Why SaaS visibility matters

Software as a service (SaaS) has become the new normal, with organizations adopting multiple new cloud applications every month to solve problems, streamline employee workflows, and drive revenue. But, with this rapid adoption of new applications, how can IT properly manage, support and protect their organization’s sensitive data and budgets?

Before we consider the way forward, it’s essential to talk about how we got here and how SaaS has changed things forever.

The Rise of SaaS

Nearly two decades ago, the potential of SaaS was enticing. It allowed IT teams to adopt software with lower upfront costs and less investment in infrastructure maintenance while maintaining tight control over the company’s security and compliance.

At first, only a few pieces of software were available to IT departments as cloud applications. But with time, this trickle became a tidal wave, and this tidal wave began to spread to more corners of the company.  

With time, more applications were adopted, not by only IT but by end-users and department heads. The traditional, locked-down-red-tape-covered process of application review and approval was increasingly bypassed.

Today, it is nearly impossible to imagine a world without SaaS. With the increase of decentralized workplaces and remote and hybrid work models, SaaS has overtaken on-premises apps and become critical to any company’s success.

But, with the prevalence of SaaS applications comes new challenges.

SaaS Risks: Shadow IT and Surprise Spend

Shadow IT:

Shadow IT is the purchase and use of technology without IT’s knowledge or approval. Historically, Shadow IT mainly consisted of hardware and sometimes software, but today most of it takes the form of SaaS (or cloud) applications.

Now, any employee with a corporate email, a willingness to fill out a trial form, and a credit card for purchases, has instant access to thousands of applications, each with the ability to easily integrate with business-critical apps. In fact, at Torii we’ve found that the typical company often has three times as many applications as the IT department estimates due to Shadow IT.

While Shadow IT enables teams to innovate faster and accelerate business, it also means that unsanctioned apps can store and access sensitive data without IT and security teams ever knowing. 

With unsanctioned, and even some sanctioned, cloud applications, the businesses lack visibility into how much they’re used (if at all), by whom, and from what locations. This lack of insight threatens overall data security and prevents them from confidently staying in compliance with privacy and data protection laws. For instance, if you don’t know what applications people have or are accessing, you can’t deprovision them when they leave your company. That’s why 83% of people still have, and 56% of these employees said they had used this continued digital access with the specific intent of harming their former employer.  

Wasted SaaS Spend:

Without visibility on applications, costs and usage, IT and finance organizations are left in the dark on significant spending and cannot adequately judge the value of applications. This leads to companies continuing to pay for underutilized or abandoned apps and unused licenses.

This issue is so prevalent that, on average, 20-40% of enterprise tech spend happens outside of IT’s knowledge.

IT can’t manage or protect what they can’t see. That’s why it’s necessary to equip IT departments with tools that grant them complete visibility into SaaS adoption, spend and usage.