How to combat SaaS Sprawl?

Our tips for curbing the proliferation of online tools among SMEs
illustration of a man searching for rocks with logo on them
SaaS Sprawl Definition:

The concept of SaaS Sprawl refers to the increasing number of apps used by company employees in their work.

Software subscriptions are becoming more and more numerous, and as they grow popular, the budget they represent has become significant too.
Table of contents

Historically, software license usage was managed by IT departments. A dedicated team was in charge of the installation and updates of "on-premise" applications – those installed on a physical server, usually within the company's premises.

The advent of online software - Software As A Service (SaaS) - has allowed each employee to independently subscribe to services. The pricing models of these cloud solutions are multiple and evolving.

Switching from centralized license management to individual subscriptions has complicated the tracking of usage and budgets.

Online tools context and usage

A Statista study conducted among 748 IT departments from 2015 to 2022 reveals a more than 30% increase in enterprise SaaS.

Is 748 a representative sample?

Not necessarily, given the number of digitalized SMEs in France and around the world...

However, among LicenceOne clients, we observe that digitalized companies typically use between 50 and over 200 paid software.

This scattered and substantial use raises several questions:

  • How much does the company spend in total on SaaS subscriptions?
  • What is the associated budget per team?
  • Are all licenses effectively used?
  • Who has access? Who is an administrator?
  • Are there any planned annual renewals?

Regardless of the reasons (good or bad) that may have led a company to be over-equipped with SaaS tools, these uses can be rationalized through an effective internal SaaS Management policy.

Otherwise, besides uncontrolled spending, the risks to the company are very real.

What are the impacts of SaaS proliferation in a company?

Here is a non-exhaustive list of problems caused by SaaS Sprawl for SMEs:

1. Uncontrolled SaaS expenses budget

In 2023, for SMEs in technology and communication sectors, the cost of online tools has become the second-largest expense item. Second only to payroll. Whether we're talking about sales teams or marketing tools, controlling these expenses is a must to improve margins.

2. Many apps little or not used by employees

Subscribing to an online tool is mandatory to start using it. But it is not in the interest of software publishers to remind you that you continue to pay for a solution that is no longer used.

3. Potential duplicates or overlapping features

Subscriptions to productivity tools that can be used by different teams are concerned. Like photo editing software, design, between communication and creative teams. Concerning the overlap of features, the most affected tools are:

  • Online conference software (Zoom, Google Meet, Livestorm...)
  • Project management tools (Monday, Asana, Notion, Trello...)
  • Design software (Figma, Canva, Photoshop...)

4. Compromised access security

Having accurate and up-to-date visibility into access to different SaaS rapidly becomes complex. An employee may have subscribed to a software while they do not have to be an administrator. More often, employees evolve within the company or leave it while retaining access.

5. Non-compliant data management

The GDPR obliges companies handling data in Europe to many rules depending on the nature, use, and even origin of "personal data". Whether it's information about employees, your prospects' email addresses, or even your customers' purchasing habits... If this information is stored in online tools, the controller (DPO) must know, map, and protect their access.

How to limit and control SaaS Sprawl

In response to the previous paragraph, here are our recommendations for controlling the SaaS budget and limiting shadow IT.

1. Take back control of SaaS expenses

Where to start? Ideally by implementing an internal SaaS Management policy. That is, centralize information, ask employees to follow clear steps for purchasing software, and regularly check their status.

To help you define these procedures, we provide a template to track SaaS.

→ Spreadsheet format.

→ Notion template (coming soon)

2. Check the effective use of paid tools

This is perhaps the most delicate option to implement. From a technical point of view, how to find the information of a connection to a given tool?

LicenceOne offers a browser extension (Chrome, Firefox...) that detects the login environments of applications.

Another option, much heavier, is to go through a Single Sign On solution like Okta or OneLogin. This is a technically heavier option and can prove much more expensive for SMEs as SSO access is predominantly a feature available for premium SaaS plans.

Whatever the chosen solution, it must be able to account for tools that are no longer used internally.

3. Limit the number of tools that do the same thing

It takes a very good culture of SaaS tools to spot the features common to different competitors, and what makes them unique.

Here are 2 ways to detect the truth from the false:

Propose a regular questionnaire to users, asking them the main functionalities they use, how often, and if they are satisfied.

LicenceOne (again!) lists and keeps up to date the main features of each of the 21,000 SaaS in its database. Crossing redundant features automatically is part of the useful information provided by LicenceOne.

4. Control and limit access to the strictly necessary

Self-declaration is almost mandatory in this case. Ideally, the internal procedures managed by the IT manager provide for an organizational chart of user roles.

Moreover, each SaaS has its own role management. The customization options vary in depth and should be part of the purchase criteria.

The guiding principle we recommend is that a user should only have access to the strictly necessary. On the one hand, this limits human errors that can occur (erasing data, modifying fields, extracting information, etc.).

On the other hand - and this is the most important - an account can be hacked. The damage will then be limited if this user has limited access and rights to the company's applications!

5. Provide the DPO with essential information for compliance

Finally, the data contained in SMEs' SaaS often falls into the category of "personal data" whose use must be GDPR compliant.

Mapping SaaS tools, listing the data they contain, knowing users' rights and access... These are elements necessary for the DPO to properly execute their mission: ensuring the company's compliance.

FAQ about SaaS Sprawl

What is shadow IT? What is its connection to SaaS Sprawl?
Is SSO a solution to SaaS Sprawl?