SaaS vendor management as part of ITAM
With the proliferation of SaaS over the last few years, it’s never been more important for IT to streamline SaaS discovery, SaaS adoption, and SaaS operations. Managing SaaS licenses and administering access to interconnected systems is just as important to your overall management practice as physical asset control.
And as SaaS use grows and the balance between hardware and software purchasing shifts, effective vendor management helps organize purchasing data and processes for better decisions and more savings.
What are the biggest areas of concern for IT teams in 2022?
IT carries a heavy organizational weight on its shoulders. Not only must IT teams successfully implement and maintain infrastructure and physical assets, they also need to safeguard against the rising potential for threats, while simultaneously demonstrating a high level of trustworthiness to external stakeholders like business partners and customers.
Therefore, it should come as no surprise that the three biggest areas of concern for IT managers are visibility, access control, and security compliance.
Visibility is one of the most complex and persistent problems IT teams face in trying to manage assets. When teams lack granular visibility into available resources, they are at a disadvantage in terms of capacity planning, employee onboarding, resource management, and forecasting.
This lack of visibility is due in part to the increasing number of unique billing owners within an organization. Small companies average 10, and enterprise companies may have as many as 100.
What’s more, shadow IT (also known by the associated term “maverick spending”) is on the rise, with one study reporting an 8% rise in occurrences of unsanctioned SaaS applications use. These rogue application installs are difficult to detect—until they cause a reportable security incident or show up on a corporate credit card audit.
One report estimates that 75% percent of CIOs anticipate an increase in cybersecurity involvement over the next year. Visibility will play a huge role in the success of cybersecurity initiatives.
How vendor management can help: Silos rob companies of valuable time and productivity.
Centralizing hardware and software purchasing into a trackable system gives IT granular control and full visibility into every aspect of the tech stack and hardware inventory. It empowers them to play a vital role in driving decision-making, rather than just being “keeper of the keys” with regard to administering assets.
In order to remedy visibility issues and give IT total insight into their ever-changing technical stack, it’s necessary to centralize the purchasing process and include IT in the approval process for all new and existing software purchases. By using a centralized vendor management platform, individual stakeholders can still drive the identification and evaluation, while maintaining a high level of involvement and visibility for the IT department.
2. Access control
With increasing software use and interdependencies, maintaining strict access control is another ongoing IT challenge. The issue goes beyond single-user access, requiring IT to understand and manage how interconnected systems of third parties communicate, transmit, and secure critical data. Issues with the security of one software tool have the potential to jeopardize data across multiple departments and systems. Yet nearly half of organizations find it a challenge to track third-party compliance.
How vendor management can help: Having a contract record outlining how specific suppliers encrypt, transmit, store, and destroy data is an important part of preventing breaches and investigating incidents.
With centralized contract management, IT knows what security measures are in place for each software tool to prevent unauthorized access. A centralized and collaborative SaaS approval process also improves vendor selection to ensure suppliers meet minimum security requirements.
Being able to demonstrate highly secure systems and practices is critical. For companies pursuing partnerships with enterprise companies, SOC 2 compliance is table stakes. Without it, IT will spend considerable time responding to security questions and requests for documentation, which is a burden for all parties involved—it can even prevent sales teams from closing deals on time!
SOC 2 compliance also signals that customers and end-users can have a high degree of confidence in your services, making it not just an IT objective, but a priority for the entire organization. It’s important enough that 68% of companies prioritize threats according to the potential cost to the business. The impact they fear most is loss of data and negatively affecting customer relationships.
How vendor management can help: A centralized source of truth for compliance information greatly improves the speed and outcomes of a SOC 2 audit. It can also aid in providing responses to information requests. Vendor management software centralizes much of the relevant data, offering auditors a high level of visibility into supplier compliance data, information storage, and security protocols.
Effective data management also cuts down the time investment in preparing for audits, allowing IT to spend more time on improving the organization and less time proving compliance.
What are the consequences of informal IT
As IT has grown into a dynamic and integral management function within organizations, the stakes have increased. While IT enjoys more authority over business outcomes, it also becomes more responsible for the business impact of negative outcomes. This means that the process behind administering software and assets must necessarily become standardized and codified. There is no room for informal IT in a growth-minded organization.
The biggest challenges for IT teams include:
- Combatting SaaS waste: It’s expensive to let licenses sit unused, and yet it’s a common source of budget leaks for all types of organizations. The average company has 3.6 abandoned SaaS subscriptions and spends on average $135,000 annually on services it doesn’t use (or doesn’t use efficiently). With IT budgets under increased scrutiny in the face of changing economic and employment landscapes, eliminating unnecessary spending has never been more important.
- Inefficient provisioning/deprovisioning: Onboarding new employees and terminating access for former employees is a time-consuming and expensive task for IT. In order to efficiently onboard new hires, IT must have an effective provisioning process complete with licenses and access control for all necessary apps and services. Tackling this process informally leads to delays, frustration, and an overall worse new hire experience.
Even more important, IT must have a plan for the end of the employee relationship, and a management process for removing access to interconnected systems. In many cases, data security threats don’t originate externally, aka the call is coming from inside the house. According to one study, four out of five IT workers state they’d take sensitive data with them if terminated. Another found that over 60% of employees had brought data from a previous employer to their new jobs.
- Cyber security breaches: Whether from internal or external threats, cybersecurity is one of the main issues plaguing IT professionals. Instances of data breaches, ransomware, and other security threats are up 105% globally. Ransomware alone saw a 1,885% increase in the last year. Many of these attacks could have been prevented through stringent due diligence, security compliance checks for third parties, and better access control protocols for internal and external users.
100% of these challenges can be mitigated or eliminated through better vendor and user management practices. The complexity of the systems involved makes the use of a vendor management system vital for success.
What can SaaS management software empower IT teams to accomplish?
The right SaaS management approach relieves many of the frustrations and challenges facing modern IT teams, allowing them to move from reactive to proactive, driving positive organizational change and growth.
Freed from the cycle of chasing rogue assets, negotiating access issues, fending off security breaches, and responding to audit information requests, IT can serve as a change agent and help the entire organization achieve important efficiencies, such as:
Better budget optimization
Vendor management software can eliminate many of the conditions that lead to IT budget overruns and capacity planning difficulties.
Three areas where IT can save money and effectively plan future use:
- Deduplication: Redundant contracts and SaaS tools increase the complexity of your tech stack, thus increasing monetary waste. By de-duplicating and streamlining the tools used throughout the organization, you’ll spend less time administering software and less money on SaaS.
- License and asset utilization: Having a clear picture of your total portfolio of available licenses ensures you have enough on hand without a costly surplus. Automation can help you understand your license utilization rate for each tool in your tech stack, identify abandoned licenses or subscriptions, and help you right-size software assets to bring down costs.
- Reduced cost per license: Streamlining and deduplicating contracts and tools may allow you to take advantage of volume pricing for your most frequently used SaaS services. By negotiating better rates on larger volume, IT can achieve lower cost per license for the tools they need most. This reduction of individual suppliers also makes the stack easier to administer, and allows you to more accurately forecast SaaS costs.
Easier software selection/evaluation
Maintaining your tech stack in a SaaS management tool means you always know what tools are currently in use. Having a clear view of your portfolio makes it easier to increase usage within current suppliers, conduct SaaS spend analysis, and perform a competitive evaluation of potential new suppliers.
As part of the supplier lifecycle, IT can use automated renewals to evaluate suppliers at the close of every contract term using available benchmarking and buyer data. By incorporating evaluation into the process, IT can stay on top of changing supplier pricing and ensure the best terms and pricing over the long term without investing hours in tedious research.
Improved cross-departmental communication
Stack management works best when you have cross-departmental alignment on SaaS buying and contract and license management. It enables Finance and IT to make collaborative decisions about the projects they pursue, and the software and tools used to do it. Most important, it eliminates the information silos that lead to wasted SaaS spend, security risks, and reduced productivity.
Improving departmental alignment leads to many positive business outcomes, including:
- Increased visibility: When decisions are centralized on a platform, everyone can see and participate in decisions around technology–in real-time.
- Finance team wins: Budget stakeholders can see SaaS usage and spending, budget and forecast effectively, and participate in future planning.
- Better security: Collaborative IT closes the communication gaps that let shadow IT flourish. It creates a higher standard for due diligence and accountability.
- Compliance by default: By using a platform as the single source of truth for transactions, stakeholders can manage risk and improve processes.
- Better engagement: Having agency and transparency in tech decisions results in more engaged and productive employees.
- Cross-functional improvement: A more open system of feedback between departments allows teams to align objectives and ensure efficient spend management over time.
Getting started with SaaS management
Many IT departments suffer in silence with spreadsheets because of the perceived cost efficiency of an easily accessible, manual process.
In most cases, investing in an automated vendor management system for SaaS can result in considerable net savings for the organization. In fact, organizations that use a vendor management tool to buy software realize savings of up to 25%.
Another common obstacle to the automation of SaaS management: perceived difficulty in migrating. It can be intimidating to move to a new platform when IT is already struggling to gain visibility into its current software and assets. However, with the right process, migrating to a SaaS management platform can be a relatively quick, manageable process that results in immediate savings.
Where to begin
Begin your journey to better SaaS and compliance management in three steps:
- Identify a point person: Implementing SaaS management is a cooperative effort between IT, Procurement, Finance, and departmental stakeholders. Identify a champion to gather information and centralize the information coming in from multiple sources.
- Start with big-ticket apps: The 80/20 principle applies to application usage, so begin with identifying your most popular software tools. Ask department heads to provide a list of the top 10 or 15 apps their teams use. Similarly, identify company-wide apps such as Slack or Jira.
- Look at upcoming projects: Scan your current SaaS stack for upcoming renewals, expansions, or net new purchases. Use these as your pilot program for SaaS management automation. With the help of CSMs and buying experts, negotiate and close deals and stand up data within the system. Use established protocols to add new deals to the platform and further improve visibility and savings over time.
Ready to take your IT management to the next level without any added manual work?
Vendor management is a powerful way to stay on top of the software your company is using (or isn’t), save money on your bottom line, and effectively scale your business.
See what Vendr’s SaaS management and buying platform can save you–both in time and money.
Request a savings analysis today.