Cost risk Software-as-a-Service (SaaS) – Why SAM only works as a process

Author: Torsten Boch?

IT on-demand it has never been so tempting??

That software-as-a-service applications have mushroomed is not news. Cloud-based applications offer exactly the benefits that many employees want from their IT: There is an endless supply of customized apps that are available quickly and, above all, easily. In addition, they can be accessed from any device. Why wait for IT when an email address and a credit card are enough to get you the tools to work more easily and effectively at the touch of a button?

Not all that glitters is gold??

Sounds tempting, and from the employee’s point of view, it’s understandable. But as convenient as IT on-demand may be, it also has its risks:???

• Procurement bypasses IT??
• Access is possible from any device, even from outside the protected network??
• Access credentials are not centrally managed, so data protection is compromised?
• The provisioning and withdrawal of cloud apps is manual and error-prone??
• A lack of usage visibility makes cost optimization impossible?

If cloud applications are not acquired centrally by IT, a smorgasbord of apps, systems, and cloud instances grows within every organizational department. IT cannot hope to manage the associated security, compliance, and financial licensing risks.? Moreover, IT has no knowledge of and therefore no control over user credentials and access to web applications.??

In addition: No one knows whether these SaaS applications are secure, whether multi-factor authentication can be used, or who has stored which data in the cloud without encryption. And if they have been acquired without the involvement of IT, they often go unrecognized during inventory checks. That means they are not included in security audits.??

Another factor that should not be underestimated is the negative impact that shadow applications have on business process standardization. These processes can only run like clockwork if standardized procedures require the departments involved to use the same applications. If several departments use different technologies such as SaaS applications for similar use cases, process standardization simply isn’t possible.?

SaaS is not a free ride??

In addition to security, the lack of license compliance also comes into play. Unlike traditional on-premises software, SaaS is no longer primarily about whether enough licenses are available. In addition to the access analysis, usage and cost control are key: Who authorizes the budgets and ensures that surplus accounts are deactivated? When do which subscriptions expire? Do employees automatically remain logged in to the SaaS application even when they are not using it???

Where there is shadow, there is also light - making the cloud controllable??

Flexibility and speed are the most important assets in any cloud offering. But how can an IT organization design an attractive cloud service portfolio so that employees get exactly what they need for their daily work? And how can cloud usage be made controllable and compliant with licensing laws? What tools can I use to optimize SaaS costs???

There are several aspects to effective SaaS management. There is no SINGLE all-encompassing solution. A software asset management solution for SaaS only works when it’s in perfect harmony with several disciplines, which we describe briefly here.?

Software governance - it doesn't work without rules???

Software governance is a subset of IT governance and provides guidelines for the selection, procurement, and usage of enterprise software. For SaaS compliance, this can mean that employees must assume complete responsibility for the software installed on their computers or that unused software is automatically de-provisioned after 90 days.??

Controlled deployment via a central service catalog??

To ensure that IT has control over installed applications and logins at all times, the use of a service catalog is highly recommended. This acts like an enterprise app store, where all available and security-checked SaaS apps are deployed, approved, and billed. In the backend, automated change management is performed for provisioning, as well as an update of the license balance.??

It's all about usage - centralized contract management becomes crucial??

Just as in the classic over-licensing scenario, SaaS Apps that are never or only sporadically used generate significant avoidable IT expenses.???

To optimize cost and expense management, insight into the usage of all the respective SaaS services is needed. It is therefore advisable to ensure that cloud providers provide transparent usage data and cost reports before signing a contract. These can be transferred to a central cloud cost management solution, which allows flexible contract adjustments.?

Conclusion??

Software-as-a-Service is no longer about simply counting licenses. Rather, in addition to the technical issues of access and authorization management and security, it is primarily about usage, cost control, and contract management. Today’s software asset management must cover the complete set of processes around software selection, procurement, approval, asset inventory, billing, and usage analysis. Only then can the risks and optimization potential for cloud applications and contracts be identified at any time.?

Optimize Your Software Asset Management. It pays off.?