Orphaned Subscriptions: The SaaS Problem You’re Unaware Of
Over the last decade, business IT has changed significantly. Computing has become more distributed, portable, and personal due to the popularity of the software-as-a-service (SaaS) model of distribution. Previously, IT would purchase a software product and own the installation process across company infrastructure. Now, team leaders (or even individual team members) often select, purchase, and install the software tools they need on their own.
While this flexibility is healthy for productivity and keeping a business moving, the chaos of dozens or hundreds of individual SaaS apps with separate billing owners can be costly or even dangerous for businesses.
In 2018, an astonishing 71 percent of companies had at least one SaaS subscription without a billing owner, leaving the app “orphaned.” This could be because a billing owner left, transferred teams, or simply used an email address outside the company, but in any case you’re missing valuable information. The typical mid-sized company has 3 orphaned apps.
The most obvious problem with orphaned subscriptions is that you’re spending money on software that doesn’t have an accountable owner in your company. Having a billing owner on file means you should have an easily accessible record of all spending on the particular tool, how it’s changed, and what sort of use your organization has been getting out of it. And, if you don’t, you know where the responsibility lies.
More than that, orphaned subscriptions are an indicator that there is a general lack of visibility into your SaaS stack. If and when you decide to perform a SOC 2, ISO 27001, or other security audit, that visibility is key to demonstrating that your and your clients’ data is secure.
What are some of the most common reasons a subscription gets orphaned?
Owner Leaves the Organization
In the most common scenario an employee purchased a SaaS tool on their company email, but has since exited the organization. The organization continues to spend money on the outstanding subscription, but whether it is being fully utilized or even used at all any more depends on individual circumstances. Deprovisioning employees from their applications is an important but often neglected part of the offboarding process. It can be overlooked because it’s “secondary” to the physical offboarding and security processes. It’s complicated because there are hundreds of employee-app connections at even a 50-person company.
Owner Changes Role
A slightly less common scenario is when an employee is promoted or moves laterally in a company, leaves their previous team, and is given new credentials. There is often no process in place to migrate subscriptions tied to the previous email address over to a new one.
Email Address Change
Similar to the above but on a smaller scale, occasionally a team member will simply need credentials migrated from one address to another. This is a potential place for subscription data to be lost.
Incorrect Email from the Start
Finally, another common way for subscriptions to be orphaned is for the billing owner to have input an incorrect email. This subscription is orphaned from the start, but often it isn’t noticed until someone besides the original owner is asked to access something they cannot. Often the email chosen is a service email like invoices@ or marketing@, which ties the subscription to a department, but not to an individual, accountable owner.
How to Fix It
Getting visibility into your SaaS ecosystem is an important first step to combating orphaned subscriptions. A good SaaS management platform will surface your orphaned subscriptions, plus usage and spending, so you can see where you’re losing money. It will give you insight into your data security across your stack, and help automate and streamline employee onboarding, offboarding, and app provisioning. That’s why we created Vendr: to give IT teams the tools they need in modern, cloud-first businesses.