders, 46% of IT leaders believe that the growing adoption of SaaS makes the company more exposed to insider threats and 75% of them believe that the biggest security challenge is uncontrolled sharing of files/cloud storage and email.
Before SaaS, companies had a central control on all software used throughout the organization. There was a strict software approval, adoption, installation and monitoring process, performed entirely by the ITs. The SaaS-based corporate working environment, however, is not fitting into these processes anymore. Users can access anything from their own network, can acquire and use apps on their own. They can configure apps on their own and share data without any supervision, which is a key reason for data breaches. According to a Verizon data breach investigations report for 2019, 21% of data breaches occurred because of employees using a wrong data sharing configuration.
Hence, companies need to find new ways to discover and manage their dynamic inventory of SaaS tools and control the configuration and sharing settings.
The shift to SaaS requires a complete change in the way software is being managed. There are too many tools to be handled by a single department. Hence, different levels of governance should be enforced for the different applications, depending on how critical and widely spread they are in the organization. Every single employee should be equipped with the tools and knowledge to take the role of a SaaS admin, and empowered to take part in the process of SaaS security and compliance verification.
With many SaaS to control, when organizations need to give access to an app for a user, they usually grant them super admin rights. While this is the easiest option, ensuring this user would then be able to use whatever app functionality they need, this actually strips the organization of visibility on the number of administrators they have and the actions they take, exposing them to security breaches. Hence, it is essential to only give the access the user would actually need, right from the start.
If your security processes are difficult to execute, if the list of approved applications are difficult to find and request access to, then employees will find a way to circumvent them. Hence, try to find the balance between establishing reliable SaaS management processes and ease of executing them.
A company generally needs to stay compliant with laws and regulations on one end, and standards on the other. SaaS makes compliance quite challenging in a company where there is lack of SaaS visibility and hence, no way to figure out where sensitive data may potentially be exposed. Furthermore, the numerous SaaS settings and options for users allow them to change those in an instant and potentially make personal data publicly available.
Manual monitoring of SaaS is hardly possible for IT. Hence, using automated SaaS subscription management systems is essential to ensure that SaaS-driven organizations stay compliant at any time.
A new responsibility that IT teams should adopt is educating the employees about the proper usage of each SaaS tool. And this doesn’t really relate to training the employee on how to work with the functional features of the app - this is something that is usually tackled by the numerous SaaS training resources.
Rather, ITs should demonstrate to the employees how the SaaS should be used in the organization, so data security and compliance are not compromised. This includes showing how to turn on 2 factor authentication, how to recognize phishing attacks and so on.
SaaS subscription management platforms enable the establishing of a process for discovering, managing and securing your SaaS stack through automated operations. It results in minimized risks for the company while ensuring the employee productivity and innovation. With a SaaS management platform, IT is the empowering force in the organization.
The SaaS discovery process includes getting full visibility on your SaaS inventory - what SaaS your company is paying for, are they all vetted for use, how much is being paid and to what extent is this SaaS used. The management phase includes controlling access to the apps, using identity management tools for access, plus automated SaaS onboarding and offboarding. The security phase ensures that the data shared inside the SaaS is protected from internal threats. Automated SaaS Management platforms like Oveo ensure that a SaaS-driven digital workspace is both productive and secure.
Find out more about how Oveo can streamline your SaaS subscription management process - request a personalized demo now.