We love our SaaS Apps – they’ve become critical to our businesses and our lives. It’s no wonder that we use over 10,000 of them in every nook and cranny of our organizations. And while we can’t live without them, SaaS applications have now reached a critical tipping point in adoption – one that is calling into question the very role and future of IT organizations.
3 critical factors have now come together.
- SaaS Adoption is Growing Exponentially – and often Invisibly
According to Torii’s customer data, the average organization is adding 18-19 new SaaS applications to its stack every month; with most of these applications being added outside the purview of IT teams – by line-of-business leaders focused on growth and digital transformation. The obvious challenge this presents is that it further widens the Shadow IT perception gap – while most IT organizations think they have 100-150 SaaS applications in their portfolio, the real number is anywhere from 300-600+ apps. This begs the obvious question: if IT is no longer driving the bus on the SaaS stack, what does this mean for IT’s strategic impact in their organization?
- 35% of SaaS Licenses, and Countless hours are Wasted
According to the ITAM review – more than ⅓ of all SaaS investments are wasted on unused licenses, tools that are altogether not being used, or licenses that are over-provisioned for users that don’t need them. And though this number hasn’t changed from the days of shrink-wrapped or on-prem software, the cloud application paradigm has fundamentally changed our ability to pinpoint the waste – and to do something about it. While most cloud applications have reporting interfaces, APIs, and other methods of understanding who is using them and how – the challenge is that there is no centralized point of visibility across all of the cloud applications organizations have in their stack. This leaves two options for IT teams trying to grapple with the SaaS tsunami: 1. Ignore the problem or 2. spend countless hours trying to manually piece together an accurate picture of their SaaS stack using spreadsheets, CASB tools and home-brew or DIY solutions.
- SaaS Data Protection Risk is out of Control
IT teams are saddled with 100% of the burden of protecting sensitive data flowing through SaaS applications while seeing less than 50% of their total SaaS stack. This is leading to a perfect storm where Gartner predicts that by 2025, 99% of cloud breaches (across SaaS, cloud infrastructure, and other cloud areas) are going to be caused by preventable configuration or user errors. One simple scenario that repeats itself again and again in SaaS comes in the form of onboarding user workflows that encourage application owners to integrate as many SaaS applications as possible into a given tool. Think about when you first set up your Hubspot account – and are then enticed to plug in your Calendly, Zoom and other SaaS apps – only to later discover sensitive records flowing in or out of your CRM. Preventable errors often do not have malicious intent – but sometimes lead to very deleterious consequences. Magnify the problem across 100s of cloud applications and thousands of users, often acting independently, and you can see where this train is heading.
Naturally, the only way to really deal with the challenge of SaaS is to start managing it proactively, with software. We are well past the point where humans can keep up with the SaaS stack – and are fast approaching the point where the SaaS stack is starting to pose an existential risk to our organizations. We cannot shy away from the challenge – lock things down and duck into our digital bunkers. We need to lean into the challenge and meet it head-on.