Historically, software license usage was managed by IT departments. A dedicated team was in charge of the installation and updates of "on-premise" applications – those installed on a physical server, usually within the company's premises.
The advent of online software - Software As A Service (SaaS) - has allowed each employee to independently subscribe to services. The pricing models of these cloud solutions are multiple and evolving.
Switching from centralized license management to individual subscriptions has complicated the tracking of usage and budgets.
A Statista study conducted among 748 IT departments from 2015 to 2022 reveals a more than 30% increase in enterprise SaaS.
Is 748 a representative sample?
Not necessarily, given the number of digitalized SMEs in France and around the world...
However, among LicenceOne clients, we observe that digitalized companies typically use between 50 and over 200 paid software.
This scattered and substantial use raises several questions:
Regardless of the reasons (good or bad) that may have led a company to be over-equipped with SaaS tools, these uses can be rationalized through an effective internal SaaS Management policy.
Otherwise, besides uncontrolled spending, the risks to the company are very real.
Here is a non-exhaustive list of problems caused by SaaS Sprawl for SMEs:
In 2023, for SMEs in technology and communication sectors, the cost of online tools has become the second-largest expense item. Second only to payroll. Whether we're talking about sales teams or marketing tools, controlling these expenses is a must to improve margins.
Subscribing to an online tool is mandatory to start using it. But it is not in the interest of software publishers to remind you that you continue to pay for a solution that is no longer used.
Subscriptions to productivity tools that can be used by different teams are concerned. Like photo editing software, design, between communication and creative teams. Concerning the overlap of features, the most affected tools are:
Having accurate and up-to-date visibility into access to different SaaS rapidly becomes complex. An employee may have subscribed to a software while they do not have to be an administrator. More often, employees evolve within the company or leave it while retaining access.
The GDPR obliges companies handling data in Europe to many rules depending on the nature, use, and even origin of "personal data". Whether it's information about employees, your prospects' email addresses, or even your customers' purchasing habits... If this information is stored in online tools, the controller (DPO) must know, map, and protect their access.
In response to the previous paragraph, here are our recommendations for controlling the SaaS budget and limiting shadow IT.
Where to start? Ideally by implementing an internal SaaS Management policy. That is, centralize information, ask employees to follow clear steps for purchasing software, and regularly check their status.
To help you define these procedures, we provide a template to track SaaS.
→ Spreadsheet format.
→ Notion template (coming soon)
This is perhaps the most delicate option to implement. From a technical point of view, how to find the information of a connection to a given tool?
LicenceOne offers a browser extension (Chrome, Firefox...) that detects the login environments of applications.
Another option, much heavier, is to go through a Single Sign On solution like Okta or OneLogin. This is a technically heavier option and can prove much more expensive for SMEs as SSO access is predominantly a feature available for premium SaaS plans.
Whatever the chosen solution, it must be able to account for tools that are no longer used internally.
It takes a very good culture of SaaS tools to spot the features common to different competitors, and what makes them unique.
Here are 2 ways to detect the truth from the false:
Propose a regular questionnaire to users, asking them the main functionalities they use, how often, and if they are satisfied.
LicenceOne (again!) lists and keeps up to date the main features of each of the 21,000 SaaS in its database. Crossing redundant features automatically is part of the useful information provided by LicenceOne.
Self-declaration is almost mandatory in this case. Ideally, the internal procedures managed by the IT manager provide for an organizational chart of user roles.
Moreover, each SaaS has its own role management. The customization options vary in depth and should be part of the purchase criteria.
The guiding principle we recommend is that a user should only have access to the strictly necessary. On the one hand, this limits human errors that can occur (erasing data, modifying fields, extracting information, etc.).
On the other hand - and this is the most important - an account can be hacked. The damage will then be limited if this user has limited access and rights to the company's applications!
Finally, the data contained in SMEs' SaaS often falls into the category of "personal data" whose use must be GDPR compliant.
Mapping SaaS tools, listing the data they contain, knowing users' rights and access... These are elements necessary for the DPO to properly execute their mission: ensuring the company's compliance.
