Detecting And Managing The Proliferation of SaaS Apps

The Software as a Service (SaaS) sprawl is a major component of shadow IT. Left unchecked, it can cause duplication, confusion, rework, and risks to your organization’s security and compliance obligations.

A recent study by Gartner predicts that over 65% of spending on application software by 2025 will be for SaaS services. So, it’s particularly important to learn how to avoid the proliferation of these apps escaping your control.

Here, we will explore what SaaS sprawl implies, and how an IT Asset Management (ITAM) tool can help you address it by monitoring your software environment.

Are you ready ? Let’s go!

Table of contents

SaaS applications are cloud-based software applications hosted and managed by third-party providers. Thus, SaaS sprawl refers to the proliferation and uncontrolled growth of these applications within an organization.

Because SaaS applications are so easy to engage with, it’s easy for the use of them to steer out of control, leading to SaaS sprawl.

This problem occurs when organizations adopt numerous SaaS applications without a clear strategy or oversight. They are accessed over the internet via a browser, making them easy to use as there’s no set-up or installation process.

SaaS sprawl can lead to duplication, increased costs, lack of control, possible security vulnerabilities, and, basically, a wider threat landscape. A recent survey by Zluri and Pulse reported that 75% of IT leaders said that the most significant concern from SaaS Sprawl is security.

Basically, it can cause real pain and risk to the organization, and it can be very easily triggered, so it’s essential to address it.

Recent research from Cornell University and Qatalog found that 58% of respondents were unaware that all departments use the same apps and services.

Leading causes of SaaS sprawl

The main pain points to address that can lead to SaaS sprawl are:

• The Request Management practice is too complicated, so end-users feel their only option is to circumvent the corporate IT and finance processes to get what they need.
• Hybrid and remote working practices lead to less oversight and control from IT.
• Ease of adoption. SaaS applications are easy to sign up for and use without IT approval or support. Since they are accessed via a web browser, there is no formal installation step, so colleagues can easily subscribe to new tools bypassing IT completely.

In short, the best way to address this holistically is building a solid Software Asset Management (SAM) strategy to guarantee all your software applications are tracked and under control throughout their entire lifecycle. But, don’t worry, we’ll explore this process in more detail in the following sections.

Eight challenges and risks of SaaS sprawl

The main challenges and risks associated with SaaS sprawl include:

• Duplication and rework: If no oversight or controls are in place, colleagues can purchase similar but different applications, leading to duplication, rework, and increased licensing complexity.
• Potential licensing implication: Duplication and multiple instances of SaaS applications can make it harder to manage software licenses effectively, increasing the risk of being over or under-licensed.
• Increased costs: Organizations may end up paying for multiple SaaS subscriptions, and the cumulative costs can spiral out of control because they are not managed or controlled by a central procurement function. This will potentially jeopardize your IT budgeting efforts.
• Security risks: Each SaaS application may have its own security settings and vulnerabilities, making it difficult to ensure consistent security standards across the organization.
• Data protection issues: SaaS sprawl can result in data being fragmented across multiple services, platforms, and applications, making it difficult to enforce data governance policies and affecting the Compliance Management initiative.
• Integration challenges: Different SaaS applications may not easily integrate with the organization’s existing systems, leading to data silos and inefficiencies.
• Decreased productivity: So-called context switching involves colleagues switching between multiple applications and tasks, reducing focus and productivity.

1. Get to know your IT environment: Conduct a comprehensive inventory of all IT assets in your organization, including SaaS services and licenses, so you understand the scope of any potential sprawl. This will help you understand what you have, which departments use it, and who is responsible for support and maintenance.
2. Develop a clear SaaS strategy: Include a clear purpose and scope, regulatory and legal requirements that must be adhered to, guidance on requesting new software and applications, and where to go for help and further information (if you have an ITAM solution, this can be included in your knowledge base for easy access).
3. Use an ITAM tool: This will enable you to monitor and manage SaaS services and ensure that only approved instances are present in your application landscape.
4. Conduct IT audits: To ensure that all current SaaS services are used correctly and appropriately licensed. As well as reducing the risk of compliance failures, the information gleaned from your audits will help you determine what is being used (so work can be done to ensure the software meets IT security and usage policies) and what isn’t being used so any redundant services can be retried if appropriate.
5. Communicate with the rest of the business: The reality is that if it’s easier to go around IT rather than engage with them, then something is very wrong.