For years, technology and SaaS were exclusively managed by the IT department, which had a firm grasp on the IT ecosystem composed of dozens of applications. However, in recent times, the number of applications has surged from dozens to hundreds, and this figure continues to grow at a frenetic pace. This challenge is no longer confined to IT; it has become a cross-functional and strategic concern within organisations, involving a wider range of departments (security, purchasing, business, etc.) and drawing greater attention from the Executive Committee.
This shift is primarily due to the rapid evolution of the SaaS market, reinforced by a general move towards the digitalisation of Business Units and organisations. These trends are shaping the future of enterprise IT, especially with the introduction of new technologies like AI and low code. In 2022, Gartner projected that 40% of global IT spending would be absorbed by some form of shadow IT. According to Cisco, the average ratio in the largest companies between the number of applications fully controlled by the IT department and all of them, including shadow IT, was a disturbing “one to fifteen”.
Tackling Shadow IT/AI is no longer optional. It is a necessity! Continuous monitoring of the IT ecosystem has become paramount. However, it is increasingly challenging for IT departments to maintain a comprehensive view of the usage of these applications, thereby mitigating risks and establishing robust governance. Traditional static audit methods have demonstrated their limitations in a constantly changing environment, especially in the face of the ‘SaaS Wall’.
Avoiding the SaaS Wall
It is essential for CIOs to understand that one-shot audits are not the answer to having a comprehensive view of SaaS applications. The market is evolving constantly, as well as the habits and needs of the Business Units (BUs).
Moreover, one-shot audits have a paralysing effect. The IT department suddenly discovers a ‘Wall of SaaS’ composed of 400 SaaS where it thought it had 40… This, of course, brings tensions onto the IT/BUs relationship, but also, no one knows where to start to take back control and start managing this new ecosystem effectively.
To get around this problem, organisations should take 2 steps:
1. Adopt a new way of discovery: continuous and dynamic detection is the key where IT is informed when a new solution is detected, when a SaaS is going from ten users to a hundred or when it leaves a business unit in a particular country to go to other parts of the organisation.
2. Set a dedicated team - a SaaS Community: creating a full-time SaaS Manager position will help define and drive forward SaaS Governance programs. The SaaS Manager will be in charge to establish the scope and a team around SaaS Management.
Want to know more about the SaaS manager role and how to set a SaaS community, click here to download our White Paper.
CASB & SaaS Management Platforms: complementary roles in SaaS Management
CASB tools and SaaS Management Platforms are frequently compared due to their complementary capabilities. CASB primarily focus on the thorough analysis of data exchange volumes, often coupled with a DLP (Data Loss Prevention) system. This approach allows it to pinpoint high-risk applications and potential data leaks in the cloud, making it particularly valuable for security-sensitive scenarios.
On the other hand, SaaS Management Platforms adopt a different perspective, emphasising governance and collaboration with business users. Their primary objective is to dynamically catalogue all available solutions, gaining an in-depth understanding of their evolution. This empowers IT teams to assess the criticality of their usage and, more importantly, guide business users towards the ‘application blueprint’: applications and their designated uses, all in alignment with the philosophy and goals defined by the company.
In essence, CASB and SaaS Management Platforms play complementary roles in SaaS Management. CASB stands as a crucial guardian of security, meticulously scrutinising data exchanges to safeguard against risks. Meanwhile, SaaS Management Platforms serve more as a vital governance tool to amplify the digital transformation in collaboration with all stakeholders involved (IT to Security, Purchasing, etc), ensuring that the adoption and evolution of SaaS solutions align with the company’s strategic vision and objectives. Together, they form a robust framework for a secure and optimised SaaS landscape within the organisation.
Why the CIO is best placed to lead this technological governance
The Chief Information Officer (CIO) plays a pivotal role in raising awareness among the members of the Executive Committee of the evolution of the IT ecosystem, its uses and the needs of the business users. Simultaneously, she/he has the crucial responsibility of ensuring the resilience and security of Information Systems (IS). In this context, the IT department fulfills its mandate of overseeing and regulating the IT infrastructure while actively responding to the technological aspirations of business users in close partnership with key stakeholders such as the CISO, CTO and CFO.
The CIO emerges as the pivotal architect in orchestrating this decentralisation of technology. He/she champions a sustainable and secure approach, working hand-in-hand with governance stakeholders to steer the organisation towards a future technological landscape. This approach ensures not only the seamless functioning of IT operations but also fosters innovation and responsiveness to the evolving needs of business users.
To achieve this, CIOs can rely on the SaaS Management maturity matrix as a starting point towards the establishment of solid governance and the implementation of a SaaS Center of Excellence. It is a step-by-step approach highlighting the people, processes and tools needed at each stage of the maturity.
The first step is to set up a continuous management system, which will then enable the successive implementation of a cost and contract knowledge system, followed by multi-party governance of the tools in conjunction with the business lines, to facilitate, for example, the addition of a new tool or the renewal of an application already in place. The most mature companies then aim to set up a form of ‘App Center’, a veritable digital catalogue of tools available to more autonomous business units. You can use our maturity framework to determine your current level of SaaS management, understand what you need to do to get to the next level, and the typical value and outcomes SaaS Governance will deliver.
Conclusion
It is becoming increasingly important to manage SaaS effectively and tackle Shadow IT risks. Yet these matters are, still, too often underestimated. As companies increasingly pivot towards digitalisation, it has become a critical strategic concern for maintaining competitiveness. This is why SaaS Management should be on the ExCom’s agenda. Consequently, achieving comprehensive and continuous visibility of the SaaS landscape and effectively managing associated risks has become imperative.
Although, these challenges cross multiple functions and involve various departments within the company, CIOs remain central to driving this digital transformation and overseeing the democratisation of technology. A SaaS Management Platform can play a pivotal role, providing the means to monitor the ecosystem and implement a strong governance framework. Navigating the potential hurdles of SaaS adoption will be a significant undertaking, making the choice of the right SMP, a strategic decision.
