Scaling up with SaaS: Key factors large companies must consider

Introduction

The adoption of SaaS in companies has grown steadily over the last few years. With an annual growth rate of 18%, it is estimated that 99% of companies will be using one or more SaaS solutions by the end of 2023. From Salesforce (CRM) to Slack (Collaboration), Zoho (for billing), Oracle (for enterprise resource planning) and ProWorkflow (for project management) there is a SaaS solution for the job. In 2015, companies only used an average of 8 SaaS solutions, this increased to 12 in 2016 and as of 2021, an average of 110 SaaS apps are used per organization. With the promise of enhanced productivity, scalability, and cost effectiveness, more and more enterprises are turning to SaaS for their business needs. However, before making that switch, these companies have to think about a few things first. 

First off, what is SaaS and why do large companies need it? 

SaaS stands for Software as a Service. It is a cloud-based software delivery model in which software applications are hosted by a third-party provider, such as Amazon Web Service, Google Cloud Platform or Microsoft Azure and made available to customers over the Internet. Instead of purchasing and installing software on their servers or computers, customers can access the software through a web browser or mobile app. 

SaaS is an essential tool for large companies because it offers the following benefits:

• Cost-effectiveness

SaaS relieves enterprises of the need to acquire and maintain expensive hardware and software. Instead, clients pay a monthly or annual subscription charge to access the software online. This can save a lot of money, especially for large organizations with many customers.

• Scalability

SaaS solutions are highly scalable, making it simple for expanding enterprises to use them. More users or features can be added to a company’s SaaS subscription as it expands.

• Accessibility

SaaS solutions are good for large companies with multiple locations or remote workers because they can be used from anywhere with an Internet connection. Employees can use any device, including laptops, tablets, and smartphones to access the software.

• Easy Updates and Maintenance

SaaS providers handle all updates and maintenance for their software. This means that customers always have access to the latest version of the software without worrying about upgrading or maintaining it themselves.

• Customization 

SaaS systems can be modified to suit a business's particular requirements. This may include features like branding, software integration, and unique workflows.

SaaS is an affordable, scalable, and available solution that can assist big businesses in streamlining their operations, boosting productivity, and lowering IT expenditures. Businesses can concentrate on their core competencies by utilizing SaaS solutions and outsourcing software administration to professionals. However, it's crucial for businesses to be aware of the potential risks before making the switch to SaaS. Convenience can rapidly turn into a nightmare of unanticipated costs, difficult integration, and security issues.

Implications of SaaS Adoption on large companies

Change management 

Adopting new SaaS solutions can bring significant changes to the way employees work. This requires proper change management to ensure employees understand and adopt the latest solutions, which can be time-consuming and costly. The amount that large companies spend on training their employees to use SaaS solutions can vary widely depending on the company size, the complexity of the SaaS solution, the number of employees being trained, and the level of training required.

Cost Management

According to the Training Industry Report (recognized as the training industry’s most trusted source of data on budgets, staffing, and programs), large companies in the US spent an average of $1,689 per learner in 2022, compared to $722 per learner in 2021. However, this is an average figure, and the actual amount spent by individual companies can vary significantly. Moreover, large companies often have complex IT environments with multiple systems and applications. Integrating new SaaS solutions with these existing systems can be challenging and require significant effort. This equally amounts to a substantial financial implication.

Data Security

Large companies handle sensitive and confidential information, and ensuring the security of this data is critical. SaaS solutions require transferring data to third-party providers, posing security risks. Additionally, data can be transferred to other countries with fewer regulations which pose further security risks. Companies should vet providers and ensure GDPR compliance to protect personal data. Being aware of the risks and taking necessary steps are crucial for data protection.

In December 2013, Target, a retail giant, experienced a data breach that affected over 110 million customers. The cause of the data breach was traced back to the misuse of SaaS by one of Target's vendors. The hackers got their way into Target's corporate network by compromising a third-party vendor. When the hackers gained access to Target’s network, they were able to steal sensitive data such as credit card numbers, expiration dates and security codes from Target’s POS (point of sale) terminals. Target's misuse of SaaS through third-party vendors exposed sensitive data, resulting in the company paying over $18 million in settlements and penalties.

Similarly, in November 2017, Uber, the ride-hailing company, announced that it had suffered a data breach in 2016 that exposed the personal information of 57 million Uber customers and drivers worldwide. The breach included names, email addresses, phone numbers, and in some cases, driver’s license numbers. In addition, the hackers were able to obtain approximately 600,000 driver’s license numbers of Uber drivers in the United States. 

According to Uber, the breach occurred when two individuals outside the company accessed and downloaded data from a third-party cloud-based service used by Uber. 

While the breach did not occur directly on Uber’s own servers, it highlights the potential risks associated with using third-party cloud-based services to store sensitive data. Companies must ensure that their cloud service providers have strong security measures in place to protect their data, and must also implement additional security measures such as two-factor authentication and encryption.

License Management 

Furthermore, large companies often face license management issues when adopting SaaS due to the complex licensing structures and various SaaS platforms they use in different departments. Here are some license management issues large companies face when adopting SaaS:

• Overlapping licenses

Large companies may use multiple SaaS applications with similar functionality, leading to overlapping licenses. This can result in paying for licenses that are not being used or paying for licenses that are unnecessary due to the overlap. 

• License Underutilization

Large companies may purchase more licenses than necessary to ensure they have enough capacity to support future growth. This can result in “sleeping licenses' that are underutilized and leads to wasted resources and unnecessary costs. According to Zylo's "SaaS Management Index'', on average, 44% of businesses' SaaS licenses are wasted or underutilized. Enterprise organizations (10,000 employees) spend over $224M on SaaS but only utilize 50% of their SaaS licenses. 

• Compliance Issues

Large companies must manage their SaaS licenses to ensure compliance with licensing agreements. Failure to comply with licensing agreements can lead to legal and financial penalties.

• Unapproved Usage

Employees may use SaaS applications not approved by the company, leading to unapproved usage and potential security risks. This occurs when there are no clear rules and policies put in place to govern SaaS usage.

• Cost Management

Large companies must manage their SaaS licenses to control costs. Failure to monitor licenses can result in overpaying for software that is not being used, leading to unnecessary expenses.

• Vendor Lock-In

Large companies must be aware of vendor lock-in when adopting SaaS. This occurs when a company relies on a single vendor for their software needs, making it difficult to switch vendors if needed.

SaaS Governance

When adopting SaaS into their operations, large companies must carefully consider all of these factors involved. Given the potential complexities of SaaS adoption, these companies must establish governance over their use of SaaS. Governance refers to rules and structures put in place regulating the use of SaaS. To set up governance to control and regulate the use of SaaS, large companies must:

Identify SaaS Applications: The first step is to take stock of all the SaaS applications being used by the company's various departments or business units. This involves creating an inventory of all the SaaS applications in use, identifying their respective owners, and mapping them to the departments or business units that use them. This step provides a comprehensive view of the company's SaaS landscape and helps identify any redundant or overlapping applications. 

Define Policies: Once the SaaS applications are identified, the company should define policies for their use. These policies should cover various aspects such as security, compliance, data protection, access controls, etc. The policies should be aligned with the company's overall IT policies and should consider the specific requirements of SaaS applications. The policies should also define the roles and responsibilities of various stakeholders, such as the IT team, business unit heads, and end users. 

Establish a SaaS Governance Team: The company should create a specific team in charge of overseeing the use of SaaS applications. Representatives from many departments, such as legal, IT, compliance, and security. The team should supervise the application of SaaS policies, guarantee compliance with them, and address any problems involving SaaS applications. 

Implement Controls: The next step is to implement controls to ensure that the policies are being followed. These controls could include regular audits, monitoring of access logs, periodic review of user access, etc. The controls should be designed to identify any breaches of policy and address them promptly. 

Provide Training and Awareness: Companies should educate and train its staff on the rules and recommended procedures for using SaaS products. Various topics including data protection, security, and compliance should be covered in this training. Additionally, new employees should receive the training, and existing employees should receive occasional refresher training. 

Evaluate SaaS Providers: Before signing contracts with SaaS providers, the company should assess them. Aspects including security, compliance, data protection, and vendor lock-in should be taken into consideration during the review. The evaluation should be based on a comprehensive checklist of requirements and should involve multiple stakeholders such as IT, legal, and compliance. 

Review and Update: In order to keep its SaaS governance policies and controls effectively and in line with evolving business requirements, the organization should evaluate and update them on a regular basis. The review should consider end-user feedback, audit findings, and any changes in regulatory requirements. The policies and controls should be updated accordingly to ensure the company's SaaS environment remains secure, compliant, and efficient.

Single Sign On and Directory Sync, the technical way to build your SaaS Governance

For large companies having issues managing multiple SaaS platforms, Single Sign On (SSO) and Directory Sync is just what the doctor ordered.

Single Sign On (SSO)

Connecting SaaS applications through a single sign-on (SSO) system can enhance security and governance for large enterprises. SSO grants employees access to multiple SaaS applications using only one set of login credentials, facilitating efficient management and monitoring of user access across various applications. SSO can streamline the process of managing user authentication and authorization for all applications for large companies with numerous SaaS applications.

SSO also allows IT departments to enforce stronger password policies and use multi-factor authentication to add an extra layer of security against data breaches caused by weak or stolen passwords. Moreover, centralizing user access through SSO makes it easier for companies to monitor who has access to which applications, comply with regulations and audits, and simplify onboarding and offboarding of employees.

SSO is a useful tool for large companies that want to improve governance and security in their SaaS environment while ensuring compliance with regulatory requirements. You can read more about the advantages of SSO here.

Directory Sync

With directory sync, organizations can synchronize their user directories with cloud-based applications, such as SaaS products, without the need for manual intervention. Large companies can automate the synchronization of user and group information between their directories and the directories of their customers or partners. As a result, any modifications made to the user or group data in one directory are immediately propagated to the other directory, keeping both directories always in sync.

SCIM, LDAP, and Active Directory are just a few of the protocols that can be used to accomplish directory sync. Depending on the systems to be synchronized and the needs of the business, a specific protocol will be utilized. The objective of directory sync, regardless of the protocol used, is to make user management simpler by automating the synchronization process and making sure that user information is always accurate and current. 

By having all your SaaS connected in SSO and Directory Sync, companies can take back control of their authentication security and improve SaaS cost management. They can deploy a SaaS Governance based on a real-time view of the SaaS usage and the authentication event for their compliance.

Now you know the factors to consider when adopting SaaS as a large company. Find out more on Cryptr and how we can connect your SaaS to your SSO and your Directory Sync to help you on your SaaS Governance!

And to chat with our teams to set up Cryptr’s directory sync for your company, you can book the slot of your choice by clicking here: Meet Cryptr.