Additionally, there are economic uncertainties to contend with now. Plus, there’s sky high employee turnover.

It all leads to the big question: Where should you focus your 2023 IT spending? 

Regardless of your industry or company size, your IT budgeting for 2023 should include automation. Let’s take a look at several reasons why.

7 reasons your 2023 IT budget should include automation

Using original BetterCloud data published in two research reports, The Rise of Zero- Touch IT and the recent 2023 State of SaaSOps, we pulled out the main reasons why your budget needs to include automation.

With that, let’s move on to the first reason.

1. Your competitors are actively automating some of their SaaS operations

Right now, more than 75% of organizations currently use automation. 

About 29% have automated more than half of their SaaS-related activities. About half have automated between a quarter and a half of their SaaS tasks. 

The rest don’t use any automation, nor do they plan to do so. If your organization is in this group, it’ll be tough to compete within your industry and for talent.

How do we know? IT professionals told us. 

According to our original research, IT struggles with an annual turnover rate that approaches 23%, while 81% of IT professionals say they’re open to new opportunities. 

This leads us to the next reason to add automation to your IT budget for 2023.

2. Your IT team is at risk of leaving for another organization that does automate SaaS operations

With an ongoing talent shortage and ever-present recruiting challenges, your IT department is at a disadvantage without automating. After all, automation is a hot, in-demand IT skill. 

IT professionals know it, too. 

More than half of IT professionals say they’re considering new positions that allow them to learn or advance their IT automation skills.

Almost as many would love to find a new job that doesn’t have the slog of repetitive, manual work that could be automated away.  

This brings us to the third reason why you need automation.

3. It’s impossible to effectively manage increasingly complex SaaS environments without automation

As SaaS adoption rises and companies grow, so does the amount of data. As a result, SaaS environments get harder and harder to manage. Access management, permissions, file security, user lifecycle management—it all amounts to a mountain of routine, time-consuming tasks that are never done.

A whopping 92% of Future Automators agree they spend too much time on repetitive, manual work. And 80% of them say it prevents them from working on projects with real strategic business value.

Routine activities take IT time away from more strategic projects—important ones, too. 

Instead of building a SaaS governance policy and better managing shadow IT or improving SaaS data security, IT is mired in tedious tasks like offboarding. 

Improving security is a perennial IT budgeting issue, and 2023 is likely no exception. And while we’re on the topic of security, let’s move onto the fourth reason why you need to include automation in next year’s IT budget.

4. Automation can help improve your security posture and reduce human error

Every IT department struggles with securing their SaaS environment. 

Insider threats—regardless of whether it’s rooted in malice or well-intentioned negligence—continually threaten your organization’s security posture. And as each new SaaS data file gets added, that risk only grows one file at a time.

As a result, it makes sense that the single biggest reason to automate is to boost security. 

Let’s take a minute to explain how automation improves security posture. For one, it reduces human error and, in turn, the mistakes that can create security vulnerabilities. 

Automation also helps eliminate misconfigurations. And by automating file or folder settings, automation also helps eliminate inadvertent sharing or exposed public links.

And then there’s the sharing of confidential information. Automation, using rules on what’s considered proprietary or personal, notifies IT with an alert that there’s a shared file or folder that could be a potential security violation. The violation can be automatically remediated, protecting data without any friction to the end user. 

Remember that SaaS security needs to scale. It’s simply impossible to secure your environment without automation.

Now that we’ve covered the single biggest reason to automate, let’s talk about that second most common reason: to grow IT efficiency.

5. Organizations that take advantage of automation have more efficient IT departments

The 2023 State of SaaSOps Report discusses the three types of workplaces in the world today. 

SaaS-Powered Workplaces are extraordinary, running almost entirely on SaaS. Compare this to Workplaces in Transition and Traditional Workplaces, which use far less SaaS. 

At the same time, consider their IT ratios, which show the number of employees per IT team member. SaaS-Powered Workplaces have one IT team member for every 83 employees. 

Meanwhile, Traditional Workplaces have one IT team member for every 59 employees. 

This means that SaaS-Powered Workplaces are about 30% more efficient. These organizations use more SaaS and effectively orchestrate entire processes, which is why they operate such lean teams. It’s also why they experience larger operational efficiency gains. Automation is one of the most powerful ways IT can accomplish more in less time, with fewer resources.

Imagine what you could achieve if your team was a third more efficient? Imagine how much easier it would be to recruit and keep IT talent? 

Efficiency is only one benefit, but there are other reasons why your 2023 IT budget ought to include automation. 

6. Automation meets expectations and delivers on promised benefits

We’ve covered both operational efficiency and security in previous reasons for automation. However, the fact that automation meets expectations is another reason to pursue it.

IT projects can be risky. Ever migrate a legacy application to the cloud? Who knows if that app migration will deliver a positive return on investment? Who knows if that app provides the required performance? 

But when it comes to IT automation projects, there’s much less risk. While success is never 100% guaranteed, automation projects are activities of incremental improvement. 

You start by automating a few simple tasks. Over time, you refine it to include the entire process. A good example is help desk tickets—these time-consuming, tedious, manual tasks are a great place to start to increase operational efficiency. 

This brings us to the seventh reason to add automation to your IT budget in 2023.

7. Automation enables you to build a faster, more effective help desk

When it comes to automation, help desk-related tasks are rich with automation possibilities. These processes are done over and over, are time consuming, and often leave employees idle and unproductive in the meantime.

Right now, nearly half of all organizations already automate onboarding, while more than 40% automate offboarding and the dreaded password and multifactor authentication resets. 

About a third are just getting started with creating initial automations, and around 20% are hoping to jump into the automation arena.

If you’re in the 6 to 11% of organizations that have no plans to automate any help desk tasks, it will be difficult to remain competitive.

The bottom line on IT budgeting in 2023: Automation is the future 

As you contemplate your IT budget for 2023, we hope you’ll consider these seven reasons and make automation a key priority. After all, you’ll be joining the 72% of IT professionals who believe that zero-touch automation is the future of SaaSOps. This next evolution of automation encompasses the orchestration of end-to-end, automated workflows, in order to help IT more easily manage repetitive, manual IT processes. 

Getting started is easy. First, pick your processes for your first automations. 

To do this, simply look at your most common requests, or help desk tickets. Look for the requests that frequently reoccur. Next, prioritize them according to how time consuming they are to resolve or those that most frustrate employees, partners, and customers. 

These are the processes that are ripe for automation. Remember that automation is a journey, so the faster you get started, the faster you’ll reap the rewards.

To learn more about how BetterCloud can help you automate your SaaS operations, request a demo.

We’re back this year with our tenth annual exploration of trends in SaaS operations (SaaSOps). 

Earlier this year, we surveyed 700+ IT and security professionals to uncover the trends, challenges, and priorities defining SaaSOps. After a burst in pandemic-driven SaaS app growth, IT is facing more challenges (and opportunities) than ever. And our data shows that IT teams are doubling down on automation to manage it all. But what does this look like in practice? And what will it mean for IT in the future?

Grab your popcorn, and let’s take a look at some of the key trends from this year’s State of SaaSOps report. 

Organizations are still using more SaaS apps than ever, but growth has slowed a bit 

This year, 40% of IT professionals said they consolidated redundant/duplicate SaaS apps, in part prompting a slower growth rate this year. After rapid acceleration of SaaS adoption in the beginning of the decade, the yearly growth pace has finally slowed down a bit for the first time. 

Despite that, the net growth of SaaS apps used is still up 18% this year, with organizations now using 130 apps on average. 

SaaS security is increasingly IT’s responsibility, and it’s not going away anytime soon

The line between security and IT is blurring. A whopping 81% of IT professionals say they are responsible for protecting sensitive data within SaaS apps. 

And the amount of sensitive data is rising too, which makes security even more challenging. 43% say they’ve added a new SaaS app that stores sensitive data in the last 12 months. Another 42% say they have difficulties securing users’ activities within SaaS apps.

Nearly everyone finds automation critical to overcoming today’s SaaSOps challenges

An overwhelming 86% of IT professionals believe automation is important to effectively managing SaaS operations, but nearly two-thirds (64%) lack insight and visibility to automate effectively.

For many enterprises, the automation journey is underway—bringing new automated processes, skill specialization, and the right tools to get the job done

71% of respondents have already automated at least one help desk process, like onboarding or password resets. Carving out specialized automation teams is on IT’s roadmap too. 43% already have a dedicated SaaSOps automation role or team where they only develop and manage automated workflows, and another 23% plan to. 

As for automation tools? Insights are key. 75% prefer SaaS management solutions that enable insights-driven automation.

Download the full report to learn: 

• IT’s top priorities in 2023
• Why SaaS security continues to be a major concern
• The operational challenges most crucial to solve in SaaS environments
• Which types of tickets your peers are currently automating (and planning to automate in the upcoming year)
• The strategic projects your peers are working on by automating more

To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.

But then in 2006, Blaine Cook began developing a Twitter Open ID implementation. After a few other folks got involved, they realized there were no open standards for API access and suddenly OAuth was born. Before we knew it, we could sign up for just about anything with a single click using our Facebook, Google, Twitter, or LiveJournal credentials. Seriously, LiveJournal. Just ask my former employer.

This tends to make for an incredible user experience. But because of the inherent security risks of using work credentials to create an account, it also can make life for IT miserable. Let’s explore some of the biggest reasons why OAuth is a security risk in SaaS management.

Apps request broad access to your data

Apologies to our entire IT department, but I’ve been guilty in the past of granting an app OAuth access without understanding the breadth of data that I potentially exposed. As our Director of IT Brian Farrell explained to me, OAuth scopes can be really difficult to understand—and many of them request overly broad scopes that grant broad access to modify, delete, and read your data.

I did a little digging to understand how complicated a popular scope can be and stumbled upon some Slack documentation using its API to leverage OAuth in an application build. When you look at the action classes, it doesn’t look too invasive, at least at first glance. 

• Read: Reading the full information about a single resource.
• Write: Modifying the resource in any way e.g. creating, editing, or deleting.
• History: Accessing the message archive of channels, DMs, or private channels.

See? Not too bad. But take a look at the screenshot below of all the actions a developer can leverage to request a large amount of data from a single user’s Slack account.

It took me a minute to understand the list of Associated Methods, but it became clear that many of them grant broad access to chat logs and lists in Slack. Is this a big deal in the hands of an app maker that prioritizes data security? Maybe not. But as we’ve seen over the last 24 months, even the most secure apps are vulnerable to an attack—and a single OAuth token can expose your organization’s data when it ends up in the wrong hands. 

Users don’t think deeply about the access they’re granting

We’ve done a lot of writing about the risk that well-meaning, but under-educated users present to your organization. OAuth tends to be the easiest way for a bad actor to take advantage of lay people like yours truly. And if we’re being honest, even the most careful people on the planet let their guards down occasionally and forget how much access they’re granting when they use a Google Workspace account to sign up for an app.

In an article for SecuRing, Damian Rusinek outlined a vulnerability in a Single Sign-On (SSO) mechanism based on OAuth 2.0. This mechanism allowed users to log in to an application using their Active Directory credentials, but a few of the applications integrated with it also allowed users to log in using their Google credentials. The problem? Some of the integrated apps allowed anyone with Google credentials to create a valid account. 

Rusinek’s biggest concern when he wrote this article was how easily a hacker could use any Google account to gain access to sensitive data. But I also ran the article by Farrell, who added that it’s also concerning because users tend to grant OAuth access with company accounts. 

I’m going to use myself as an example here to illustrate the security risk. Here’s how easily I could expose BetterCloud’s data through OAuth:

• I discover a Pokemon card that I want to buy
• The selling platform allows me to use a Google account to sign up
• I accidentally select my BetterCloud account instead of my personal account

And that’s kind of it. Suddenly, my BetterCloud credentials are in the hands of an app developer who’s using an SSO mechanism that’s riddled with vulnerabilities. While I might gain the luxury of not having to sign up for a service, I’ve also unwittingly exposed my employer’s data to any number of hackers.

Apps gain indefinite access to your organization’s data

When I sat down to write this article, I did a lot of reading about SSO session timeouts. Typically, session lengths can be anywhere from one to 12 hours. I thought that sounded good until I realized that I was conflating “session length” with “account lifespan.” And according to Farrell, an account you create with SSO lasts for an indefinite amount of time—which means that apps gain an indefinite amount of access to your company’s data.

For most apps, this probably isn’t a horrible outcome. I very much enjoy logging into workplace apps like Slack and Marketo with just a click of a button. But it’s no secret that SSO is prevalent across even the most half-baked apps on the planet. It’s also not breaking news that users can sign up for just about anything with SSO without having to consider the security risks involved. 

Indefinite accounts with popular (and secure) workplace apps are less of a concern than the countless number of unsanctioned apps that we can sign up for using SSO. Raise your hand if you’ve ever signed up for a free trial of a service, decided you didn’t like it, and quickly deleted it from your memory. While it might not cost you any money to keep that account open, it also means that your account is still active—and more worrisome, your credentials are still ripe for the picking by a bad actor.

It might seem impossible to keep track of how many random applications users across your organization are using work credentials to sign up for. This is the part where I show you how BetterCloud helps you gain visibility and control over this level of madness.

Using BetterCloud to discover risky OAuth apps

Are you surprised that we’re wrapping up this article by showing you how to mitigate the risk of OAuth with BetterCloud? Neither am I.

BetterCloud’s Discover functionality gives you a deep understanding of all the SaaS applications in use across your organization. This includes apps that IT has approved, as well as any apps that employees have granted OAuth access to unwittingly. 

In the screenshot below, you’ll see the following fields about each OAuth app that’s currently running in your cloud environment, including:

• Application (Name)
• Category
• Status
• New, In Review, Sanctioned, or Unsanctioned
• Discovered By SSO or OAuth
• Discovered Date
• Users
• Integration 
• Permissions

Not only does this give IT the visibility it needs to understand which apps are running in your organization’s cloud environment, but it enables your team to be more proactive when it discovers a risky OAuth application in your stack. 

Speaking of being proactive, we recently discussed how BetterCloud’s Alerts feature gives you an automatic heads up about any changes or issues related to users, files, or groups within your organization. At the risk of sounding like an infomercial, this means IT doesn’t need to constantly stare at the Applications dashboard in case something goes awry.

OAuth apps are a deceptively large risk to your SaaS environment. This is one of several reasons why IT leaders are embracing a zero-touch IT mindset to help them discover questionable applications, take proactive steps to manage them, and ultimately create a more secure cloud environment for their organizations.

Want to learn more about how BetterCloud can help you discover, manage, and secure your entire SaaS environment? Schedule a demo.

With no time to research or compare tools, SaaS was adopted and deployed at breakneck speed. As each new challenge arose, IT scrambled to find a tool and implement it as fast as possible. For many IT teams, the SaaS whack-a-mole game lasted for far too long, as working remotely for “just a few weeks” became “the new normal.”

Managing and securing all of these new SaaS apps added a ton of work to IT’s already-full plate. The rapid pace of SaaS adoption left IT to deal with overloaded work days, 1000s of open browser tabs, never-ending ticket queues, and frustrated remote workers. 

Now that the pandemic is becoming endemic, IT leaders are seeking to solve these challenges (and save their team’s sanity) by “right-sizing” their SaaS portfolio and getting control of the sprawl. 

In fact, Gartner has identified management confluence as one of the “Top 6 Trends Impacting Infrastructure and Operations for 2022.” In this article, Gartner contributor Katie Costello discusses how the consolidation of multiple solutions into one comprehensive management tool can reduce costs and improve ROI.

Gartner even recommends a three-step process to achieve this: inventorying current tools in use, identifying potential areas where tools can be combined, and leveraging unified automation from a single dashboard.

An all-in-one SaaS management platform can easily do the work of multiple tools to become the workhorse of your IT department. With centralized SaaS visibility, automation, and security in one platform, an SMP’s value scales over time as you leverage and extend more of its capabilities.

However, if you don’t know what a fully featured SaaS management platform should truly be capable of, you can easily end up with a cobbled-together web of point solutions. 

To learn what you need to know to make an optimal decision for your IT department, let’s walk through the following:

1. What should an all-in-one SaaS management platform be able to do?
2. How does an SMP compare to a SAM, CASB, IAM, IGA, or iPaaS? 
3. Why does your IT team need an all-in-one SaaS management platform?
4. How can IT leaders leverage an SMP to drive value?

What should an all-in-one SaaS management platform be able to do?

To get started, let’s quickly review the Gartner definition of a SaaS management platform, and its core capabilities. In the 2021 edition of its Market Guide for SaaS Management Platforms (SMPs), Gartner defines SMPs as stand-alone tools that can discover, manage, and secure multiple SaaS applications from a central admin dashboard, delivered as a turnkey service.

The graphic below shows all of the functionality that a fully featured SMP like BetterCloud provides.

Discover: An SMP should serve as a single, centralized location that pulls in data from various sources to provide full visibility of your IT environment. It should be able to show you every app employees are logging into—even shadow IT. You should also be able to see the way each app is being accessed, such as OAuth or via SSO. The insights provided by an SMP should enable IT leaders to optimize their SaaS purchasing decisions. 

Manage: From centrally managing all of your SaaS apps without having to log in to each separately, to implementing role-based controls, an SMP should be a “one-stop shop” for all of your SaaS management activities. To save time and reduce errors, an SMP should include powerful automation and orchestration capabilities. Any member of your IT team should be able to use an SMP’s no-code builder to orchestrate workflows that automate employee onboarding, offboarding, and internal job changes.

Secure: From insider threats to data loss prevention, an SMP should be able to secure your IT environment in multiple ways. Using the information it pulls in from connected apps, it can quickly locate sensitive or proprietary data, giving you valuable insight into which app it is located in and who owns the file. An SMP should also send you real-time security alerts, such as when files are shared with outsiders (such as competitors), and or when too many administrative-level accounts have been created. Security-related workflows created in the SMP should automatically remediate policy violations to enable your IT environment to “heal itself.” 

The summaries above only just touch on the deep capabilities of a fully featured, all-in-one SaaS management platform. When evaluating whether or not an SMP is a good fit for your IT department, you should make sure the platform truly delivers everything Gartner says it should.

How does an SMP compare to a SAM, CASB, IAM, IGA, or iPaaS? 

Every IT environment experiences the challenges of SaaS management in different ways. Security and compliance requirements can also greatly affect IT’s choice in what solutions they can and should use. 

The graphic below shows where the functions of a SaaS management platform sit in relation to other platforms and the services they provide.

SMP vs. SAM: Similar to most SAMs, BetterCloud provides a centralized way to see all the apps in your environment, enabling you to optimize spend by right-sizing your license allocation. However, an SMP should provide far more than just a way to just track licenses. To go a step further and ensure licenses are always reclaimed quickly and accurately, an SMP can orchestrate complex workflows that automate account removal and creation. SMPs should also help secure your IT environment by allowing you to uncover risky apps and automatically revoke their access.

SMP vs. CASB: Most of BetterCloud’s mid-market and SMB customers do not need any additional platforms to create and enforce a robust set of IT security policies. Larger organizations, or those with very high compliance requirements, sometimes deploy a CASB alongside an SMP to create a single control point for SaaS application data flow.

SMP vs. IGA/IAM: Some BetterCloud customers leverage IGAs and IAMs to determine whether a new user can have access to an application based on company-specific policies. For most SMBs and mid-market companies, they are able to benefit from centralized and automated SaaS management without the need for one. 

SMP vs. iPaaS: iPaaS platforms are often capable of automating some of the granular SaaS management tasks that an SMP can. However, because iPaaS don’t ingest and analyze data, orchestrating a lengthy automated onboarding or offboarding process leads to incredibly long, complex workflows that often require a developer to manage.

For a more in-depth look at where BetterCloud fits in this provider ecosystem, check out our article on how BetterCloud fits into your tech stack.

Why does your IT team need an all-in-one SaaS management platform?

Like we reviewed above, the marketplace for ways to solve many of the challenges of SaaS management is filled with providers and acronyms. 

You may find yourself in an IT department that already has a point solution in place, thinking you may not need everything an SMP offers. You could also be attempting to compare products that all claim to be tools for “SaaS management,” and struggling to uncover their true differentiators.

A true all-in-one SMP like BetterCloud is purpose-built for IT’s specific needs and requirements, seeking to address their most urgent operational challenges. 

Many of the point solutions in the market are built to deliver value for other business units or end users. For example, SAMs were created primarily for heads of finance and accounting. Most iPaaS are created to save developers time, not automate hardware procurement or user lifecycle management.

By leaving a fully featured SMP out of the mix, you will miss out on key opportunities for optimization. Worse, you could be leaving your company’s data vulnerable to misuse or theft. 

Extremely detailed spend tracking can save money, but so does reclaiming licenses immediately after an employee departs. Quickly revoking access to all those apps and shared resources also protects sensitive data and makes it easier for your security team to pass compliance audits.

Simply optimizing spend will leave your IT environment vulnerable to well-meaning employees that log in to risky apps with their work credentials or share proprietary information with outsiders. Without the ability to easily orchestrate complex workflows, your IT team will keep spending far too much time as “ticket-takers.”

To keep your environment as secure and efficient as possible, it is important that your SMP have the power to address IT’s most pressing challenges.

How can IT leaders leverage an SMP to drive value?

When BetterCloud customers take full advantage of everything it has to offer, they can drive tremendous value in their company. Let’s walk through the benefits experienced by just one customer, a growing company with 1,200 employees that is saving over $1.12 million annually.

• After their IT team saw all their apps in one place, they gained important insights into what was and wasn’t being used. They are now saving $140,000 per year through license optimization.
• They used BetterCloud’s zero-touch automation capabilities to create a self-service SaaS access portal. As a result, they realized productivity gains of $796,000 annually as employees no longer had to wait for IT to manually grant app access. 
• By automating their onboarding, offboarding, and mid-lifecycle change processes, they save $184,000 annually in IT staff time.
• Their operational efficiency improved so much that two full-time employees could refocus their responsibilities to support go-to-market efficiency and revenue growth.
• The company’s sensitive and proprietary data is now being protected with proactive monitoring and automated remediation policies on over 4,000,000 files.
• They identified and revoked OAuth access to 312 risky apps that did not meet security standards. 
• To implement a least privilege access model, they reduced the number of users with super admin access from 15 to 3. 

While every BetterCloud customer doesn’t always realize over $1 million in savings, the stats above highlight all the different ways a SMP can deliver value. From efficiency to security, a fully featured SMP is a single platform that provides multiple, far-reaching benefits for IT.

To get a sneak peek at what BetterCloud can discover about your IT environment, schedule a free, personalized SaaSOps assessment.

Since 2012, we’ve been surveying IT professionals and publishing research to better understand what the shift to SaaS means for IT, end users, and the broader organization. Every year we explore IT’s biggest challenges and concerns, trends in SaaS adoption, and what the future holds—making this the industry’s largest and longest running research of its kind. 

This year’s survey of 523 IT and security professionals reveals the latest challenges of managing SaaS at scale, particularly as digital transformation catapulted forward in 2021—and IT kept the momentum going. It also sheds new light on SaaS file security, the state of SaaSOps automation, the workplace of the future, and more. 

Here’s an excerpt from the report.

Key takeaways

1. SaaS adoption continues to explode. The average organization uses 110 SaaS apps this year, up 38% from an average of 80 apps last year. 
2. More SaaS brings more SaaS management challenges. More than half of respondents (55%) say the top challenge to solve in their SaaS environment is lack of visibility into user activity and data. Additionally, nearly a third of respondents said they waste 20-39% of their total SaaS spend on unused or underutilized SaaS licenses. 
3. IT is facing new SaaS security concerns and challenges. This year, as SaaS file security violations spiked 134%, over half (55%) of respondents say their biggest security concern is not knowing where sensitive data exists.
4. Every organization will eventually become a SaaS-Powered Workplace. SaaS has crossed the chasm. While many organizations are still in the early stages of their SaaS adoption journey, at some point, every organization will be powered by SaaS.
5. Levels of SaaSOps automation will nearly double in the next three years. SaaS-Powered Workplaces report that today 45% of their routine SaaS operations is already automated and estimate it will rise to nearly 80% in three years.
6. In response to the past year, IT’s role is becoming more strategic. 76% of respondents report being more or much more strategic over the last 12 months.
7. The SaaSOps role will be critical to every IT team. All told, 60% of IT professionals already have “SaaSOps” in their job titles/descriptions or plan to add it in the future—a whopping 100% increase from last year.

SaaS adoption continues to explode, as organizations use an average of 110 SaaS apps in 2021

As organizations continue to embrace (and accelerate) their digital transformation journeys, SaaS adoption remains unabated. Up from an average of 80 apps last year, this year organizations use 110 apps, for a 38% increase. This is nearly a 7x increase in SaaS app usage since 2017, and almost a 14x increase since 2015.

The biggest SaaS management challenge? Lack of visibility

More SaaS brings more challenges. 

The number one challenge according to our respondents is lack of visibility into all user activity and data. What data are users downloading, sharing, exporting, and forwarding? What apps are employees using? 

Without visibility and actionable insights into their SaaS environment, IT is flying blind. And as SaaS adoption continues to massively climb, these challenges only compound.

Lack of visibility results in wasted SaaS spend

Forty-two percent of respondents said finding unused or underutilized SaaS app licenses was one of their most crucial challenges to solve. And indeed, 80% of respondents concede that some percentage of their SaaS spend is being wasted. 

License waste comes in many flavors. It could be the apps that go unloved and unused. It could be similar apps solving the same use case, like having six different project management apps across the business. It could be different departments using the exact same app, only with different accounts. In all of these cases, there are massive untapped opportunities to cut costs and properly allocate licenses. But without visibility, it’s incredibly difficult to identify these opportunities.

So how much of total SaaS spend is wasted on unused or underutilized SaaS licenses? Nearly a third said between 20-39%—which can mean thousands (or even millions) of dollars, depending on your SaaS spend.

Top SaaS security concerns: not knowing where sensitive data lives, unsanctioned apps, and more

The biggest security concern plaguing IT when it comes to SaaS is not knowing where sensitive data exists. If you don’t know where your data resides, you can’t protect it.

Additionally, it’s never been easier for end users to procure and deploy SaaS by themselves. Nearly three-quarters (69%) of our respondents worry about unsanctioned SaaS apps creating security issues.

This year SaaS file security violations have spiked 134%, and the number of files containing PII has grown 1944% year over year.

SaaS cuts both ways. While SaaS is a gamechanger for productivity, it also gives employees new levels of control over critical company assets. And with this new control come new risks related to app misconfigurations, excessive permissions, and uncontrolled file sharing.

The well-meaning but negligent employee poses the biggest data loss threat—by far

According to our respondents, the greatest risk to data loss isn’t the hoodie-wearing hacker or disgruntled employee. 

Overall, a whopping 72% of organizations feel that the greatest risk to data loss is the well-meaning employee who unwittingly shares sensitive information. These employees have good intentions and are just trying to do their jobs, but often lack the training or knowledge to keep sensitive information safe.

Employees who are merely trying to get work done or circumvent friction may share data publicly across the organization (or even publicly on the internet) without realizing the implications of their actions. Because they have access to confidential data and systems, it’s critical to implement thoughtful and thorough security training and develop a healthy security culture. 

Every organization will eventually become a SaaS-Powered Workplace

As SaaS adoption continues to reach dizzying heights, a new type of workplace has clearly emerged: the SaaS-Powered Workplace. These are organizations that are running almost entirely on SaaS. But of course, not every organization is as reliant on SaaS yet. Three segments stood out in our study, all with varying levels of SaaS maturity, which illustrate how the digital workplace is evolving:

Many organizations are still in the early stages of their SaaS adoption journey. But the data clearly reveals that they too are trending in the same direction as SaaS-first workplaces. SaaS has crossed the chasm—and at some point, every organization will become a SaaS-Powered Workplace.

Levels of SaaS automation will nearly double in the next 3 years

Given how time consuming it is to manage manual work, wrangle SaaS sprawl, and secure data, IT teams are increasingly turning to automation. The top benefit that IT teams expect from automating SaaS management? Improved operational efficiency.

SaaS automation will make big gains over the next few years. SaaS-Powered Workplaces report that today 45% of their routine SaaS operations is already automated and estimate it will rise to nearly 80% in three years. Workplaces in Transition and Traditional Workplaces, too, expect to double their automation levels.

Any organization adopting SaaS will eventually face the same operational challenges that come with discovering, managing, and securing SaaS apps, users, and files at scale. As SaaS apps proliferate, IT is beset with more and more manual tasks. And as SaaS-Powered Workplaces have learned, automating SaaSOps is the only way to scale and create more capacity.

In 2021, IT’s role (finally) shifted from functional to strategic—and will continue growing in importance

Amid the accelerating pace of technology and explosion of SaaS adoption, IT is helping organizations address new challenges and evolving its role from ticket taker to tech enabler. To continue driving momentum and enabling their modern workforces, IT changed to think strategically—as 76% told us.

In the past year, they’ve become less reactive, more proactive. They’re participating in strategic planning, driving customer outcomes, and becoming trusted strategic partners to the business, ultimately leading the way to tomorrow’s workplace.

The SaaSOps role will be critical to every IT team

Additionally, SaaSOps is increasingly influencing the evolution of job titles. All told, 60% of IT professionals already have “SaaSOps” in their job titles/descriptions or plan to add it in the future—a whopping 100% increase from last year. For many respondents, SaaSOps is where they’ll realign their career goals, if they haven’t started to already.

Workplaces in Transition and Traditional Workplaces are more established organizations with legacy infrastructure—and they, too, recognize the need to hire for SaaSOps roles and skills. 

The future of SaaSOps is now.

Download the full report to learn: 

• The current state of SaaS adoption across organizations of all sizes
• The top five most common types of sensitive data stored in cloud apps
• File sharing settings benchmarking metrics by industry
• The strategic projects your peers are working on by automating more
• The future of SaaSOps
• And more

Regardless of whether you’re a SaaS-Powered Workplace, Workplace in Transition, or Traditional Workplace, download the report and see how you compare.

To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.

In fact, a 2020 Microsoft study found that remote collaboration is harder than in-person collaboration. And as distributed and remote work become the norm, organizations are increasingly relying on SaaS tools to connect, collaborate, and maintain human connection.

Many companies have turned to Miro, the leading online collaborative whiteboard, to help. The platform’s infinite canvas enables its 20M+ users to lead engaging workshops and meetings, design products, brainstorm ideas and more, all in real time.

We’re thrilled to partner with Miro to help teams innovate and co-create from anywhere around the world. Our integration with Miro enables IT teams to streamline user lifecycle management (ULM) processes, providing end users with a frictionless experience as they use Miro.

With this integration, IT teams can take the following actions for Miro users and use them as steps in automated ULM workflows:

• Invite User to Team
• Grant Team Admin
• Revoke Team Admin
• Remove User from Team
• Update User Board Role
• Create Board
• Invite User to Board
• Transfer Board Ownership
• Remove User from All Boards
• Remove User from Board

This integration—borne out of customer feedback and used by customers like Helix, Palmetto, and Tink—is an example of how IT can better manage their SaaS apps with a SaaS management platform (SMP).

BetterCloud’s integration with Miro allows IT to take more granular actions, specifically at the team level, to administrate Enterprise users across teams, as well as orchestrate teams, users, and boards. By granting the ability to take action through unique team names with one method of authentication, it allows IT admins to save time on a previously tedious process and manage their SaaS apps more effectively.

Our partnership will enable our mutual teams to showcase how BetterCloud and Miro create value for IT and end users alike. We are excited to partner with Miro to help your teams work better together, any time, anywhere.

For more IT insights and inspiration, check out these resources:

• [Webinar recording] Building the right tech stack for hybrid work | Hear how IT leaders from Atlassian, BetterCloud, and Dropbox evaluate, choose, and manage the right tools for their company’s workflows.
• [Community] SaaSOps Community | Join over 5,000 IT pros. Engage with like-minded peers, find answers, and find friends.

For instructions on how to integrate Miro with BetterCloud, check out our Help Center article.

To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.

In 2020, remote work became widespread, speeding digital transformation and SaaS adoption. And with the rise of SaaS, employees expect to collaborate and share files in order to do their jobs. This rapid realignment means that file security has never been more important.

To understand SaaS file security today, we surveyed more than 500 IT and security professionals and examined internal BetterCloud data from thousands of organizations and users—all to understand top challenges, concerns, and the magnitude of data loss and sensitive information leakage.

Here’s an excerpt from our report.

6 key findings

1. Lack of visibility into SaaS data plagues IT: Nearly half of organizations say their top security concern is not knowing where sensitive data lives.
2. Well-meaning but negligent users are the biggest data loss risk: More than 70% of organizations say the biggest data loss risk is the well-meaning but negligent employee.
3. IT doesn’t trust users with company data: Only 35% of respondents trust end users to responsibly share and store company data.
4. Securing user actions within SaaS apps is hard: Nearly half of respondents say they have difficulty securing users’ activities within SaaS apps.
5. SaaS file security violations are out of control: This year, as the world reopened for business, file security violations have spiked 134%, and the types of violations are rampant throughout the organization.
6. Organizations are rapidly adopting SMPs to solve SaaS file security challenges: 55% of organizations plan to use SMPs within the next 12 months.

In the past year, IT has experienced security policy violations, sensitive data exposure, and more

2020 shifted IT priorities more quickly
than ever before. As users moved to home offices, security took center stage.

And for good reasons:

More than half of very large organizations reported security policy violations in the past 12 months.

Additionally, nearly a third reported that users publicly shared sensitive data. Finally, 20% had compliance-related penalties, legal fees, or fines.

It all gives rise to the new importance of file security.

Lack of visibility into SaaS data plagues IT

Security concerns mirror this reality.

At the top of the list?

Nearly half of respondents report that they’re plagued by not knowing where sensitive data exists across their data sprawl.

Very large organizations, in particular, are concerned with insider threats. Meanwhile, large organizations are concerned about sensitive files being shared publicly.

Concerns around excessive admin privileges also ranked high on the list. While implementing a least privilege model is best practice, admin privileges can be difficult to right size, especially within SaaS apps.

Well-meaning but negligent users pose the biggest data loss risk

The biggest data loss risk is the well-meaning but negligent employee.

These employees have good intentions and are just trying to do their jobs, but often lack the training or knowledge to keep sensitive information safe. Negligent employees are by far the biggest threat for organizations of all sizes. However, it’s somewhat less of a concern for very large organizations, which likely trade productivity for security with the use of CASBs.

Securing users’ activities within SaaS apps is difficult

About half of respondents say they have difficulty securing users’ activities—and that includes file sharing—within SaaS apps. That’s not surprising, given how much employees can do within SaaS apps: everything from sharing data, downloading, exporting, editing, forwarding, deleting, and so on.

When it comes to SaaS file security, you can’t secure what you can’t see. So for organizations looking for the starting point: it’s visibility into the entire SaaS environment. This includes all users, all files, and all applications. Organizations with superior visibility are best poised to implement processes, policies, and automation to easily safeguard corporate data assets.

A dramatic rise in file security violations as the world re-opens for business

As life “returns to normal” and the world re-opens for business, file violations have spiked. An analysis of internal data from nearly 2,000 BetterCloud customers revealed a whopping 134% increase in the average number of file security violations from March 2021 to June 2021. With the rush to remote work, 2020 brought new SaaS file security requirements and user collaboration needs, as well as challenges for organizations of all kinds. It’s a salient reminder: As IT enables and empowers their organizations through the power of SaaS tools, they must also secure data in a way that maximizes user collaboration and productivity.

Download the full report to learn:

• How Google Workspace vs. Microsoft 365 users differ in end user trust and SaaS security difficulties
• The average number of file security violations per organization
• The tech stack commonly used to secure files
• Industry benchmarks for file sharing settings
• Recommended best practices to protect your SaaS data

To learn more about how BetterCloud can discover, manage, and secure your SaaS environment, request a demo.

But it can be a mixed blessing. While SaaS is a boon to productivity, it also gives employees new levels of control over critical company assets. And with this new control comes new risks related to app misconfigurations, excessive permissions, and uncontrolled sharing.

When we analyzed aggregate data from our customer base of 1,500+ companies, we found data exposed across popular workplace apps Google Workspace, Box, Dropbox, Slack, Microsoft OneDrive, and more.

Out of the 3.4 billion files BetterCloud monitors, an average of 41,645 files are being shared publicly at organizations of up to 750 employees. At large enterprises with thousands—and in some cases tens of thousands—of employees, the number is a whopping 367,317 files.

Today organizations trust their SaaS apps to house their most sensitive business data. To that end, we found over 3 million credit card numbers and over 4.5 million Social Security numbers stored within these apps, to say nothing of passports, driver’s license numbers, and more.

To be sure, SaaS providers have robust security practices in place. But there’s a key difference: SaaS platforms only secure their applications. IT departments must secure how they’re used. And this means getting visibility into how files are being shared, where sensitive data lives, where it’s exposed, who’s doing the sharing, and more.

Because SaaS was designed to foster productivity, users have full control over how they share data and with whom. Default sharing settings can also be broad—for some organizations, too broad. The nuances of sharing settings can also be confusing, as they vary from app to app. As a result, it’s easy to expose data, whether it’s done deliberately or or accidentally. In most cases, it’s the latter. According to 62% of IT professionals, it’s the well-meaning but negligent end users who pose the biggest security threat.

This data highlights two things:

1. The importance of end user training. It’s critical to invest in security awareness training and instill a culture of security that makes employees feel personal ownership
2. The ongoing challenge of monitoring thousands of files and sharing settings across hundreds—or thousands—of SaaS applications, which will only compound as SaaS adoption rises. A SaaS management platform can help detect file sharing risks and remediate them.

In the SaaS-powered workplace, getting visibility into file security is more important than ever. Ultimately, you can’t protect what you can’t see.

For more information on file security, check out these resources:

• [Research report] SaaS Data Security Report 2021: Top Risks in File Security
• [Webinar] SaaS File Security
• [Ebook] The SaaS Explosion: Hidden Costs and Security Threats
• [Blog post] How SaaS Management Platforms Reduce Security Risk

To learn more about how BetterCloud can help secure your SaaS environment, request a demo.

We rounded up 79 SaaS statistics for 2021 that show the bright future of SaaS, the growing challenges of SaaS management, the power of automation, and more.

SaaS statistics in 2021 show explosive growth of SaaS and all the benefits it brings

We’re seeing businesses adopt SaaS apps at an astounding pace. There’s no going back to legacy systems or the way we worked before—SaaS is here to stay. To demonstrate it, here are some key SaaS statistics for 2021.

1. Businesses today use an average of 80 IT-sanctioned SaaS apps, a 5x increase in just three years and a 10x increase since 2015. (Source)

2. Companies estimate 70% of the business apps they use today are SaaS-based. By 2025, 85% of business apps they use will be SaaS-based. (Source)

3. Gartner’s 2020 I&O Leaders Survey data shows that 70% of organizations are currently investing in SaaS and public cloud offerings and will continue to do so. (Source)

4. Statista predicts that the worldwide SaaS market size will reach $138 billion by 2022, a significant increase over the $101 billion market size it estimated in 2020. (Source)

5. Companies that have adopted cloud platforms report that they can bring new capabilities to market about 20-40% faster. (Source)

6. According to Forrester, 75% of business leaders cite improved business agility and 74% cite speed of implementation and deployment as the benefits that factored into their firm’s decision to move to pure SaaS. (Source)

7. The #1 technology that firms will invest/are investing in to aid digital transformation is SaaS. (Source)

8. According to Gartner, between 2017 and 2022, SaaS spending is expected to increase 241%. (Source)

9. In 2020, annual SaaS revenues now exceed $100 billion, having grown by an average 39% per year over a 10-year period but is only 23% of the total software market. (Source)

10. SaaS makes up a significant portion of total product revenue spend in major application categories:
– 88% of desktop and collaboration apps
– 83% of e-purchasing
– 76% of CRM (Source)

Challenges around discovering, managing, and securing SaaS

Okay, so SaaS is growing exponentially, unabated. But as businesses bet their futures on SaaS, there’s a lot riding on an IT organization’s ability to discover, manage, and secure SaaS environments that may include dozens or even hundreds of apps. Read on for more SaaS statistics for 2021 that you need to know.

Supporting digital transformation and a remote workforce

11. Gartner estimates that by 2024, 70% of IT organizations will lack the relevant roles, skills, and tools to support SaaS-enabled digital transformation. (Source)

12. $1 billion will be spent to support the new extended enterprise by 2022. (Source)

13. Home-based office workers in 2020 increased by almost 18x over 2019. (Source)

Discovering SaaS apps

Shadow IT and SaaS sprawl

14. IBM found that 1 out of 3 employees at Fortune 1000 companies regularly use SaaS apps that haven’t been explicitly approved by internal IT departments. (Source)

15. More than three-quarters (76%) of IT professionals see unsanctioned apps as a security risk. (Source)

16.  83% of IT professionals reported that employees stored company data on unsanctioned cloud services. (Source)

17. 80% of workers admit to using SaaS applications at work without getting approval from IT. (Source)

18. 33% of workers downloaded a personal application without IT approval and 36% accessed work applications on a non-work device. (Source)

19. Gartner research has found that shadow IT is 30-40% percent of IT spending in large enterprises, and other studies have found it comprises 50% or more. (Source)

20. 48% of people use apps that weren’t distributed by IT, with note-taking apps, project apps, and apps like WhatsApp and Dropbox regularly mentioned. (Source)

21. 67% of organizations said that at least half of technology purchasing is now controlled by business units. (Source)

22. 40% of IT spending takes place outside of the IT department. (Source)

23. 10% of apps are personal and not enterprise, according to BetterCloud Discover trials. (Source)

Redundant apps & wasted spend

24. At any point in time IT operations may be running with 25% or more of software going unused. (Source)

25. Approximately $34 billion in yearly licensing waste is generated each year between the US and UK. (Source)

26. As much as 38% of enterprise software is going to waste. (Source)

27. As many as 67% of app installations are wasted. (Source)

28. 10% of all apps were inactive with no users over 90 days according to BetterCloud Discover trials. (Source)

29. 15% of all apps were inactive with no users over 30 days according to BetterCloud Discover trials. (Source)

30. On average, organizations are likely paying 10-15% more for SaaS licenses than they should. (Source)

31. On average, companies have 135 redundant SaaS apps. (Source)

Managing SaaS apps

Mountains of tedious, labor-intensive tasks

32. 34% of IT teams spend half their week or more manually managing their SaaS environment (Source)

33. Over 40% of information workers spend at least a quarter of their week on repetitive tasks. (Source)

34. Nearly 70 percent of workers say the biggest opportunity of automation lies in reducing time wasted on repetitive work. (Source)

35. IT organizations spend an average of 7.12 hours offboarding a single employee from a company’s SaaS apps, which takes time and energy away from more strategic projects. (Source)

36. IDC estimates over 80% of an organization’s data will be unstructured data, such as documents, presentations, and spreadsheets, by 2025. (Source)

The power of automating manual work

37. In a Forrester study, automating SaaS security management and compliance resulted in a time savings of 20 hours per week. Additionally, risk exposure for documents and accounts was reduced by 50%. (Source)

38. Our research shows that in companies with 200-499 people, automating makes offboarding 136% faster. In companies with 500-999 people, it makes offboarding 151% faster. (Source)

39. 61% of IT professionals use or plan to implement IT automation technology within the next 2 years. (Source)

40. 59% of Fast Movers (top 20% of automation users) report redeploying engineers to higher value activities. (Source)

User lifecycle management: the importance of solid onboarding/offboarding

41. 20% of organizations had data breaches from ex-employees. (Source)

42. 36% of employees continued to have access to systems or data from a former employer after leaving the job. (Source)

43. Employees who felt their onboarding was highly effective are 18x more likely to feel highly committed to their organization. (Source)

44. 91% of those who received effective on boarding feel strong connectedness at work, compared to only 29% of those who had an effective onboarding. (Source)

45. 89% of those who received effective on boarding felt strongly integrated into their culture, compared to 59% of those who received an effective onboarding. (Source)

Securing SaaS apps

46. The top concern that IT professionals have around using SaaS is data security and protection against cybercrime. (Source)

47. Gartner estimates that through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data. (Source)

48. Gartner estimates that through 2024, the majority of enterprises will continue to struggle with appropriately measuring cloud security risks. (Source)

49. Gartner estimates that through 2025, 99% of cloud security failures will be the customer’s fault. (Source)

50. 45% of IT professionals say their department does both IT and security, reflecting the blurring lines between the two departments. (Source)

51. A 64% majority of organizations are lacking confidence in the state of their security posture. This is driven by inadequate visibility. (Source)

52. Only 14% of enterprises trust SaaS providers with hosting and managing encryption keys. (Source)

Data breaches & cloud misconfigurations

53. There were 1,001 data breaches in the United States in 2020. Over the course of the same year over 155.8 million individuals were affected by data exposures. (Source)

54. 82% of employees believe it would be possible to access sensitive company information they weren’t authorized to view. (Source)

55. Employees are 85% more likely today to leak files than they were pre-COVID. (Source)

56. File misdelivery (documents and email that ended up with the wrong recipients) ranks 3rd and app misconfiguration ranks 4th in causes of security breaches. (Source)

57. App misconfiguration errors as a source of security breaches within the human error category grew from 20% of errors in 2017 to more than 40% in 2019. (Source)

58. 73% of companies have at least one critical security misconfiguration. (Source)

59. Eight in 10 companies across the United States have experienced a data breach made possible by cloud misconfigurations, according to new research by IDC. (Source)

60. Over 80% of breaches that result from hacking involve brute force attacks (password cracking) or use of lost or stolen credentials. Nearly 90% exploit SaaS apps. (Source)

Visibility, access privileges & data privacy

61. 80% of organizations provide more access privileges than are necessary for users to do their jobs; 17% even say most or all users have too many privileges. (Source)

62. 90% of organizations believe that phishing and ransomware are the top threats facing their organization, but only half have sufficient visibility into these challenges. (Source)

63. 70% of enterprises list transparency on security capabilities as a top characteristic of best-in-class SaaS providers. (Source)

64. 93% of organizations say they must report privacy metrics, like privacy program audit findings, privacy impact assessments, and data breaches to the board. (Source)

Insider threats

65. 75% of IT professionals believe that the biggest security threats lie in cloud storage, file sharing, and email. (Source)

66. 46% percent of IT leaders believe that the rise of SaaS apps makes them the most vulnerable to insider threats. (Source)

67. Less than a third of organizations monitor abnormal user behavior across their cloud footprint. (Source)

68. Well-meaning but negligent end users pose the biggest security threat, according to 62% of IT professionals. (Source)

69. 91% of IT professionals feel vulnerable to insider threats. (Source)

70. 74% of C-level executives don’t think they’ve invested enough to mitigate the risk of insider threats. (Source)

71. 53% of cybersecurity pros say the shift to cloud makes detecting insider attacks more difficult. (Source)

72. 72% of organizations say insider attacks are more frequent over the last 12 months. (Source)

73. 65% of organizations experienced at least one insider attack within the last 12 months. (Source)

74. The average global cost of Insider threats rose by ​31% in two years​ to $11.45 million​, and the frequency of incidents grew ​47%​ over the 2 years. (Source)

To learn more about SaaS security, check out our SaaS Data Security Report 2021: Top Risks in File Security.

The future of SaaS usage and management

With SaaS statistics in 2021 showing soaring SaaS adoption and new challenges to grapple with, what does the future hold for SaaS usage and management?

75. Gartner estimates that by 2026, 50% of organizations using multiple SaaS applications will centralize management and usage metrics of these apps using a SaaS management platform (SMP) tool. (Source)

76. 28% of IT leaders are already using some kind of SaaS management tool to get visibility into shadow IT that is necessary to protect their data and systems. (Source)

77. Our research shows that on average, companies are ready to adopt a SaaS management platform once they use 33 SaaS apps. (Source)

78. Through 2024, enhancements in analytics and automatic remediation capabilities will refocus 30% of IT operations efforts, from support to continuous engineering. (Source)

79. Gartner predicts that by 2023’s end, 40% of organizations will have “anywhere operations” to deliver optimized and blended virtual and physical customer and employee experiences. (Source)

To learn more about how BetterCloud can help you discover, manage, and secure your SaaS environment, request a demo.

As part of this report, Forrester interviewed enterprise IT leaders to understand the current challenges and best practices for mastering SaaS at scale. Last week, BetterCloud’s Chief Strategy Officer Shreyas Sadalgi explored the findings of this report further with its author, Bill Martorelli, Principal Analyst at Forrester Research. Missed the live event? Let’s recap some of the key takeaways from their chat.

If you’d rather watch the entire recording of this webinar, click this link to check it out. It’s worth carving out some time to do so.

Why SaaS Operations Is Crucial

Raise your hand if your company uses between 20 and 80 SaaS applications. Now keep it raised if your biggest concerns include securing your SaaS environment and managing costs.

If your hand is in the air right now, you have a lot in common with most of the folks who attended last week’s webinar—and with the IT leaders that Forrester interviewed for this market research report.

Martorelli attributes the proliferation of SaaS to a few key factors:

• 57% of decision makers said they invest or plan to invest in SaaS as part of their organization’s digital transformation strategy.
• SaaS decisions are now strategic and have raised their profile on the company level.
• Remote work is here to stay. Martorelli predicts that even after a COVID-19 vaccine becomes widely available, remote work will increase by 3X.

As a result, Forrester found that enterprise IT leaders are particularly concerned about governing their growing SaaS portfolios. In addition to managing SaaS sprawl and variable usage, the threat of data security and cybercrime are greater than ever before.

Still, these are concerns for enterprises with a lot of SaaS applications, right? Not exactly.

Sadalgi polled the audience to see how many SaaS applications are in their environments. As the results came in, Martorelli mused that while some organizations have hundreds of apps at their disposal, smaller cloud-based environments are feeling the impact of the SaaS explosion.

“The concerns we hear about in regards to SaaS from our clients tend to emerge even for companies that are only using between 10 and 20 SaaS applications.” Bill Martorelli, Forrester Research

Clearly there’s a need for SaaS operations. But what are the key principles of SaaS operation—and how do you execute them at scale?

Principles of SaaS Operations

Based on its conversations with IT leaders, Forrester says there are five key elements of SaaS operations, which the report outlines in great detail. Martorelli focused on the following three during the webinar:

• Asset management. There are hundreds of SaaS solutions on the market, but many of the lessons we’ve learned about on-prem asset management don’t apply to a cloud-based environment.
• Cost management. Martorelli says that there’s a huge opportunity for IT to identify unused and redundant licenses.
• Security management. According to Forrester’s research, 64% of global enterprises have or are implementing their single sign-on portals to employees for SaaS-based app access.

Sadalgi really emphasized the importance of the security element, and for good reason. One customer Sadalgi spoke to told him that its offboarding process previously lived in an 11-page document, on which the word “click” appeared 65 times. Take a second to marvel at that story before we consider the very real security risk this presents.

Even the most skilled IT pros are prone to human error. The risk for a mistake in this scenario is very real—and Sadalgi pointed out that this could ultimately lead to a huge data breach.

Martorelli and Sadalgi agree that enterprises need a consolidated workflow management solution to manage and secure SaaS applications. But to their surprise, many of the attendees said that they’re still using spreadsheets to manage costs. Even more strikingly, 25% of respondents are still using scripts to handle administrative tasks.

One attendee noted that while they have automated workflows in place to manage users and apps, many of them still require manual work to get them started. Even worse, they don’t work for every app.

“A lot of people are trying to use out-of-the-box workflow platforms,” Sadalgi responded. “But what those platforms lack is the deep context you need. How do you feed meaningful information into workflow steps? That needs to be a part of a SaaS operations platform.”

Forming a Cloud Center of Excellence

Sadalgi and Martorelli wrapped up their conversation by addressing a critical question: What does a cloud center of excellence look like?

The IT leaders that Forrester spoke to for its report offered up a few practical tips to help their peers master SaaS operations. The list is long and worth checking out, but Martorelli highlighted a few in particular, including:

1. SaaS is no longer an afterthought. Martorelli says that SaaS has grown to the point that it now merits the attention that on-prem applications demand.
2. Prioritize the end-user experience. There are endless use cases for automation, but Martorelli argued that it could be a key component to improving the end-user experience.
3. Strive for highly automated and iterative SaaS operations. “Clearly automation is critical,” Martorelli said. “And we think this is the future for this area.”

Martorelli also urged the audience to dedicate a team to SaaS operations. Sadalgi was curious to know how many people organizations already have dedicated headcount for this function. Overwhelmingly, respondents said that SaaS operations isn’t currently anyone’s full-time job—and many others said that the work was split across different teams.

“Even if it’s not one person’s job right now,” Martorelli responded. “Getting someone into that role will be critical going forward.”

This was just a short recap of some of the major takeaways from the webinar, but there are many more that we didn’t showcase here. Want to dive into the entire conversation? Click here to watch the recording.