SaaS Management is the process of overseeing and optimizing a company’s cloud-based software applications. It includes finding SaaS tools, tracking usage and costs, ensuring compliance, and managing renewals and user access. This approach makes operations smoother and ensures the cost-effectiveness of SaaS subscriptions.
Why is SaaS Management important?
The past decade has witnessed a transformative shift in the way businesses use software, with SaaS and the software subscription economy becoming the dominant model.
This swift evolution towards cloud software is causing companies to revamp their outdated internal software practices and processes.
Virtually any employee can create an account on a SaaS without the IT team being aware. Any subscription can, and will, charge your card every billing cycle. Any SaaS can contain personally identifiable information without you being aware of it. And so the list goes on.
Enter SaaS Management: the antidote to out-of-control SaaS subscriptions.
How do I detect and monitor SaaS in my company?
Building an inventory of your SaaS applications always begins at identifying and selecting the data sources that’ll help you detect your apps.
Otherwise, companies risk creating what's known as a 'shadow IT' situation. In other words, it's hard for a company to keep a handle on all the tools they're using unless they know they're using them. This lack of SaaS discovery and oversight can lead to security risks and inefficiencies.
Therefore, the most robust SaaS Management processes will have at least two discovery sources deployed: one for detecting SaaS spend, the other for detecting SaaS activity data (i.e. when users log into their apps) and linking users to applications.
Each data source will likely present a unique challenge. For example, SSO will only detect applications that have SSO authentication enabled (which often requires you to be paying for the enterprise plan - the infamous SSO tax).
Admittedly, the differences between each of those sources can be a bit difficult to digest. Thankfully, most companies select data sources in a predictable manner, depending on their size, which we’ve handily outlined to save you time 👇
Centralizing software data and keeping it up to date
Think finding your data sources is a headache? Well, like most masses of data, the hard part comes when we need to ensure that everything is in the same place, consistently transformed into the same readable data, and analyzed at scale.
Some brave souls try to do this the old-fashioned way. They arm themselves with a master spreadsheet and a handful of 'feeder' sheets stuffed with raw data like spend & login details. Every time they update their SaaS spending, it's back to the trenches – manually exporting reports and relying on their trusty VLOOKUP skills to track every cent. Well, that's the theory, at least.
💡For those who secretly enjoy this spreadsheet purgatory, we've whipped up a nifty SaaS tracking template for Google Sheets. It's free and perfect for your kind of degenerate fun
What usually happens is those spreadsheets become digital fossils, forgotten and outdated. Or, in a cruel twist of fate, someone ends up manually sifting through mountains of logs meant for machine eyes, just to make sure the company's SaaS spending is fully accounted for. Eugh!
For those that prefer less torture, expense management solutions with virtual cards might be for you. They're especially handy for managing SaaS purchases, which are primarily online.
These solutions are great, but remember, they don't allow you to match user login data with each application. Cancelling a virtual card is easy, but making informed decisions about unused SaaS requires more data.
For those aiming for the zenith of SaaS management, SaaS Management Platforms might just be your gateway to Valhalla. These automatically synchronize with all your data sources, both financial and login activity included. They not only gather this massive trove of data but also interpret it and keep it constantly refreshed.
In the world of SaaS management, these platforms are unrivalled. However, choosing the right one can be tricky, with a few common traps to avoid. For an in-depth look at the best platforms available, our article on the Top SaaS Management Platforms, which we regularly update, should help you delve deeper.
Optimizing SaaS spend
Managing cloud applications effectively also means keeping a close eye on SaaS spending and questioning each line of the budget. Tactics that business leaders most often deploy to optimize their SaaS spend generally fall into 4 categories:
- Shadow IT - Discovering all the software your company uses and categorizing it into the correct accounting code. After all, if your Zoom subscription is incorrectly categorized as a coworking space, it's unlikely that it'll be flagged for the IT team to optimize
- Un(der)utilized apps - Monitoring usage statistics to determine if users are actually making use of their licences/seats or not. Most often this is done via a browser extension, desktop agent, or direct integrations with the apps themselves
- Renewal management - Preparing for contract renewal dates and notice periods well in advance can help put the ball back into your court, especially when it comes to right-sizing your subscription tier or re-negotiating your contract.
- Employee offboarding - Unlike installed software, where the employee is offboarded once they leave their computer in the hands of the IT department; SaaS solutions require someone to manually log in and remove an employee once they leave. If not, you risk incurring costs for users that physically can't log in to use the software - ouch!
But that's not all the weapons in your arsenal 😉. We've written in great detail about all the different methods at your disposal and how to implement them in our SaaS spend optimization guide.
How do I govern my company’s SaaS?
Compliance in terms of SaaS management will likely be based on either the location of your HQ, the location of your people of whom's data is being stored in one of your SaaS, the type of data you're storing with your SaaS vendors; or a mix of all three.
If you or your data subjects are in Europe, you'll probably require your apps to be GDPR compliant. If you or your data subjects are in the USA, you have California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), HIPPA, and the Colorado Privacy Act (CPA) to be concerned about. And that's not mentioning a whole host of other global standards that are being written into law as we speak.
In SaaS management, there are two ways to look at security: how your SaaS vendors are ensuring that they're secure, and how you are ensuring that your internal practices are secure.
SaaS vendor security
If you're just looking to tick boxes, this part should be really easy: ask your vendor if they are SOC type II and/or ISO 27001 certified, request their certificates, then call it a day.
If, however, you want to weed out the serious from those paying lip-service to security, you'd probably be better asking:
- Do you have a bug bounty program for ethical hackers to report security vulnerabilities? If so, when was the last time you awarded a paid bounty?
- Have you ever performed a penetration test internally? If so, when was the last time?
- Would we be able to run a penetration test on a sandbox environment?
- Is everything encrypted in transit and at rest, or only in transit?
Internal security practices
Ensuring security internally when it coms to SaaS will likely look familiar if you've ever implemented any sort of security measures, as its hard to reinvent the wheel.
When it comes to access management, it's best to stick to a simple rule: give people only the access they need to do their jobs. Yeah - that means not everyone should have administrator privileges for all their apps 😒
Oh, and for getting users into those apps, you'll likely need to implement an identity management tool. Smaller businesses do well with a password manager, while larger ones more often implement a Single Sign-On (SSO) solution.
It's also smart to have automatic alerts in place. These can let you know whenever a new application starts being used, or when someone uses an unauthorized app, helping you keep up-to-date with your company's SaaS stack as it evolves.
Putting SaaS Management into Practice
This isn't a one-size-fits-all recipe. It needs to be fine-tuned to your company's specific situation. We provide here a general framework, offering guidance on implementing an effective internal SaaS management policy.
1/ Pin down a single, trusted source for tracking expenses
- A frequently updated spreadsheet
- A dedicated project management tool
- A specialized application
2/ Assign oversight roles
- Invoice tracking (coordinating with bookkeeping and accounting)
- Forecasting renewals, particularly for annual subscriptions
- Negotiating or adjusting contracts
3/ Oversee employee access: onboarding and offboarding
- Keep a tally of the number of users (particularly if pricing depends on it)
- Manage additions, deletions, and role assignments
4/ Regular regulatory and compliance checks
- Create a data map
- Catalogue existing third-party integrations
- Confirm legal aspects with the DPO (Data Processing Agreement)
The responsibility lies with you to create an internal policy. Establish best practices and engage your teams. Employees need to understand the financial, regulatory, and security implications of their online application choices and their usage patterns.
Tools and Technologies for SaaS Management
SaaS Management can also encompass supplier contract management and negotiations. This involves services that can either be outsourced or kept in-house based on the company's policy.
The market is quite fragmented. With the aim of providing more clarity, we have detailed the technical characteristics and functionalities by category and positioned the different actors that can belong to multiple groups.
The software comparison platform G2 Crowd has also made this classification effort, and we have focused on providing more details.
SaaS Management Platform: Key Features
These software solutions bring together all the information and functionalities necessary to gain control over SaaS in the enterprise.
- Detecting SaaS expenses (SaaS Spend Management)
- Compliance and usage tracking (SaaS Operations)
- Purchase optimization and negotiation (SaaS Negotiation)
Each of these features corresponds to a sub-category with specialized players.
1. SaaS Spend Management Software
Expenses are first identified, ideally kept up-to-date at a reasonable frequency, then attributed to responsible parties, allocated by teams, subscription type (monthly, quarterly, yearly), and renewal date.
The sources used vary among different actors, from issuing dedicated payment cards, integrating with accounting solutions, to connecting to the company's bank accounts.
- Renewal detection and alerts
- Expense history and evolution
- Role management: allocation by team, by responsibility
- Up-to-date information sources: bank account connection, accounting software integration, spreadsheet or CSV import, self-declaration, dedicated payment cards, etc.
Actors in this sub-category might prioritize different options.
2. SaaS Operations: Compliance and usage tracking
Compliance and access remain critical points. SaaS Operations platforms use different data sources to map out actual application users.
This can involve self-declaration, Single Sign-On (SSO) solutions, password managers, or browser extensions.
This information provides necessary visibility to manage enrollments when employees join, as well as unenrollments upon their departure or internal movements.
This tracking is mandatory for compliance on one hand and expense optimization on the other.
- Application usage tracking per employee
- Task management and assignment (onboarding / offboarding)
- Internal messaging integration / HRIS / notifications
- History (log) of actions or tasks performed
- Configurable alert for absence of connection
- Detection of free applications
- Integrations: Single Sign-On (M365, Okta, OneLogin...), password manager (Bitwarden, Dashlane, LastPass...), web browser extension, etc.
3. SaaS Negotiation (or Procurement): Negotiation with SaaS vendors
Having the previously listed information and keeping it up-to-date are the two necessary conditions for effective negotiation with online software vendors.
This work is mainly done for the most expensive solutions used by the company. This involves negotiating discounts in advance, updating/optimizing the number of users, or proposing alternative solutions.
Key services (not features!):
- SaaS partner marketplace (negotiated conditions)
- Cost optimization: analysis of effective users, evaluation of best plans for internal use
- Stack analysis: duplicates or overlapping features
- Call for tenders / benchmark with equivalent SaaS solutions
Future of SaaS Management
As we look towards the future of SaaS management, it becomes clear that it's an area ripe for innovation and growth. The integration of AI and machine learning is set to significantly impact SaaS management, offering enhanced data analytics and automation of routine tasks.
Security will become an even more critical focus, with advanced measures being developed to counter evolving cyber threats.
Furthermore, sustainability will become a key consideration, with a focus on energy-efficient operations and reducing the carbon footprint of cloud services. This evolving landscape indicates a dynamic future for SaaS management, where technology plays a central role in its advancement.