When Managing Hundreds of SaaS Apps is the New Norm

A single enterprise may own hundreds of SaaS applications; each with a particular spend and risk posture. Without a strategy, this sprawl will only continue to worsen.

What SaaS Management Really Means

As we enter the year 2020, what was once perceived as insanity is now the new norm. I’m of course referring to a single enterprise owning hundreds of SaaS applications; many of which are managed by different departments with varying levels of governance. If you’re a technology leader, architect, or executive keen on SaaS spend, you need a strategy beyond simply continuing to buy more and more applications. 

Spoiler alert: this article isn’t about forcing lines of business into rigid software centralization strategies nor is it about pinching pennies to the detriment of organizational speed and innovation. Rather, this article attempts to convey a simple SaaS governance lifecycle, a method to set goals and drive a rational strategy that balances governance and flexibility. 

Cue the Scary SaaS Statistics

No article on SaaS sprawl would be complete without scary statistics, right? So without further ado, here are 2019’s malevolent metrics:

  • The software as a service market is estimated to be worth a massive $116 billion US dollars (Statista)
  • Enterprise software growth grew steadily at 8.6% from 2018 to 2019 (Gartner)
  • Sales and marketing departments are the top spenders in mid to large-sized companies (Blissfully)
  • The marketing landscape alone hosts over 7,000 apps (Chiefmartec.com)
  • SaaS spend per employee is topping $13,000 annually (Cleanshelf)
  • Up to 30% of SaaS spend is wasted due to various complexities and redundant solutions (Cleanshelf)

These statistics go on and on. Yet the key takeaway is that as companies grow, they accumulate more and more (often overlapping) applications. Not only does this phenomenon add expense, it also increases an organization’s risk surface as each application hosts copies of corporate data. Finally, and perhaps worst of all, end-user productivity takes a hit when the average knowledge worker is required to use dozens of different tools in order to cooperate with various internal teams. For example, I myself have to use Confluence when working with engineers and Sharepoint when working with business people. I have Slack installed on my phone for technical conversations, and Skype for executive chats. Simply getting work done requires jumping through hoop after hoop; a difficult and painful experience due to these inefficiencies. 

SaaS Management Vendors

Landscape Overview

Ironically, in order to get our arms around so much SaaS, the solution (as you may have  guessed) may actually require more software. With so many software applications, we can no longer manage them one-by-one. Instead, they must be managed as a portfolio with some automation intelligence. As such, one needs yet another software tool to do the job. 

There are several categories for software management solutions on the market. To name a few:

  • EAM – Enterprise architecture management. Used by enterprise architects, these tools holistically manage enterprise artifacts such as software, business capabilities, processes, and vendors as portfolios. 
  • SAM – Software asset management. A general term used to refer to managing software assets, both on-prem and in the cloud. The newer generation of SaaS spend monitoring tools may be viewed as a subset of SAM as they’re primarily focused on cloud (versus on-prem) software usage monitoring. 
  • CASB – Cloud access security broker. A security-focused application which monitors and/or actively protects cloud solutions. CASBs typically provide data loss prevention (DLP), configuration monitoring, and suspicious activity detection. 
  • SaaS Management Platforms – Tools that focus on creating automated and repeatable SaaS operations such as onboarding and offboarding, consistently apply group membership and roles, and automatically populating group email distribution lists. 

As shown in the diagram below, many of these toolsets have overlapping functionality:

As with any enterprise software deployment, the central platform VS best-of-breed decision inevitably surfaces. A platform approach (such as a ServiceNow deployment) would likely check off many of the circles shown in the above diagram. Yet a best of breed approach using individual solutions would provide a richer feature set; at the expense of increased cost and complexity. 

Sample Vendors

With so much SaaS, it’s no surprise there are many SaaS management and spend identification vendors to choose from. A small sample of vendors offering SaaS spend analytic solutions include:

  • Flexera – Flexera has been in the software asset management game since its inception, and continues to build solutions to manage on-prem and cloud software. Moreover, Flexera is capable of managing software used internally as well as managing licensing entitlements for large software companies. 
  • ServiceNow – One of the heavyweight hitters on the market, ServiceNow is a true platform solution offering many different modules to satisfy SAM, EAM, and so on. ServiceNow’s roots are in IT service management, but over the years, ServiceNow has created innovative add-ons in the financial, contract, and GRC spaces. 
  • Zylo – Zylo touts themselves as belonging to the SaaS Management Platform camp, and have a respectable roster of deployments in well-known companies. Zylo is a SaaS pure play company focused exclusively on cloud software. 
  • The scrappy startups – These are the up-and-coming contenders in the SaaS management and spend analytics spaces. There are numerous upstart companies within this space, but just to name a few: Blissfully, Cleanshelf, Intello, Productiv, and SaaSi. 

Key Features to Look For

As noted, each SaaS management vendor will have a slightly different array of features to choose from. However, these four areas should be considered when shopping for solutions:

  • Cloud and/or on-premises coverage – Young companies of today were born in the cloud era, and have a very light on-prem software footprint. (Perhaps a few Adobe Photoshop licenses here-and-there and standard operating systems licenses on laptops for instance.) Conversely, mature organizations will have a much larger on-prem footprint, and must be weary of overconsumption by audit-prone software companies. Such mature organizations will likely need both on-prem and SaaS spend consolidated under a single pane of glass.
  • Shadow IT discovery – If we define “shadow IT” as technology spend occurring beyond the IT department, then most of the SaaS management solutions will find the spend when crawling financial choke points such as ERP accounts payable and expense reporting systems. However, if you intend to find software that eludes the spend choke points altogether (think freemium offerings with no payment trail) then a solution focused on SaaS spend probably won’t suffice. Instead, a lower-level security solution– such as a CASB, VPN client, or application-aware firewall– will likely be in order. 
  • Integrations – Integrations are what power SaaS management solutions, and there’s typically two flavors: financial integrations and deep integrations.
    • Financial integrations perform recon on billing systems, such your ERP system’s accounts payable module or your expense reporting tool, such as Concur. Once the bills are extracted, the SaaS management system correlates the billing codes to SaaS solutions. Additional analytical magic may be performed as well, such as correlating spend to departments or cost centers. 
    • Deep integrations crawl the SaaS solution’s APIs directly to obtain usage patterns. Deep integrations may also offer other functionality, such as lightweight automation or provide insights related to security risks such as publicly-shared files.
  • Usage insights -Typically achieved via deep integrations, usage insights may reveal that you’re using Salesforce Enterprise Edition with Lightning and Einstein AI enabled. Reports may then show that within the past 90 days, only 70 people have actively used 1000 seats. 

A Simplified SaaS Governance Lifecycle

Before you buy a SaaS management tool, you should really understand the lifecycle of SaaS governance at the portfolio (versus individual app-by-app) level. As with any business capability, SaaS management and governance isn’t as simple as buying a tool and calling it a day. 

Many SaaS management and SaaS discovery tools emphasize the identification phase of the SaaS governance lifecycle. In other words, they catalog which applications you have. Some of the more sophisticated SaaS management tools will go a step further by showcasing overlapping functionality or other opportunities of interest. (E.g. a report that shows you have seven different project management tools!) That’s all great, but it’s really just a piece of a broader puzzle.

The full lifecycle really consists of: identification, strategy, action, and measurement. 

1 SaaS Identification

Identification is about getting your arms around what your organization owns, typically by surveying the landscape; either manually or via a SaaS management tool. While this is where most SaaS management tools shine, it’s only the beginning of the SaaS management lifecycle.

In a way, SaaS identification is like a long-overdue doctor visit. The physical reviews blood work or other vitals and typically consults the patient to the effect of: “your cholesterol is quite high, and you really need to exercise.” In the enterprise world, the patient nods his head, says “thanks for the report, doc” then goes home and devours an extra large pizza.

2 SaaS Strategy

Strategy is where the hard work begins. As a software portfolio manager, you must create governance guidelines, compile software standards, and draw lines around where to say “no” to extraneous software spend. Strategy is also where you set goals to be measured later on in the SaaS management lifecycle. 

3 SaaS Action Plan

Once a high level set of goals and strategies are in place, you’ll need time-bound tactics to get the work done. Whether you’re trying to save money, reducing audit footprint, or minimize information security risks, there will likely be a resultant set of projects required to execute your strategy.

4 Measurement and Communication

As the name implies, measurement is about measuring how well you’re executing on your goals. Are you saving money? Killing off legacy or redundant applications? 

Communication on the other hand is about proactively articulating what apps are in the portfolio, educating users on preferred standards and platforms, and finally articulating the success of the SaaS management strategy itself; typically in the form of an internal QBR. 


For the mid to large-sized enterprise of the 21st century, managing dozens to hundreds of SaaS applications is the new norm. Like television programming which started off with just ten or twelve channels, we now have hundreds of options and going through each channel one-by-one requires intelligent automation. 

SaaS management tools offer help with governing SaaS sprawl, but are only a piece of the capability puzzle. We need processes, such as strategy and plans, in order to execute on a successful application rationalization plan.

Finally, the hardest part of SaaS management is related to the human element. While one shouldn’t immediately create overly-rigid rules, guardrail-like principles must be implemented in order to prevent anarchy and spend that spirals out of control.