The End of SaaS Management As You Know It

There’s a better, more compliant way to manage app- and permission-sprawl

by Alan Flores Lopez, Co-Founder @Lumos


Companies run on SaaS; but SaaS is also running the company. Employees want to get work done. They can’t wait for access to the tools they need to do their jobs. So companies grant access permissively. But too much access comes with a cost.

Compliance breaches, unnecessarily high SaaS license costs, increased risks from compromised employee accounts, and insider threats. These are just a few of the potential disasters that await when app access isn’t tightly controlled. But in a world where employees are rapidly adopting apps, IT teams don’t have the time to oversee and manage hundreds of apps.

To manage app access, IT teams turn to SaaS management solutions. While these tools do help IT gain some control over a company’s SaaS, they have major limitations. And now there’s a better, more compliant way to manage SaaS app and permission sprawl. It’s time to end SaaS management as we know it by automating access requests, reviews, and license management with self-service.

Welcome to the APPocalypse

Employee app adoption has skyrocketed. Currently, employees use an average of 110 SaaS apps [1], up from eight just five years ago. While these tools boost productivity and keep the company competitive, app sprawl has caused a massive IT headache. In the name of efficiency, everyone with a credit card is now an IT buyer and newly-minted shadow IT administrator.

These employee administrators aren’t responsible for compliance, security, or costs associated with non-sanctioned apps. But IT can’t manage apps it doesn’t know about. It’s an APPocalypse–and IT is left picking up the pieces.

60% of SaaS users are shadow admins [2]
52% of security settings in SaaS software are managed by the SaaS owners themselves [3]

Given these numbers, It’s no wonder that mid-sized companies are 490% more likely to experience a security breach by the end of 2021 than they were in 2019.

While this shadow IT ecosystem may work for a while, it only works until the bills land on the CFO’s desk, the company fails its SOC 2 audit, or there’s a security breach. Employees need productivity; IT must minimize cost and ensure security. These needs are often at odds.

Security, Spend, Speed: Needs by the Numbers

Companies are attempting to balance these goals with SaaS management strategies. But there are new ways to tackle the SaaS management problem. Context is key, so here’s an overview of traditional SaaS spend and user management tools.

88% of breaches are caused by human error [5]
1/3 of SaaS spend goes to waste [6]
59% of senior leaders prioritize organizational spend [7]

SaaS Spend Management

It’s no surprise that SaaS spend management is now standard business practice to help IT manage the SaaS portfolio. IT teams must know which apps employees are using in order to reduce spend. Saas spend and spend management tools help them maintain control of app purchasing, licensing, and renewals as well as remove duplicate apps and unused licenses to cut costs.

SaaS spend management startups are emerging to help companies manage the APPocalypse including Productiv, Torii, Zylo, Blissfully, and Intello.

While SaaS spend management platforms are a huge step forward, these tools alone cannot meet IT’s security and compliance goals. After all, IT doesn’t just manage SaaS spend. They must also manage every event in the employee user lifecycle, from onboarding to role changes to offboarding.

SaaS User Management

SaaS user management tools help IT teams automate user permissions. Tools, such as BetterCloud and Okta Workflows, allow them to manage provisioning and deprovisioning, role changes, and any other permissions for all of a company’s apps. SaaS management solutions automate day-one onboarding and grant employees access based on pre-configured roles.

They also deprovision terminated employees, ensuring compliance standards are met. For example, SOC 2 requires companies to offboard a terminated user within a specific time period after their last day.

SaaS user management tools are a great start for managing app access. However, they don’t solve the entire problem.

Overprovisioning: Pre-configuring app workflows results in over-provisioning., which means Employees keep access to tools or permissions longer than necessary. A recent survey revealed that 67% of IT teams over-provision, yet 72% admitted that security is their biggest concern when they do [8]. SaaS user management doesn’t offer a simple method for regular access reviews and deprovisioning when access is no longer needed.

43% of cloud identities are abandoned or unused
44% of SaaS software user privileges are misconfigured [9]

Underprovisioning: Employee responsibilities change (sometimes often!). They quickly need more app access and permissions than initially received. So, employees submit IT tickets to request additional access.

IT teams respond to the influx of support ticket requests by configuring more workflows in the SaaS user management system. However, there are hundreds of apps and permissions. Configuring all of these permissions is impossible, it doesn’t scale, and trying to do so makes IT a bottleneck.

25% of IT tickets are requests for access, even with SaaS user management tools in place.

In short, SaaS spend and user management tools are helpful–to a point. They can discover shadow IT apps, benchmark usage, and help companies identify cost savings. They can even automate app provisioning and deprovisioning. However, they can’t eliminate the access request support tickets and help companies tackle the cost, security, and compliance problems that come with overprovisioning.

So what’s the solution to SaaS management that meets employee and IT needs? Lumos Self Service.

Self-Service SaaS Management: Efficient, Compliant, and Cost-Effective

Lumos Self-Service is the solution for effective SaaS management. Think about a smartphone. Similar to a SaaS user management tool, any new phone comes with a number of pre-installed apps based on geo location. Consumers can then visit the app store to browse and download apps, which is just like self-service provisioning. Lastly, similar to a SaaS spend management tool, users have single pane visibility into all subscriptions. Users can manage data sharing from the ‘settings’ function and granularly manage app permissions, such as location sharing for Facebook.

Self-Service works for consumers–and it’s the way for companies to manage apps. While it has spend management and user management functionality, it addresses the pain points that these tools don’t.

Underprovisioning: Instead of creating a ticket, employees go to the Self- Service app store and pick the right apps and permissions they need.

Overprovisioning: A self-service platform gives IT control over who can request which apps, the level of approval they need, and for how long. This makes quarterly audits a breeze.

Scalability: Self-Service allows employees to request what they need, so IT no longer needs to pre-configure workflows for hundreds of apps.

With Self-Service, IT and employee needs are no longer at odds. Employees never have too little or too much access. They’re more productive because they’re no longer waiting on IT for app access. IT can keep costs low and security and compliance high–all without a huge investment.

Lumos: SaaS Management Done Right

Lumos introduced self-service SaaS management. By combining the most important features of SaaS spend and user management tools with Self- Service, Lumos increases workforce productivity and compliance readiness. No more IT access request tickets. No more app permissions sprawl. No more scrambling to pull together information for an audit.

With Lumos, employee productivity is no longer sacrificed for security, costs, and compliance.

Like SaaS user management tools, Lumos helps with auto-on/-off board employees to apps & permissions. Unlike SaaS user management tools, Lumos’ Self-Service capabilities automates access requests for employees by orchestrating access approval workflows and logs.

The Lumos Way

• Manage all software access by automating vendor management, app provisioning, and access reviews.
• Get full visibility into the company’s app environment (including shadow IT) and save costs by auto-removing unused licenses.
• Accelerate access requests and implement least-privilege access with your own internal Self-Service AppStore.
• Fulfill audit requirements by automating time-consuming access reviews with self-serve workflows to app owners or managers.

Effective SaaS management is no longer just about licenses or user lifecycles. Self-Service is the way forward – and it’s the only way to overcome the APPocalypse.