)
customer story
)
Due to the group's growth, Stéphane Louerat, the Director of Infrastructure, Cybersecurity, and IT Markets at Clarins, faced a significant challenge: a lack of visibility over the SaaS applications used by the company's Business Units (BUs). Some departments and subsidiaries have begun to adopt applications to meet their needs.
The IT democratisation and BUs autonomy to choose their own application led to the explosion of unknown solutions within the IT ecosystem, whose increasing volume may increase the risks for the group. As a result, Clarins enlisted Beamy to tackle three key issues: (1) detecting and cataloguing all SaaS applications (including on-premise solutions), (2) securing and rationalising the SaaS ecosystem, and (3) establishing dedicated cross-functional governance.
This challenge was especially significant given that each group’s subsidiary operates as a “profit centre” with IT being managed partly locally.
Clarins is a French family-owned business specialising in skincare and makeup products, distributing its products through its 28 subsidiaries in France and nearly 150 countries worldwide.
Clarins’ key challenges
Detection & Cataloguing of all SaaS applications
The BUs had developed the habit of deploying solutions to meet their needs without necessarily seeking approval from the group's IT department. IT identified this trend as a lack of specific processes or guidelines for SaaS applications. This absence of monitoring caused risky situations and a considerable time loss for the IT teams, who were only called for assistance when security risks emerged.
Clarins' goal was to regain complete visibility of the company's entire SaaS ecosystem, including On-Premise solutions in the long term, to effectively manage the risks associated with SaaS growth (cyber threats, regulatory compliance…)
Data consolidation and security for all SaaS applications
Upon discovering shadow IT applications, the IT department realised that some unknown SaaS applications may process some personal or sensitive data. It became critical to gain a global understanding of risks for effective management and establishing uniform security protocols across the organisation. The aim was to identify high-risk applications and include them in the IT department's established policies—creating a collaborative framework with BUs for using SaaS solutions or when requesting new solutions.
Establishing cross-functional governance for the SaaS ecosystem
Beyond cataloguing its applications, Clarins sought real-time monitoring of its SaaS ecosystem. This ongoing monitoring aimed to eliminate tedious manual tasks for the IT department, such as identifying duplicates and categorising applications. The objective was to better understand business needs and ensure they weren't already met, confirm the relevancy of used SaaS solutions, and control that new solution choices complied with Clarins's digital, IT, and cybersecurity policies.
”Some business departments started to adopt SaaS applications to meet needs that were not addressed before. Clarins’s goal is not to hinder business initiatives but to strike an optimal balance between risk control and management on the one hand and business agility.”
Stéphane Louerat - Director of Infrastructure, Cybersecurity, and IT Markets, Clarins
Benefits after a year
Complete visibility of all SaaS applications, including Shadow IT
Beamy played a pivotal role in helping Clarins identify, catalogue and gain a comprehensive insight into all SaaS solutions used within the organisation, including those in Shadow IT. Through an in-depth analysis of accounting data, proxy logs, and the existing IT repository, the company conducted a comprehensive diagnostic of all applications used within the group. After a year of effort, the IT department, thanks to Beamy’s platform, highlighted over 270 applications, with 235 categorised as shadow IT, while only 35 were initially referenced. The long-term goal was also to integrate all On-Premise applications.
Efficiency through automation of low-value manual tasks
Business Units chose SaaS applications to improve their efficiency, which did not follow IT governance processes. However, without adequate planning or IT best practices, this approach led to internal disruption.
For instance, IT was often approached by departments to subsequently connect SaaS to the Single Sign-On (SSO), requiring the allocation of unforeseen resources, especially for high-risk applications. Additionally, IT had to provide technical support for new, unplanned applications, configure data flows, identify risks associated with unused licenses, and manage personal data. By using Beamy's platform, the IT department saved time and resources, eliminating tedious and time-consuming tasks—such as manual application inventory campaigns, thanks to portfolio analysis.
RESULT
This approach saved time and improved efficiency by eliminating tedious manual tasks, equivalent to saving 0.5 Full-Time Employee (FTE) resources per year.
Risk remediation for security and compliance
Beamy supported Clarins in pinpointing applications with potential risks, focusing on data protection and compliance. A thorough review of each SaaS application ensured adherence to security and compliance standards. After identifying 270 applications, including 235 not referenced in the group's IT information system, Beamy played a crucial role in assessing each application's criticality level.
This process uncovered several high-risk applications. These SaaS were subjected to the IT governance process, allowing the IT department to regain control and implement necessary measures to mitigate these risks. This significantly reduced risks associated with shadow IT and improved Clarins' overall security posture.
RESULT
This enabled Clarins' IT teams to identify and bring 15% of the high-risk applications under control.
Mastering the SaaS budget, including Business Units’ budget
Beamy’s portfolio enabled Clarins to regain control over SaaS-related budgets and continues to do so for new solution requests. Beamy provides an overview of the organisation's spending, with direct visibility of all applications in use, improving synergies with governance teams.
This consolidation will enable the following year's budget to be drawn up more reliably. With a precise understanding of business expenses, the IT department will better anticipate future needs, which could increase annually. Consequently, IT teams will be better equipped to justify the budget to the executive committee, given their comprehensive grasp of current and future needs.
RESULT
Thanks to Beamy, 100% of the current SaaS budget is under control and manageable in the long term.
Control of costs over time
With the surge in SaaS solutions, companies increasingly rely on Cloud services. SaaS providers take advantage of this by imposing sometimes abusive conditions: higher prices, unclear renewal conditions, complex contract compliance, etc. The client/supplier dynamic is shifting. Beamy helps large organisations regain control and address these challenges proactively.
Beamy helped us identify over 200 not-identified in our repositories, more than 15% of which were at risk. This laid the groundwork for effective IT governance to ensure security while supporting the digitalisation of the Business Units.
Stéphane Louerat - Director of Infrastructure, Cybersecurity, and IT Markets, Clarins
Conclusion
The massive adoption of Cloud applications by business departments and technological evolution have transformed how IT departments manage IT assets.
With Beamy, Clarins acquired continuous visibility of SaaS applications and a global understanding of their usage while also implementing governance to reduce risk, secure IT assets, and optimise budgets.
The objective was not to hinder business initiatives but rather to strike a balance between control and risk management on the one hand and business agility and time-to-market on the other. This approach has enabled Clarins to protect its IT ecosystem effectively while promoting innovation and collaboration with Business Units, aligning with a strategic perspective that focuses on anticipating, comprehending, and adapting to changes in Clarins' SaaS landscape.
Today, Beamy serves as a unified platform for managing the complexities of the SaaS landscape, enabling better monitoring and understanding of SaaS usage, and implementing governance processes tailored explicitly to SaaS applications to improve collaboration between departments.
