Discover the Alliancy's latest editorial 👉 Shadow IT and digital resilience: SaaS Management on the ExCom agenda

Blog

From Shadow IT Audits to Proactive SaaS Governance

Managing the SaaS landscape has become a strategic challenge for large organisations. The rapid growth of SaaS applications, combined with the greater autonomy of Business Units in their choice of technologies, has led to new challenges and risks for the IT department.


However, to manage SaaS applications effectively and address Shadow IT (applications deployed by employees without the knowledge of the IT team), companies must transition from a reactive discovery approach to proactive monitoring of their IT ecosystem.

Feb 08, 2024 - 4 min

  • ShadowIT

The Pitfalls of a Static Audit

Static SaaS application discovery audits, whether manual or automated, may initially seem appealing. They list all applications used by employees, providing relatively detailed data. However, in large organisations where the number of applications grows each month, "one-off" detections spread over 3 to 12 months do not adequately support sustainable SaaS management.

Limitations of a one-off audit:

  • Outdated ecosystem representation: With SaaS adoption growing 20 to 30% annually, discovery audits provide a static snapshot of the SaaS landscape. This overview becomes obsolete upon delivery, hindering the establishment of effective governance.

  • Inaccurate data: The precision of a discovery audit relies heavily on the data sources provided and the technology used. Log analysis produces a significant volume of unstructured and often 'noisy' data. This analysis includes many false positives (detected but unused applications), which fail to offer actionable insights. Similarly, declarative surveys on the use of SaaS by employees are time-consuming for IT teams, generating many false negatives (used but undetected applications) and lacking qualitative precision.

  • SaaS wall effect: a one-off audit creates a paralysing effect; IT teams suddenly face a flood of detected applications, leading to the "SaaS wall" effect. Facing 500 applications when only 60 were anticipated, without clear directives for prioritising actions or defined responsibilities, can leave IT teams discouraged.

Continuous Detection for Proactive SaaS Governance

Implementing continuous detection of SaaS applications and usage is key to achieving proactive and sustainable application management within large organisations. This process goes beyond identifying applications and risks; it encompasses in-depth understanding and strategic decision-making based on continuous analysis.

The three pillars of this continuous monitoring offer a robust framework for effective management of the SaaS landscape.

  • Continuous observability: real-time visibility of the SaaS catalogue provides an understanding of existing application usage, potential redundancies, and solutions showing signs of decline. This proactive approach eliminates potential surprises and enables IT teams to keep up with the rapidly evolving SaaS application landscape.

  • In-depth understanding: A precise representation of the SaaS landscape by department, division, and teams offers crucial data on application usage. Details such as time spent on each application, number of users, application retention, etc., provide an in-depth knowledge of usage patterns, enabling management and governance strategies to be adapted accordingly.

  • Strategic prioritisation: Continuous monitoring facilitates the establishment of clear guidelines by using the information gathered on the application's criticality. Identifying the most sensitive and urgent applications facilitates prioritising necessary security and compliance actions. This proactive approach is essential for mitigating potential risks and maintaining a safe and efficient SaaS environment.

Conclusion

Continuous detection of the SaaS portfolio and usage is not just a matter of keeping an up-to-date list of applications. It is instead a strategic approach to anticipate, understand, and respond to the dynamic evolutions of the technological landscape. This proactive approach endorses informed decision-making and smooth collaboration between IT and business departments. It establishes the foundations for robust SaaS governance within the organisation. It optimises investments, fosters digitalisation, and guarantees security and compliance in an ever-evolving SaaS environment.

Beamy icon colour