24th August, 2021
When an organization has a large number of SaaS applications in its SaaS stack, it gives rise to SaaS Sprawl.
Though SaaS applications bring many benefits to companies, having too many applications is also a problem.
Problems like shadow IT, security breaches, and overspending are most commonly seen in organizations due to the SaaS sprawl.
In this post, we'll discuss the causes of SaaS application sprawl, problems due to it, and best practices to manage SaaS sprawl.
Also, in the end, we’ll show you how Zluri can help your organization to manage SaaS sprawl.
No standardization in the apps category. When there is no standard application for basic purposes, like storage and file sharing, then employees get the freedom to go for apps of their choice—applications they like or are acquainted with.
Employees sign up for these apps without worrying about the extra cost and negative effects which these apps may bring to the organization due to lack of awareness.
Lack of centralized app procurement. When IT is not directly involved in the app procurement process, or other departments and employees can directly purchase the apps they want, it often leads to purchasing apps that are not required.
Then, you have redundant applications in your SaaS stack in the form of duplicate apps, apps with overlapping features, mismanagement of licenses, and eventually SaaS sprawl when most employees do this.
Allowing everyone to procure applications without having an authorized person for it gives freedom to the employees to sign up for applications based on their preferences, and this gives rise to SaaS sprawl.
The abundance of options in the market. As there are multiple applications available in the market for every niche work, employees often end up signing up for similar applications and use them partially without fully utilizing the available ones.
This often leads to multiple apps with overlapping functionality.
Lack of training to the employees. When employees are not educated and trained about how to use the applications and when to sign up for any new applications, they try different applications.
This also causes apps with overlapping functionalities, and this eventually gives rise to SaaS sprawl.
Security: In a recent survey done by Zluri and Pulse, 75% of the IT leaders said that the biggest concern from SaaS sprawl is security. SaaS applications store confidential data, such as financial information, customer records, intellectual property, and more, which needs to be protected from external threats.
With every new application, it becomes important to protect it from all security threats so that it doesn't cause security breaches. In case if any employee adds any SaaS application which is not secure, there are high chances of data breaches.
Costs: When employees start procuring SaaS applications without checking the existing SaaS stack, it gives rise to the number of SaaS applications in the organization. As a result, the overall SaaS spend increases.
It creates difficulties in budget forecasting and cost estimation for the finance department. Hence, many times it becomes difficult to manage SaaS spend, and companies often realize they are spending extravagant amounts on SaaS applications until someone finds this trend of overspending.
Consider an organization that gives its employees Google Meet for conferencing and communication, but when an employee starts using the Zoom application, it leads to other employees using the video conferencing app as well.
The usage of Zoom by many employees gives rise to SaaS spend without bringing any additional value.
Compliance issues: Organisations have to stay compliant with various regulations like FISMA, GDPR, ISO27001, SOC 2, etc., depending on the type of service it offers to protect sensitive data. Organizations are completely responsible for compliance-related issues, and failing in it can cost heavy penalties, lawsuits, and business reputation.
When organizations lose control of their SaaS stack or users' roles are not administered properly, it can expose data to external sources.
Shadow IT: The increase in SaaS adoption in the organization can lead IT to be in the dark about the application. Moreover, the IT department also lacks visibility about how users are using the application and what information they have shared.
It gives rise to shadow IT and brings many risks associated with it. Some of the risks due to the rise of shadow IT are:
--- Data breaches
--- Bandwidth limitations and system inefficiency
--- Compliance issues due to the possibility of violating regulations like HIPAA, GDPR, PCI DSS, ISO 27001, or SOC 2
--- Vulnerability due to expansion of attack surfaces
Data management: SaaS sprawl brings data sprawl due to the decentralized distribution of the information in different applications. It becomes difficult for IT to find where all data resides, who all has access to it, and how exposed it is.
For example, an employee who finds Dropbox more convenient for sharing and storing files even when the organization uses Google Drive. They may store and share data using Dropbox, which is beyond the purview of the IT department. When the employee gets offboarded, the data may remain in it forever with no chance of recovery.
Operational inefficiencies: The presence of more applications creates confusion among employees and IT. It causes delay, inefficiency and affects employees' experience. When employees suffer, so does their productivity and collaboration across different departments.
For example, when employees store and share data using different SaaS applications like Drive, Dropbox, it becomes challenging to retrieve this data efficiently when needed.
Discover all apps: Regularly take inventory of all the SaaS applications which are used in your organization across different departments. It will give ideas about your SaaS stack and which all applications are approved or not by IT. You can manually audit if the number of applications is less or use a SaaS management tool, such as Zluri and get a complete inventory of your SaaS applications.
You can keep in mind the following points to do a comprehensive audit of your SaaS stack:
--- Check license uses of different applications
--- Find out the unused licenses by employees
--- Monitor the network for unknown applications
--- Find out the different underutilized applications
--- Check invoices of all the applications
--- In each app portal, review the app-specific usage data
You can find out the answers to some of the above questions by asking and surveying employees or looking at single-sign-on data. But both of these methods are time-consuming, and none of them will give you accurate information.
You can use a Zluri to automate it for you. Zluri data is accurate and saves you tonnes of time and money.
Standardize apps: Make a list of different SaaS applications based on the requirements and department's needs. Make it compulsory for employees to only use those applications for specific tasks so that no duplication or additional apps can be purchased by the users.
Share the apps list with departments and employees so that they have information on which apps are already available in the organization.
To understand which app to standardize, you can do the below analysis:
--- Find applications with overlapping features and choose one which meets your organization needs
--- Take a survey of employees and understand the pros and cons of different applications
--- Ask the security and compliance team to review the app and include it only after their authorization
--- Understand your SaaS stack and find if the new app can integrate with it
Educate employees: Do regular audits of SaaS applications and understand their usage. IT can train new employees about the applications and usage.
By understanding the least utilized applications, IT can provide training to get the best out of the applications. IT should regularly caution employees about the risks of using unauthorized apps.
Centralize SaaS procurement: Plan and create a centralized SaaS procurement process in your organization, and only the concerned departments or authorized person can give access to the application. It'll give you an overview of your SaaS footprint.
Bridge the gap between IT and other departments: Let IT interact with employees from all departments to understand their needs and find which application is best suited for the use case.
IT can also create a separate application consultation panel to eliminate and resolve any doubt of the employees. It can also be used to educate them about the best procurement practices.
Improve onboarding: Allocate new employees all the required applications so they won't struggle to find or sign up for unauthorized and risky applications when they need to.
Train and educate them about applications they have been given access to and whom to reach in case they need a new one. Educate them on what's allowed and what's not in the organization.