How to investigate and manage your SaaS situation

Apple administrators can't afford to ignore employee-driven SaaS products anymore – even if they're free. 80% of the typical organization's tech stack will be made up of SaaS by 2022. That's quite a bit of Shadow IT. When you consider the snowball effect, that means the average 300-person company has three times more SaaS in use by employees than IT knows about.

SaaS sprawl in cloud-first apps can be a bit scary. More and more decentralized decision-making from the bottom up instead of top down can be worrying from a compliance and cost-containment point of view. But IT doesn't need to squash it, said Erin Merchant, Workplace Tech Success Manager, Envoy, and Barak Kaufman, Co-founder and CEO, Intello at a recent panel during the 2019 Jamf Nation User Conference (JNUC). As a matter of fact, it's possible for IT to use SaaS to their advantage.

Remember: ITs role is to empower people to use decentralized purchasing in a compliant and secure way, and to use those insights for making purchasing decisions — not to control everyone's usage indiscriminately.

Just follow these steps:

1. Discovery

It's an archeological dig. SaaS use is not solely a problem. View this as an opportunity! This can help IT not only understand who is using which products today, but also get an understanding of how to make purchasing decisions in the future. It's also a great way to build relationships within your organization with advocates within departments. Present yourself as a partner rather than a gatekeeper.

At first, learn about everything you can. Try not to use a pre-set of questions and allow some flexibility to help your staff understand that you are listening, and to get the most out of your interviews.

With that in mind, here are a few data points you should consider:

• What are the SaaS products?
• Who is adopting which products, and in what numbers?
• Why are people adopting them?
• Where and how do the apps store data and what does that look like?

2. Organizing data

Although you might be tempted to start with just a spreadsheet, consider how you will be using this information down the line. Will you need to run reports? Present data to higher-ups? Track apps to specific machines? Is there a better, more complex tool that exports to .csv, for example? Eventually, the content must be transparent and available, and it must be scalable. Why not start out with the right tool for the job?

3. Data interpretation

Once you gather the data, how do you read it? How do you decide what to care about? What metrics do you use to determine what is important?

• Security: how many SaaS applications you have in use? Who has access to the app? What data can the app access? Is it sensitive data?
• Workflows: does it impact cross-team work? Does it aid in efficiency?
• Financial: is the amount of money your organization spending on these apps worth it? How about the way the expenses are allocated?

4. Decide on and implement any changes

Create changes that align with your business goals and objectives. Ensure that you can manage all processors and vendors as well as making certain that they are secure and compliant. Every organization is different in terms of what regulation fits in with their IT and business objectives.

Base decisions on whether to keep or remove apps based on:

• Organization size
• Regulatory needs
• Ability to manage renewals
• Whether or not there is redundancy

Remember to keep the focus on your internal customers, but also keep specifics in mind. There are some clear criteria for evaluating which apps to keep. An app worth keeping has the following attributes:

• It fits easily within your existing infrastructure
• It has a good analytics panel
• It works with your preferred authorization tool
• It is to distribute and provision
• The vendor is responsive to requests for changes or assistance

You also need to identify what the budgetary needs are. Do more than two or three teams use it? If yes, that's probably a tool to keep in your portfolio. If it's a free app for only personal use that accesses no data, that's probably just fine, too.

5. Explain any changes

Get more buy-in from the right partners in the organization by clearly communicating why you have made the decisions you have, asking for their advice and input throughout the process, and genuinely treating them like the partners they are in these decisions. Have specific, real reasons for the choices you made, and develop a method for communicating why you needed to make the changes.

6. Continue to monitor

Keep track of who is using what to ensure that the apps are still being used, have not exposed any data and are scalable and manageable.

Get on board

Investigating and managing the SaaS situation in your company is an incredible opportunity for IT and departmental collaboration. Be part of the future of this cloud-first adoption instead of reflexively putting on the brakes due to anxiety over lack of centralization. Show employees you're not there to be a gatekeeper; you're there to empower them to use the tools that make them efficient.

That's what we're here for, after all!