By maximizing agility and efficiency through effective SaaS management, IT can unlock untapped potential and create new opportunities for value creation.

But how exactly does SaaS management impact IT departments? And how does it benefit the business, more broadly speaking?

Using customer data, we set out to answer those questions. Our new report reveals the measurable efficiencies, ROI, and impacts of SaaS management—so join us as we dive into some of the biggest takeaways and findings. 

Effective SaaS management eliminates thousands of hours of manual IT work

Effective SaaS management starts with automation.

To do so, IT teams rely on SaaS management platforms to automate user lifecycle management and day-to-day operations, as well as enforce security policies in a multi-SaaS environment.

Our report found that automating with BetterCloud’s SaaS management platform eliminates thousands of hours of manual IT work. On average:  

All told, between on- and offboarding alone, the total average IT time savings is about 1,700 extra hours per year. 

What kinds of strategic, innovative IT projects could you work on with 1,700 extra hours?

Quick time to value: ROI from effective SaaS management in less than a month

Ease of use. Quick implementation. No-code workflow creation simplicity. 

All of these factors help customers accelerate time to value and achieve fast ROI: 

Ensuring that company investments are actually driving value has become increasingly critical, especially in times of economic uncertainty.

SaaS management accelerates productivity for the entire organization

Eliminating manual SaaS management work means accelerated productivity (for everyone!). By using a SaaS management platform like BetterCloud, customers estimated: 

While effective SaaS management results in substantial productivity gains for IT, end users also reap the benefits by getting what they need more quickly and easily.

Download the full report to learn:

• How SaaS management platforms impact security and compliance
• How much productivity improvement an organization can expect from a SaaS management platform
• The strategic projects your peers are working on now by automating more

Grab the full report right here.

To learn more about how BetterCloud can help you eliminate up to 78% of your SaaS management work, request a demo.

But in the midst of this instability, it’s clear that two things have remained consistent. Companies of all sizes rely on SaaS more than ever before—and it’s high time for IT to solidify its processes for managing and securing a large (and growing) cloud-first environment.

To help define these processes, Gartner® recently published a report on establishing an effective SaaS governance policy that secures the perimeter and gives all employees ownership over the software procurement process. This report offers an extensive framework for building out a governance policy and explores why a SaaS management platform (SMP) should be at the center of it.

You can read the full report by clicking the link below. In the meantime, let’s explore a few of our key takeaways from Gartner latest research on managing and securing your SaaS environment.

A SaaS governance policy keeps your environment secure

Back in 2019, we reported that 62% of IT professionals believed their biggest insider security threat came from well-meaning, but negligent employees. We believe not much has changed over the last three years.

Gartner believes that there are two factors at play. First, it has never been easier for employees at all levels to add a SaaS application to your organization’s environment. Without a process or the right tool for discovering and managing your company’s use of SaaS, Gartner adds that SaaS adoption will still occur, but in ways that are “suboptimal and risky.”

“If you don’t explicitly discover and manage your use of SaaS, SaaS adoption will still occur but in ways that are suboptimal and risky.”

How to Establish Effective SaaS Governance, Gartner Inc.

Gartner also reports that SaaS buyers tend to focus on the immediate functional requirements and ignore longer-term issues, which leads to incomplete analyses of security requirements. To remedy these challenges, Gartner recommends what it calls a full lifecycle approach to SaaS governance.

These are obviously huge challenges for any IT team to solve. The key to doing so effectively? Gartner says a growing number of its clients are leveraging SaaS management platforms to centralize their IT support. The venn diagram below illustrates just one example of how you might administer an effective SaaS management approach with an SMP.

It’s no surprise that Gartner urges IT or the business units to adapt to more agile approaches to managing and enabling continuous change. Doing all of this work manually increases the potential for human error, which can be especially costly when it comes to maintaining security compliance and protecting sensitive data. As we’ve seen with many customers, BetterCloud’s automated workflows and alerts enable IT teams at all stages to handle the long list of tasks in the diagram above, while also freeing them up to work on more strategic initiatives.

Creating a holistic SaaS governance policy 

Shockingly, Gartner reports that many organizations still rely on a Microsoft Excel spreadsheet to track the applications in use across all business units. In response, Gartner shared, “no effective governance is possible without some form of written directive to set the rules and provide a basis for enforcement.”

At a minimum, the three basic SaaS control policies that follow must be established, including:

• Approve all SaaS use through a defined process. IT cannot automatically veto requests for SaaS, but must work with business stakeholders to create a flexible, practical and cooperative process to acquire appropriate new SaaS capabilities and steer inappropriate ones to better solutions.
• Assign accountability for SaaS. If the IT organization is not maintaining responsibility for a particular SaaS application, then the owner is typically a business unit (BU) manager or department head.
• Maintain a comprehensive cloud application inventory. The defined approval and responsibility acceptance processes must include the formal registration and tracking of SaaS use with IT. This is where an SMP comes in very handy, providing IT with a comprehensive look of all the SaaS in use at any time.

The Gartner vision for a holistic SaaS governance policy also urges IT to think about control requirements during the entire app usage life cycle. It is critically important during the purchase phase to consider the potential security risks associated with each SaaS application, and how those threats might evolve as use changes over time. 

Assessing risks and analyzing controls

While there isn’t a “one-size fits all” approach to assessing the risk of each potential app, Gartner recommends reducing the potential threats introduced by various SaaS apps with compensating tools. These include access management (AM) tools, SMPs, vendor risk management (VRM), and more.

An SMP like BetterCloud offers the ability to create and enforce SaaS usage policies, such as limiting the number of administrative-level accounts. It also helps monitor the use of SaaS with alerts and centralized dashboard visibility. 

Gartner also recommends using free SaaS with the utmost caution, and never with sensitive or business-critical data. To reduce risk, SaaS usage policies should specifically address the use of free SaaS, and steer users towards sanctioned apps. An SMP can provide IT leaders critical visibility into shadow IT usage so they can take appropriate action to enforce policies and protect their environment.

Actions to take from purchase to end of life

According to Gartner, to implement a strong SaaS governance policy IT should plan to take a series of actions throughout the entire lifecycle of a SaaS app. The initiation phase includes recommendations for purchasing, implementation, and user provisioning. It even covers actions IT might not think of immediately, like contingency planning in the event of an app outage or failure. 

Once an app is implemented, IT should plan for continuous management and monitoring as it becomes more widely used. One of the most critical tasks during this phase is keeping up with license management, to make sure that you are only paying for licenses you are actually using. IT should also look for ways to automate SaaS security actions, such as:

• ensuring sensitive data isn’t moved into an inappropriate location
• keeping tabs on shadow IT, and 
• ensuring user access levels are at the minimum required. 

This is where a SaaS management platform like BetterCloud can really help. Sensitive data can be automatically located, and IT alerted as to exactly where and what file it resides in. Users can be instantly logged out of risky shadow IT and notified that their actions violate policy. Excessive super admin accounts can be automatically detected and removed. All of these functions enable IT to take a proactive approach to the security activities involved in SaaS governance.

Even when a SaaS app is being decommissioned, Gartner recommends that IT take steps to proactively manage its end of life. Many of these activities involve the migration, destruction, or backup of critical data that might have resided in the app.

Conclusion

Overall, Gartner recognizes that IT leaders have a growing burden of responsibility when it comes to SaaS. Companies seem to have an endless appetite for more and more SaaS apps, and those tools are increasingly critical to business success. 

Gartner recommends IT create and follow a thorough and ongoing strategy for managing SaaS. From reducing the risks from shadow IT to optimizing usage, there are activities to be done throughout the entire lifecycle of an app. 

Download the full report to get all the details on how to more effectively govern SaaS usage. You can also schedule a demo of BetterCloud to learn how to centralize and automate governance activities.  

Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

[i] Gartner “How to Establish Effective SaaS Governance” by Charlie Winckless, Jay Heiser, 27 December 2021 – ID G00757704

Automation is a journey—and the horizon shows that the destination is zero-touch IT. 

In this blog post, we’ll dive into some highlights of our newest original research at BetterCloud. In our latest SaaSOps Automation Report 2022: The Rise of Zero-Touch IT, we explore the growing imperative to automate SaaS operations, its massive impact, and what it all means for IT.

Why zero-touch automation is increasingly important

IT leaders are moving beyond single task automation and onto orchestration and zero-touch automation.

In the world of zero-touch automation, IT aims to remove every manual touchpoint to orchestrate entire IT processes. Each process you orchestrate using zero-touch automation is a win-win.

IT jettisons the tedious, repetitive work—trading it for more engaging and innovative activities. Meanwhile, employees get fast access to the tools they need to do their jobs.

Along the way, you eliminate human error. As a result, your SaaS environment becomes more secure, and sensitive data is proactively kept safe.

With this context in mind, we wanted to get insights from IT professionals about the state of SaaSOps automation and how zero touch is emerging.

SaaSOps Automation Report 2022: The Rise of Zero-Touch IT

Our research set out to understand organizations at different stages in their automation journey. By using a well-known market research panel, we surveyed 413 IT professionals who work at organizations that use SaaS for at least 25% of their enterprise applications.

Among respondents, there were three groups:

• Automation Leaders who’ve automated at least 50% of SaaS-related tasks,
• Automation Newbies who’ve automated less than half of SaaS-related tasks, and
• Future Automators who don’t automate yet, but plan to this year

For each group, among other things, our research explores:

• Frustrations that automation could solve
• How the help/service desk is loaded with automation opportunities
• Why the rise of zero-touch IT can help reduce your high IT turnover
• The biggest benefits automation has delivered so far
• How zero-touch IT is crucial to an organization’s future

Here are a few highlights from the report.

1.) Complex SaaS environments have IT drowning in manual, repetitive work

As SaaS adoption rises, SaaS environments grow increasingly complex to manage. Access management, permissions, file security, user lifecycle management—it all amounts to a deep, swirling ocean of mundane, manual tasks.

IT might be keeping the lights on, but the tedium prevents them from working on strategic projects that improve margins, create better customer experiences, and/or raise revenues.

And it’s across the spectrum of automation groups too. A whopping 92% of Future Automators say they spend too much time on repetitive, manual tasks that could be automated.

Even among Automation Leaders, 65% agree they spend too much time on routine work. And 72% of them say it prevents them from working on projects with real strategic business value.

2.) Employees wait too long for help desk tickets to be resolved, and IT knows automating SaaS operations can help

Since IT teams are so stretched, employees are waiting too long for IT to resolve tickets. The impact to the organization, unfortunately, is an idle employee and a poor employee experience.

In fact, the average user downtime for a simple password or multi-factor authentication reset is 6 hours. A SaaS app access request is 9.3 hours.

So it begs the question: Can your organization afford the lost productivity from employees who must wait nearly a day for a simple request that can be easily automated?

Meanwhile, IT knows that zero-touch automation is a solution to help desk woes.

Let’s take Automation Leaders. Forty-two percent of them say they could automate another 51 to 75% of their help desk ticket resolutions. Another 14% say more than 75% of ticket resolutions could get automated.

Meanwhile, 60% of Future Automators think they could automate away less than half of help desk tickets.

The lesson here: The more you automate, the more you learn almost every task can be automated—backed by Automation Leaders who have 34% fewer SaaS-related tickets per week than those who don’t automate.

3.) Zero-touch automation is critical to IT’s career development, IT employee experience, and retention

According to BetterCloud research, IT turnover currently stands around 23%. With high turnover and IT talent scarcity, zero-touch IT will be increasingly important for IT leadership and the whole IT team.  

First, it’s increasingly necessary for IT employee retention.

Just look at the Automation Leaders. Eighty percent say zero-touch IT will be very critical or critical to job satisfaction in the next 12 months. Almost 70% of them also agree that it’ll be a critical part of their individual career development, if it isn’t already.

Once IT teams begin to automate, they get firsthand experience with its positive impact. For many, they start by automating a process like offboarding. Then, they improve that process, where it grows from offboarding birthright SaaS apps to all apps.

Before you know it, IT automates mid-lifecycle changes and other processes like password resets and app requests.

The end result for IT? A far more interesting and rewarding job with time to work on strategic projects that truly help the business and grow innovation—which are certain to help retain IT talent.

4.) Automation delivers benefits: About 70% say the biggest upside to automating the SaaS environment has been productivity gains

When looking at organizations who have experience with automation, the biggest benefits they’ve experienced are:

1. Productivity gains,
2. Help or service desk improvements, and
3. Fewer errors

Meanwhile, Future Automators are clearly motivated by different reasons. Likely driven by IT talent scarcity, their top benefit they expect automation to deliver is, by far, at 88%, help/service desk improvements. A distant second, at 60%, is productivity gains and third, at 56%, is cost savings.

Fortunately, these organizations that are beginning their automation journey will enjoy all three perks.

So what does IT expect in the future?

5.) The path forward—for better data security and IT operational efficiency—is zero-touch automation

As we look to the coming year, organizations must meet the simultaneous business requirements of:

• growing productivity,
• cutting costs, and
• improving IT employee retention.

The time for zero-touch IT is now, and there’s strong consensus. More than 80% of organizations say in the next 12 months, zero-touch automation will be critical or very critical for data security and IT operational efficiency.

Most significantly, though, is how many IT professionals consider zero-touch IT critical to their organization’s future.

As the level of SaaS usage and manual work rises, zero-touch IT becomes increasingly crucial. Even Future Automators understand the need for it. More than half (52%) say it’s critical to their company’s future, and a monumental 80% of Automation Leaders feel the same way.

The bottom line, though, is that organizations across varying levels of automation maturity all agree that zero-touch IT is critical to organizational health and future competitiveness.

Grab the full report to learn more the rise of zero-touch IT

Download the full report to learn:

• The #1 task your peers most want to automate using zero-touch IT
• The single biggest driver behind automation
• The most urgent challenges automation is solving today
• 5 tips to get started with zero-touch automation

Since 2012, we’ve been surveying IT professionals and publishing research to better understand what the shift to SaaS means for IT, end users, and the broader organization. Every year we explore IT’s biggest challenges and concerns, trends in SaaS adoption, and what the future holds—making this the industry’s largest and longest running research of its kind. 

This year’s survey of 523 IT and security professionals reveals the latest challenges of managing SaaS at scale, particularly as digital transformation catapulted forward in 2021—and IT kept the momentum going. It also sheds new light on SaaS file security, the state of SaaSOps automation, the workplace of the future, and more. 

Here’s an excerpt from the report.

Key takeaways

1. SaaS adoption continues to explode. The average organization uses 110 SaaS apps this year, up 38% from an average of 80 apps last year. 
2. More SaaS brings more SaaS management challenges. More than half of respondents (55%) say the top challenge to solve in their SaaS environment is lack of visibility into user activity and data. Additionally, nearly a third of respondents said they waste 20-39% of their total SaaS spend on unused or underutilized SaaS licenses. 
3. IT is facing new SaaS security concerns and challenges. This year, as SaaS file security violations spiked 134%, over half (55%) of respondents say their biggest security concern is not knowing where sensitive data exists.
4. Every organization will eventually become a SaaS-Powered Workplace. SaaS has crossed the chasm. While many organizations are still in the early stages of their SaaS adoption journey, at some point, every organization will be powered by SaaS.
5. Levels of SaaSOps automation will nearly double in the next three years. SaaS-Powered Workplaces report that today 45% of their routine SaaS operations is already automated and estimate it will rise to nearly 80% in three years.
6. In response to the past year, IT’s role is becoming more strategic. 76% of respondents report being more or much more strategic over the last 12 months.
7. The SaaSOps role will be critical to every IT team. All told, 60% of IT professionals already have “SaaSOps” in their job titles/descriptions or plan to add it in the future—a whopping 100% increase from last year.

SaaS adoption continues to explode, as organizations use an average of 110 SaaS apps in 2021

As organizations continue to embrace (and accelerate) their digital transformation journeys, SaaS adoption remains unabated. Up from an average of 80 apps last year, this year organizations use 110 apps, for a 38% increase. This is nearly a 7x increase in SaaS app usage since 2017, and almost a 14x increase since 2015.

The biggest SaaS management challenge? Lack of visibility

More SaaS brings more challenges. 

The number one challenge according to our respondents is lack of visibility into all user activity and data. What data are users downloading, sharing, exporting, and forwarding? What apps are employees using? 

Without visibility and actionable insights into their SaaS environment, IT is flying blind. And as SaaS adoption continues to massively climb, these challenges only compound.

Lack of visibility results in wasted SaaS spend

Forty-two percent of respondents said finding unused or underutilized SaaS app licenses was one of their most crucial challenges to solve. And indeed, 80% of respondents concede that some percentage of their SaaS spend is being wasted. 

License waste comes in many flavors. It could be the apps that go unloved and unused. It could be similar apps solving the same use case, like having six different project management apps across the business. It could be different departments using the exact same app, only with different accounts. In all of these cases, there are massive untapped opportunities to cut costs and properly allocate licenses. But without visibility, it’s incredibly difficult to identify these opportunities.

So how much of total SaaS spend is wasted on unused or underutilized SaaS licenses? Nearly a third said between 20-39%—which can mean thousands (or even millions) of dollars, depending on your SaaS spend.

Top SaaS security concerns: not knowing where sensitive data lives, unsanctioned apps, and more

The biggest security concern plaguing IT when it comes to SaaS is not knowing where sensitive data exists. If you don’t know where your data resides, you can’t protect it.

Additionally, it’s never been easier for end users to procure and deploy SaaS by themselves. Nearly three-quarters (69%) of our respondents worry about unsanctioned SaaS apps creating security issues.

This year SaaS file security violations have spiked 134%, and the number of files containing PII has grown 1944% year over year.

SaaS cuts both ways. While SaaS is a gamechanger for productivity, it also gives employees new levels of control over critical company assets. And with this new control come new risks related to app misconfigurations, excessive permissions, and uncontrolled file sharing.

The well-meaning but negligent employee poses the biggest data loss threat—by far

According to our respondents, the greatest risk to data loss isn’t the hoodie-wearing hacker or disgruntled employee. 

Overall, a whopping 72% of organizations feel that the greatest risk to data loss is the well-meaning employee who unwittingly shares sensitive information. These employees have good intentions and are just trying to do their jobs, but often lack the training or knowledge to keep sensitive information safe.

Employees who are merely trying to get work done or circumvent friction may share data publicly across the organization (or even publicly on the internet) without realizing the implications of their actions. Because they have access to confidential data and systems, it’s critical to implement thoughtful and thorough security training and develop a healthy security culture. 

Every organization will eventually become a SaaS-Powered Workplace

As SaaS adoption continues to reach dizzying heights, a new type of workplace has clearly emerged: the SaaS-Powered Workplace. These are organizations that are running almost entirely on SaaS. But of course, not every organization is as reliant on SaaS yet. Three segments stood out in our study, all with varying levels of SaaS maturity, which illustrate how the digital workplace is evolving:

Many organizations are still in the early stages of their SaaS adoption journey. But the data clearly reveals that they too are trending in the same direction as SaaS-first workplaces. SaaS has crossed the chasm—and at some point, every organization will become a SaaS-Powered Workplace.

Levels of SaaS automation will nearly double in the next 3 years

Given how time consuming it is to manage manual work, wrangle SaaS sprawl, and secure data, IT teams are increasingly turning to automation. The top benefit that IT teams expect from automating SaaS management? Improved operational efficiency.

SaaS automation will make big gains over the next few years. SaaS-Powered Workplaces report that today 45% of their routine SaaS operations is already automated and estimate it will rise to nearly 80% in three years. Workplaces in Transition and Traditional Workplaces, too, expect to double their automation levels.

Any organization adopting SaaS will eventually face the same operational challenges that come with discovering, managing, and securing SaaS apps, users, and files at scale. As SaaS apps proliferate, IT is beset with more and more manual tasks. And as SaaS-Powered Workplaces have learned, automating SaaSOps is the only way to scale and create more capacity.

In 2021, IT’s role (finally) shifted from functional to strategic—and will continue growing in importance

Amid the accelerating pace of technology and explosion of SaaS adoption, IT is helping organizations address new challenges and evolving its role from ticket taker to tech enabler. To continue driving momentum and enabling their modern workforces, IT changed to think strategically—as 76% told us.

In the past year, they’ve become less reactive, more proactive. They’re participating in strategic planning, driving customer outcomes, and becoming trusted strategic partners to the business, ultimately leading the way to tomorrow’s workplace.

The SaaSOps role will be critical to every IT team

Additionally, SaaSOps is increasingly influencing the evolution of job titles. All told, 60% of IT professionals already have “SaaSOps” in their job titles/descriptions or plan to add it in the future—a whopping 100% increase from last year. For many respondents, SaaSOps is where they’ll realign their career goals, if they haven’t started to already.

Workplaces in Transition and Traditional Workplaces are more established organizations with legacy infrastructure—and they, too, recognize the need to hire for SaaSOps roles and skills. 

The future of SaaSOps is now.

Download the full report to learn: 

• The current state of SaaS adoption across organizations of all sizes
• The top five most common types of sensitive data stored in cloud apps
• File sharing settings benchmarking metrics by industry
• The strategic projects your peers are working on by automating more
• The future of SaaSOps
• And more

Regardless of whether you’re a SaaS-Powered Workplace, Workplace in Transition, or Traditional Workplace, download the report and see how you compare.

To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.

In 2020, remote work became widespread, speeding digital transformation and SaaS adoption. And with the rise of SaaS, employees expect to collaborate and share files in order to do their jobs. This rapid realignment means that file security has never been more important.

To understand SaaS file security today, we surveyed more than 500 IT and security professionals and examined internal BetterCloud data from thousands of organizations and users—all to understand top challenges, concerns, and the magnitude of data loss and sensitive information leakage.

Here’s an excerpt from our report.

6 key findings

1. Lack of visibility into SaaS data plagues IT: Nearly half of organizations say their top security concern is not knowing where sensitive data lives.
2. Well-meaning but negligent users are the biggest data loss risk: More than 70% of organizations say the biggest data loss risk is the well-meaning but negligent employee.
3. IT doesn’t trust users with company data: Only 35% of respondents trust end users to responsibly share and store company data.
4. Securing user actions within SaaS apps is hard: Nearly half of respondents say they have difficulty securing users’ activities within SaaS apps.
5. SaaS file security violations are out of control: This year, as the world reopened for business, file security violations have spiked 134%, and the types of violations are rampant throughout the organization.
6. Organizations are rapidly adopting SMPs to solve SaaS file security challenges: 55% of organizations plan to use SMPs within the next 12 months.

In the past year, IT has experienced security policy violations, sensitive data exposure, and more

2020 shifted IT priorities more quickly
than ever before. As users moved to home offices, security took center stage.

And for good reasons:

More than half of very large organizations reported security policy violations in the past 12 months.

Additionally, nearly a third reported that users publicly shared sensitive data. Finally, 20% had compliance-related penalties, legal fees, or fines.

It all gives rise to the new importance of file security.

Lack of visibility into SaaS data plagues IT

Security concerns mirror this reality.

At the top of the list?

Nearly half of respondents report that they’re plagued by not knowing where sensitive data exists across their data sprawl.

Very large organizations, in particular, are concerned with insider threats. Meanwhile, large organizations are concerned about sensitive files being shared publicly.

Concerns around excessive admin privileges also ranked high on the list. While implementing a least privilege model is best practice, admin privileges can be difficult to right size, especially within SaaS apps.

Well-meaning but negligent users pose the biggest data loss risk

The biggest data loss risk is the well-meaning but negligent employee.

These employees have good intentions and are just trying to do their jobs, but often lack the training or knowledge to keep sensitive information safe. Negligent employees are by far the biggest threat for organizations of all sizes. However, it’s somewhat less of a concern for very large organizations, which likely trade productivity for security with the use of CASBs.

Securing users’ activities within SaaS apps is difficult

About half of respondents say they have difficulty securing users’ activities—and that includes file sharing—within SaaS apps. That’s not surprising, given how much employees can do within SaaS apps: everything from sharing data, downloading, exporting, editing, forwarding, deleting, and so on.

When it comes to SaaS file security, you can’t secure what you can’t see. So for organizations looking for the starting point: it’s visibility into the entire SaaS environment. This includes all users, all files, and all applications. Organizations with superior visibility are best poised to implement processes, policies, and automation to easily safeguard corporate data assets.

A dramatic rise in file security violations as the world re-opens for business

As life “returns to normal” and the world re-opens for business, file violations have spiked. An analysis of internal data from nearly 2,000 BetterCloud customers revealed a whopping 134% increase in the average number of file security violations from March 2021 to June 2021. With the rush to remote work, 2020 brought new SaaS file security requirements and user collaboration needs, as well as challenges for organizations of all kinds. It’s a salient reminder: As IT enables and empowers their organizations through the power of SaaS tools, they must also secure data in a way that maximizes user collaboration and productivity.

Download the full report to learn:

• How Google Workspace vs. Microsoft 365 users differ in end user trust and SaaS security difficulties
• The average number of file security violations per organization
• The tech stack commonly used to secure files
• Industry benchmarks for file sharing settings
• Recommended best practices to protect your SaaS data

To learn more about how BetterCloud can discover, manage, and secure your SaaS environment, request a demo.

Featuring survey data from 500 IT and security professionals, proprietary product data from 2,000+ BetterCloud customers, and commentary based on BetterCloud’s 7+ years of industry experience, this is the most comprehensive insider threats report to date.

This report sheds new light on where IT and security professionals feel the most vulnerable, what they feel most vulnerable to, and how they’re mitigating insider threats.

Insiders—people already in your organization—pose a pervasive security risk. And with the rise of SaaS applications, it’s easier than ever to expose confidential data, whether it’s intentional or not. As a result, a new type of insider threat is taking shape.

Here’s an excerpt from our report.

6 key findings

1. Just about everyone feels vulnerable to insider threats; 91% of respondents feel vulnerable.

2. Ninety-five percent of people using a CASB still feel vulnerable to insider threats.

3. Well-meaning but negligent end users pose the biggest security threat, according to 62% of respondents.

4. The biggest security challenge lies in cloud storage/file sharing and email technologies, according to 75% of respondents.

5. Forty-six percent of IT leaders believe that the rise of SaaS apps makes them the most vulnerable to insider threats.

6. Seventy-four percent of C-level executives don’t think they’ve invested enough to mitigate the risk of insider threats.

A new breed of insider threats

Data exfiltration is occurring in ways beyond phishing, malware, poor password hygiene, unlocked devices, or data transfers to USB drives.

Today, data exfiltration is also happening through SaaS applications. SaaS is the new threat vector, and it’s creating a new generation of insider threats for three reasons:

1. End users have a lot of freedom and power when using SaaS apps (and as a result, IT and security teams are losing control)

With SaaS apps, users can share files freely with just about anyone inside or outside the org: colleagues, partners, customers, contractors, even competitors. They can share documents, calendars, spreadsheets, and presentations publicly on the web, meaning anyone on the Internet can find and access them, since these files are scraped and indexed by search engines.

2. SaaS creates dangerous blind spots—hidden security threats that many IT and security professionals don’t even know exist

Because SaaS is so new, everyone’s sort of “figuring things out as they go.” In fact, 78% of IT professionals are just getting started managing SaaS apps or teaching themselves. You don’t know what you don’t know. On a recent webinar poll, we found that 86% of IT professionals think (or aren’t sure if) they have confidential/sensitive data exposed.

3. File sharing permissions and configurations are complex

In 2018, the Kenna Security research team discovered a widespread misconfiguration in Google Groups that exposed sensitive information at 3,000 organizations.

The reason for the misconfiguration?

“Due to complexity in terminology and organization-wide vs. group-specific permissions, it’s possible for list administrators to inadvertently expose email list contents,” Kenna Security wrote. “In practice, this affects a significant number of organizations.”

There are dozens of privacy and access settings for both end users and admins alike.

One mistake—one simple misconfiguration—can easily expose data. How can your average end user (or admin) be expected to understand and navigate all of these complex permissions securely?

The very beauty of SaaS—the ability to collaborate, the ease of sharing data—is also its ugliest and most dangerous security risk.

This new insider threat stems from the user and all their interactions with data.

A universal concern

Just about everyone feels vulnerable to insider threats. Ninety-one percent of our respondents said they felt vulnerable.

Who feels vulnerable?

What’s interesting here when we break it down by role is that 92% of C-level executives feel vulnerable to insider threats, vs. 83% of system/IT admins. Usually, we’d expect to see the higher percentage from admins.

Because they’re in the trenches every day, admins typically feel the pain of security vulnerabilities more keenly than execs. Often there is a disconnect between these two groups.

This data suggests that the disconnect may be lessening. Perhaps insider threats, which are growing year over year, are now more top of mind for executives.

Insider threats have a business-wide impact. As the C-suite assumes greater responsibility for cybersecurity and takes a more active role in shaping their companies’ security strategies, they may have a better understanding of this impact.

As companies adopt more SaaS applications and progress along their cloud journey, they feel increasingly vulnerable to insider threats. When the usage of SaaS becomes widespread and companies store more of their business-critical data in the cloud, more sensitive data is potentially at risk.

What type of insider poses the biggest security risk?

Which type of actor poses the biggest threat?

The most dangerous type of actor is the negligent end user, according to 62% of respondents.

Only 21% of our respondents thought malicious actors (intentionally causing harm, either for personal or financial gain) posed the biggest threat. Even fewer (17%) thought compromised users (exploited by outsiders through compromised credentials) posed the biggest threat.

Negligent users are your ordinary employees. They mean well, but they can be careless and unintentionally expose sensitive information. They are particularly dangerous because they have access to critical assets, but lack the training or knowledge to keep sensitive information safe as they do their jobs.

And for companies that are powered by SaaS apps, the negligent end user has even more freedom to unintentionally expose sensitive information. This statistic illustrates the extent of human error and the importance of end user training.

What type of technology poses the biggest security risk?

Forty-one percent of respondents believe that too many endpoints (e.g., user devices, computers, networks, etc.) make them the most vulnerable to insider threats.

The next two factors were too many users with admin privileges across applications and devices, and the rise of SaaS applications, at 26% and 25% respectively.

The confluence of these factors has created an environment ripe for security threats. IT and security teams must now grapple with securing devices (e.g., mobile device management, policy management, device access and tracking). The rise of SaaS means that they must also control and secure users’ connections (i.e., authentications) to all of their SaaS apps.

On top of that, they must also control and secure users’ interactions across their SaaS apps (e.g., entitlements/admin privileges, file sharing, groups, calendars, email forwarding, file downloads, etc.). These factors create a complex IT environment that presents numerous security challenges.

When looking at IT leaders only (heads of IT and above), almost half (46%) say that the rise of SaaS applications makes them the most vulnerable to insider threats.

Which technology within your SaaS environment poses the biggest security challenge?

Seventy-five percent of respondents believe that cloud storage/file sharing and email pose the biggest security challenge.

Nearly half (41%) of respondents believe that cloud storage/file sharing (Google Drive, Dropbox, Box, OneDrive, etc.) pose the biggest security challenge.

This is not surprising, given that organizations likely store their most sensitive and valuable data here. These apps also provide the most freedom and flexibility for collaboration. File sharing and openness make these apps beneficial, and by the same token, they also create security risks.

Email (Gmail, Office 365, etc.) was next, with 34% of respondents saying that this technology was the biggest security challenge.

Other SaaS collaboration tools were far behind. CRM (Salesforce, NetSuite, etc.), chat programs (Slack, Hipchat, etc.), and video (Hangouts, Zoom, Skype, etc.) represented the biggest security challenge for only 6%, 3%, and 2% of our respondents, respectively.

Of course, your response to this question will depend on where your most sensitive data is stored
and what type of business you are. Nonetheless, the reality is that your business data is stored in some type of SaaS app today.

Download the full report to learn:

• What types of data exposure your peers feel most vulnerable to
• What tools organizations are deploying to mitigate insider threats
• Strategies and technologies you can use
• And more

To learn more about how BetterCloud can secure user interactions in your digital workplace, request a demo.

Swiftly and surely, the world is shifting to Software-as-a-Service (SaaS). It’s becoming the de facto delivery model for core business applications.

But how is SaaS transforming the way we work? Over the past six months, we surveyed 1,800+ IT professionals to get a deeper understanding of this new workplace, where SaaS applications serve as the backbone of productivity.

The data revealed astonishing findings. SaaS is a double-edged sword. And while it brings incredible benefits, it also creates formidable challenges that are taking the roles and responsibilities of IT to new extremes.

This report provides a glimpse into the future. Our respondents—the most forward-thinking, cutting-edge IT innovators on the front lines—have told us exactly what they’re experiencing in the modern workplace.

And now we’re sharing this knowledge with the rest of the world: the good, the bad, and the ugly of SaaS, and how IT can adapt and excel in it.

David Politis
Founder & CEO, BetterCloud

5 Key Takeaways

1. SaaS is a runaway train that’s showing no signs of stopping. Companies use 16 SaaS apps on average today, up 33% from last year. 73% of organizations say nearly all (80%+) of their apps will be SaaS by 2020.
2. As a result, a new type of workplace called the SaaS-Powered Workplace is emerging. 38% of companies are already running almost entirely on SaaS. This new enterprise is the SaaS-Powered Workplace.
3. It creates incredible benefits like bolstering communication, cutting costs, attracting better talent, and improving employee satisfaction.
4. But it also creates new challenges for IT. These challenges only become more amplified in the SaaS-Powered Workplace.
5. To adapt to this new enterprise, IT must change the way it does its job. IT needs to rethink its roles, responsibilities, processes, and budgets.

On-premises investments have all but halted.

The world’s leading enterprise tech companies—like SAP, IBM, Microsoft, CA Technologies, and others that dominated for more than a decade—have made drastic changes in their product development and acquisition strategy. The “cloud” is front and center.

SaaS is now a common system of record for many organizations.

Today, organizations are trusting SaaS vendors to house mission-critical, irreplaceable data. While some people may have once thought this concept was absolutely absurd, this is no longer the case. These naysayers are now the minority.

To beat their competition, many CIOs would argue that SaaS must now serve as the system of record.

The largest public cloud market in 2017 will be SaaS, reaching an expected $76 billion by 2020.

SaaS and IaaS will both remain fast-growing segments for years to come as the vast majority of SaaS vendors depend on IaaS providers to operate.

Without Amazon, Google, and Microsoft, the economics of offering SaaS solutions become untenable for most vendors.

SaaS adoption continues to rise.

When SaaS entered the fray under the “software on-demand” moniker in 1999, its growth was slow. Within the last few years, we’ve seen SaaS adoption skyrocket. SaaS apps are seen as a future inevitability and have gained overwhelming support from IT professionals, end users, and executives alike. The “all-cloud” conversation has changed tone.

It’s now a matter of when, not if.

SaaS is legitimized and standard operating procedure at larger orgs.

The trend is for new applications to be first adopted by smaller, more agile organizations. Larger enterprises are slower to act, but once they do, they add legitimacy, turning a fringe trend to a mainstream mainstay. In regards to SaaS adoption, that tipping point has occurred.

Cost, security, ease of use, and integration capabilities dominate procurement criteria.

With tight budgets and no real line items for many emerging SaaS apps, IT professionals consider cost above all else, even more so than security. However, as many SaaS apps are adopted to drive productivity, more than one-third of all respondents select “ease of use” as one of their top three criteria when buying a SaaS app.

A new cutting-edge, all-SaaS enterprise has emerged: the SaaS-Powered Workplace.

A growing number of organizations are now running just a fraction of their business apps on-prem. These are SaaS-Powered Workplaces. More than 80% of their end user business apps are SaaS. In less than two years, more than half (51%) of our respondents expect to use SaaS apps almost exclusively, all but eliminating their reliance on desktop applications and their on-premises infrastructure.

As expected, SaaS-Powered Workplaces use far more SaaS apps than the average workplace.

There are many reasons why. SaaS applications make employees more productive.

When compared to the norm, SaaS-Powered Workplaces experience unexpected organizational benefits beyond just heightened productivity.

Many in IT are dealing with the consequences of rapid and often out-of-control SaaS adoption.

After using SaaS apps like Dropbox and Google Drive in their everyday lives, many employees felt compelled to grasp the productivity benefits of SaaS. Unfortunately, this often happened without IT’s consent and left CIOs and IT teams to deal with duplicate services, hard-to-trace subscription licenses, massive amounts of data sprawl, and an overwhelming lack of control. These past few years have felt like the Wild West of SaaS adoption.

It’s interesting to note that we’ve practically come full circle. In the on-prem world, IT had full control over its environment, deploying and managing 100% of their organization’s technology. However, with the emergence of shadow IT and SaaS apps, IT began losing control. Now, IT is slowly starting to reclaim it.

Today, particularly in VSBs and SMBs, IT is beginning to regain that control over SaaS applications.

IT professionals that manage SaaS-Powered Workplaces face a unique set of challenges.

SaaS-Powered Workplaces are more likely to encounter challenges related to admin delegation, external user access, automation, and managing users and assets across SaaS apps.

To be successful as CIOs or IT leaders in a SaaS-Powered Workplace, you must adapt in three primary areas.

The world of IT is now embarking on a new journey, one where best-of-breed SaaS apps are fueling a sea change in employee work habits and transforming IT operations, budgeting, and ultimately, its purpose.

The emergence of the SaaS-Powered Workplace is about empowering IT to run the world’s best workplaces through technology.

To watch this video on YouTube, click here.

What we have found is a divide within IT. On just about every topic in this post, entry-level admins, managers, and senior IT professionals see things through a different (perhaps more accurate lens) than IT executives (VPs and CIOs).

It’s fascinating.

IT executives often struggle to see many of the critical issues their departments face. As a result, many are unaware of the cracks in their IT environment that are forming beneath their feet.

On the other side, non-executive IT staff tend to see a more challenging side of IT, especially when it comes to the control and visiblity of SaaS applications, user lifecycle management, staffing, and budget.

DEMOGRAPHICS
84% of our IT respondents use G Suite or Office 365.

CONTROL
Non-executive IT staff, when compared to IT executives, are 29% more likely to say their team lacks complete control over their SaaS applications.

As we showed in our last Trends in Cloud IT post, SaaS application adoption isn’t slowing down. IT executives (who likely don’t manage SaaS applications on a daily basis) are more optimistic about their ability to control them. IT non-executives (who interact more with SaaS applications) are more likely to feel uncertain about the control they have over them.

We believe this data point shows that many non-executive IT staff have a more realistic picture of what’s going on in their own environments than the IT executives they work under.

Still, this shouldn’t overshadow the fact that the majority of IT teams, regardless of role, say they don’t have control over their SaaS applications.

VISIBILITY
Non-executive IT staff, when compared to IT executives, are 56% more likely to feel like their IT team lacks complete visibility into their SaaS applications.

Again, we see a disconnect here. IT executives believe their teams have more visibility into their SaaS applications than they likely do. Nearly half of all IT team members lack visibility into their SaaS applications. So not only are they struggling to control their SaaS applications, most are unable to even see how they’re being used.

ONBOARDING
Non-executive IT staff, when compared to IT executives, are 61% more likely to say that more than a quarter of new hires lack access to the right SaaS applications.

More than a quarter of new hires lack access to the right SaaS applications during onboarding, according to non-executive IT staff. IT executives report far less onboarding issues and as a result, likely assume that new hire onboarding is much smoother than it is in actuality.

Productivity takes a hit when a new hire lacks access to a SaaS application necessary for their job. At scale, this could cost organizations thousands of hours of productivity.

OFFBOARDING
Non-executive IT staff, when compared to IT executives, are 139% more likely to believe that former employees still have access to company data.

For whatever reason, many executives are unable to see the cracks in their IT environments. IT team members, who are largely responsible for the offboarding of employees, see the vulnerabilities more clearly. IT team members likely have a more intimate knowledge of the offboarding process, making glaring offboarding issues easy to spot. Either non-executive IT staff aren’t communicating the issues accurately or executives aren’t asking.

Either way, it presents a huge security risk.

According to non-executive IT staff, almost one in every three companies have data that is accessible by former employees. That’s a sobering statistic and one that needs to be addressed.

STAFFING
Non-executive IT staff, when compared to IT executives, are 41% more likely to say their team is understaffed.

The disconnect extends beyond technical challenges. IT executives don’t recognize how thinly stretched their teams are. The majority (54%) of IT team members feel their teams are understaffed–just 38% of IT executives say the same.

It’s hard for any employee to approach a superior and say, “We need to hire two more people.” But for many organizations, it’s a conversation that must take place.

BUDGET
Non-executive IT staff, when compared to IT executives, are 25% more likely to feel like their IT teams lack budget.

Lack of budget is an issue that roughly half of all IT professionals feel. However, IT team members notice constricted budgets more than their bosses do.

When you look at the fact that many employees have upwards of five SaaS applications (in some cases, more), it’s easy to understand why wallets are thin. And as we’ve previously highlighted, the budget issue is more pronounced when it comes to SaaS security.

PERCEPTION
The majority of IT professionals, regardless of role, view their IT teams as a competitive advantage for their organization.

Despite the major hurdles they must overcome, the majority of IT professionals believe they are making a difference. Now, the question becomes: What could IT teams do if they were on the same page? If everyone is rowing in the same direction, how much more of an impact could be made?

Stay Tuned for the Next Trends in Cloud IT

We are just getting started and have only dissected a fraction of our 2016 Trends in Cloud IT data. If you would like to receive the next Trends in Cloud IT post as soon as it’s published, subscribe to the BetterCloud Monitor daily newsletter.