improving saas visibility: how to provide guardrails, not gates

Written by Jennifer Kuvlesky, Senior Product Marketing Manager at Snow Software

New hybrid work models are causing significant shifts both in where employees work and in how organisations procure technology. In the wake of the pandemic, public cloud spending is booming  Gartner forecasts public cloud services will grow another 23% in 2021 to $332.3 billion with software as a service (SaaS) being the largest market segment.

With increased SaaS reliance comes new risk, and organisations are scrambling to shore up security and compliance threats for a more secure future of work.

According to a recent Snow Software survey, 92% of IT leaders report their organisations are moving or have already moved to hybrid work. Much of the recent SaaS growth has been driven by organisations’ need to provide access to applications from anywhere. It’s one important way they are keeping employees productive. The difference between SaaS and traditional, installed applications is installed apps have established mechanisms for controlling access such as application blacklisting (anti-virus), whitelisting and scores of others.

With SaaS, availability and access to unknown applications create many risks. Uncontrolled access is an open invitation to data security risks, possible compliance failures with regulations such as GDPR, HIPAA, PCI and others, not to mention costly application sprawl. Adding fuel to this fire is shadow SaaS, when employees use and/or purchase SaaS software outside of standard processes.

Risks of shadow SaaS

  • Data Security: Cybercriminals are quick to take advantage of the shift to the cloud and the common misunderstanding that cloud providers ensure security. The reality is data security is a shared responsibility. It is the responsibility of the SaaS provider to have baseline controls in place to ensure their platform protects your organisation’s data. It is IT’s responsibility to check if the SaaS provider in fact has good security policies in place. If IT is unaware of applications in use, then they are unable to vet the risk of these providers or how they interface with other organisational IT. And, end users need to be responsible by not using common passwords or uploading company/ customer data to SaaS applications without prior approval. The problem is some employees don’t know this, or they choose to disregard it.


  • Compliance failure: Another risk is being out of compliance with data privacy regulations. There are a growing number of international and national regulations and failure to comply can result in exorbitant fines. Take HIPAA, for example. Healthcare organisations must obtain a business associate agreement from providers who store, create, receive, maintain or transmit PHI. The business associate agreement provides assurances of how the provider will safeguard PHI data. To obtain this agreement, organisations must know about all applications employees are using that are storing, transmitting, creating and receiving PHI. There are numerous examples of organisations being fined for not assessing provider risk by obtaining a business associate agreement.


  • SaaS sprawl: In addition to data security and compliance risks, budget over-runs must also be top of mind for IT and the c-suite. Cloud application sprawl is a common result of shadow SaaS. When individual users sign up to use their own software, redundancies occur, and with individual use licenses, you might not be getting the best financial deal, or you may be out of compliance and run the risk of true-up charges. This has become a much bigger issue with fully remote and hybrid work employees. In the same Snow Software survey, told us their SaaS investment had increased in the last 12 months and nearly half said controlling SaaS sprawl is their biggest challenge.

Three guardrails that reduce risk

Now, end users with access to the internet can sign up for any SaaS application. To reduce risk, but avoid impacting productivity, you should consider implementing guardrails for your organisation.

  1. Make it easy for employees to get what they need.

Self-service is the name of the game, now more than ever before. Users are used to going to a central place like the App Store to get what’s needed for their phones. Provide a similar experience for employees to make it easy for them to search for what they need and request a subscription approved by your organisation. By offering employees a place to get their applications, you are removing the risk of redundant software in your environment. Self-service app stores also provide a level of automation to manage licenses. When assigning a license, you can indicate if it goes unused, and the license will be automatically reclaimed.

  1. Leverage technology to discover applications in use.

It’s impossible to determine if all the application providers used by your organisation have the right level of security controls in place if you don’t have visibility into all the technologies used across the organisation. Leveraging browser extensions on the user device can help you assess all SaaS applications in use, by the department, and by potential risk. Remember that not all software requires a license and using financial data for software inventory will not capture free application usage. If you are unable to obtain a discovery technology to uncover shadow SaaS, assess who has access to sensitive data (engineering teams, analytics, sales and marketing operations, finance) and talk to some of those users to find out what applications they are using. This information is often found in departmental onboarding documents.

  1. Educate and collaborate.

Once you know what applications employees are using, you can take a targeted approach to have conversations about why going outside of policy to use free or licensed applications is risky for the business. In having these conversations, you will also learn about the departments or user’s application requirements and will be better equipped to partner with them on identifying a safe solution to help them be productive.

SaaS use is powering an entirely new style of work, but a failure to proactively govern its use will spin up many new challenges. In response, IT teams need to shift how they work to maximise growing SaaS use while reducing the risks that shadow SaaS brings.




Intel's New Processor Beats Out Apple's M1 Max Chip

A new benchmark has been set by Intel’s Core i9-12900K (Alder Lake) chipset

View more: Intel's New Processor Beats Out Apple's M1 Max Chip

Report finds every worker who had a work-from-home experience wants to convert to flexible working

Credit: Pixabay/CC0 Public Domain While most workplaces acknowledge that they need to offer hybrid working, very few have a strategy to implement it to maximize productivity and worker wellbeing. In its most recent report, the Centre of the New Workforce at Swinburne University of Technology has found that every ...

View more: Report finds every worker who had a work-from-home experience wants to convert to flexible working

New Data Storage Tech Could Mean Never Saying Goodbye to Your Information

5D data storage provides lot more space for data

View more: New Data Storage Tech Could Mean Never Saying Goodbye to Your Information

Magic Leap Announces Next-Generation AR Glasses

With improved dimming tech for outdoor use

View more: Magic Leap Announces Next-Generation AR Glasses

Apple Claims iPad mini Wobbling Is Normal

It appears there is nothing to fix

View more: Apple Claims iPad mini Wobbling Is Normal

Do You Really Need the New MacBook Pro?

Probably not, but don’t let that stop you

View more: Do You Really Need the New MacBook Pro?

Philips Unveils 4K Xbox Gaming Monitors

These 27- and 32-inch monitors also will work on PC

View more: Philips Unveils 4K Xbox Gaming Monitors

Microsoft Loop Lets You Collaborate Better

Bringing multiple apps into a single document space

View more: Microsoft Loop Lets You Collaborate Better

New Windows 11 Update Includes Many Fixes and More Emojis

MagSafe Is One Of The Best Ideas Apple Ever Had

Microsoft Patches Windows 11 AMD-Related Performance Issues

A Touchscreen Mac Could Be More of a Hassle Than a Convenience

Apple's Touch Bar Idea Was Cool, but Didn’t Work Out

Windows 11 Installation Is Possible Without TPM 2.0

Your Chromebook Camera Can Do More Stuff Now

The New Kindle Paperwhite Isn't the Only E-Reader on the Shelf

The New Surface Pro 8 Looks Like an iPad Killer

Microsoft Announces New Surface Pro 8

Kobo Sage Is More Than Just an E-Reader

Alexa Together: Amazon launches service to help care for seniors