What is SaaS sprawl?
What is SaaS sprawl?
SaaS sprawl is the uncontrolled use of software-as-a-service applications within an organization. This phenomenon occurs when SaaS applications are used without proper oversight and management.
Sprawl can occur when multiple departments purchase and use SaaS applications on their own without the supervision or coordination of the IT department. This can cause decreased efficiency and financial strain on an organization.
SaaS tools generally require subscriptions and are cloud-based software applications that users access via web browsers and mobile apps. The service provider stores all underlying infrastructure and app data in its data center. This eliminates the need for installation on local computers or devices.
Some common SaaS products that businesses might use include email, collaboration and scheduling apps; e-commerce platforms; CRM tools; and human resource management systems.
SaaS provides organizations and individuals with convenient access to many services over the internet. Benefits of SaaS use include automatic software updates, the ability to scale resources and improved accessibility.
Causes of SaaS sprawl
A general lack of oversight and IT support can lead to SaaS sprawl. However, several common causes of SaaS sprawl within organizations exist:
- An abundance of options and ease of access. SaaS applications are available to solve nearly any problem an organization might face. Purchasing a subscription to SaaS is usually as easy as visiting a website or downloading an application. This makes it easy and tempting for employees or department supervisors to purchase subscriptions to multiple SaaS applications and software.
- Lack of procedure. Many organizations do not have an official procedure for purchasing and using new applications. Individual departments or employees downloading applications without approval from IT is known as shadow IT and can lead to SaaS sprawl. A lack of established onboarding procedures and IT oversight can result in redundant software purchases, uncontrolled adoption of SaaS applications and security risks.
- Not using existing tools. When employees aren't aware of existing tools available to them, they are more likely to adopt other applications to fulfill their needs. This results in redundancies in applications, which can lead to undue financial waste for the organization. Lack of onboarding and education on existing applications can inhibit potential productivity and workflow.
- Company culture. A company culture that does not embrace the adoption of SaaS applications and tools might find departments making these purchases and decisions independently. Companies that do not provide IT resources and oversight for software and applications are more likely to experience decentralized purchasing. When individual departments have their own policies regarding software use, poor communication between departments can result in duplicate purchases and policies that vary widely across the company. This can lead to failure to follow industry standards and best practices and make the company vulnerable to security risks.
Challenges of managing SaaS application sprawl
SaaS sprawl can lead to many challenges for organizations:
- Financial challenges. Decentralized purchasing of SaaS applications can lead to unnecessary costs. Organizations can often benefit from packages or discounts when subscriptions or purchases are funneled through IT or legal departments. Decentralized purchasing and shadow IT can also make tracking expenditures and adhering to budgets difficult.
- Operational challenges. Decentralized purchasing of SaaS applications often leads to multiple applications with similar functionalities. Managing relationships and updates with multiple application vendors can be time-consuming and complicated, requiring more work from employees or department heads. The hassle of managing redundant applications -- along with a lack of education and onboarding -- can lead to reduced productivity within departments.
- Security challenges. Unapproved SaaS applications -- due to lack of IT oversight and application management -- can put organizations can pose security risks, including data breaches and hacking. With proper oversight, organizations can restrict access as needed, which is essential for preventing security breaches.
How to identify SaaS sprawl
Organizations can identify SaaS sprawl by maintaining a clear picture of their SaaS landscape. Assessing SaaS use companywide is essential to identifying areas of potential sprawl. Here's how to do that:
- Create a SaaS inventory. Review financial records or expenditure reports to see where money is allocated to SaaS applications. Use SaaS management or detection tools to uncover SaaS applications companywide. Keep track of all existing applications using a spreadsheet or a SaaS management tool.
- Identify decentralized purchasing. Identify applications purchased without IT involvement or approval. Establish a procedure for departments to request approval for future software purchases.
- Identify redundant applications. Identify different applications with overlapping functionalities. Ensure multiple subscriptions for the same application do not exist across departments. One department should be responsible for managing application subscriptions and negotiating contracts with service providers.
- Assess security risks. Evaluate the process for onboarding employees and ensure that access is revoked in the appropriate situation, such as for former employees. Review user access permissions and security settings of each application across the organization, and ensure compliance with industry standards and company policies to avoid data breaches and other security threats.
- Ask for employee feedback. Survey employees on current application usage and the effect of applications on workflow. Identify any areas of existing shadow IT and unauthorized application use within departments, and ensure applications integrate well with each other and with core systems in use.
- Assess and establish IT governance. Evaluate current policies and procedures for the adoption and purchase of new SaaS applications. Identify vulnerabilities and enhance IT oversight and approval processes. Establish efficient SaaS management to keep track of future SaaS purchases to reduce cases of shadow IT and decentralized purchasing.