August 27, 2024
3
MIN READ

SaaS Governance for CFOs: Why Collaboration with IT Matters

Procurement

SaaS governance is essential for CFOs to collaborate with IT in managing SaaS applications to control costs, mitigate security risks, ensure compliance, and optimize software usage across the organization.

by
Brad van Leeuwen

“Who's in charge of managing our SaaS applications?" As a CFO, this question might keep you up at night, and for good reason.

Ignoring SaaS governance is like letting your teenagers loose with your credit card – it might seem harmless at first, but before you know it, you're drowning in unexpected expenses and wondering where all your money went.

According to our recent study, companies think they have an average of 66 SaaS subscriptions, but 59% of respondents believe their company uses an average of 93 additional subscriptions that senior management is unaware of. 

Talk about a surprise party for your budget!

But it's not just about the money. Unmanaged SaaS can also expose your company to compliance risks, security threats, and data silos.

In this guide, we'll cover everything you need to know about SaaS governance so you can avoid costly surprises, mitigate risks, and optimize your SaaS spend. 

Let's dive in.

Take control of your SaaS

Stop wasting time tracking expenses and start making informed decisions.

Get Started Free

The True Cost of Unmanaged SaaS

Hint: it's more than just your monthly subscriptions. Now, you might be thinking, "Sure, SaaS governance sounds important, but do I really need to worry about it? Can't I just let each department manage their own SaaS apps?"

The short answer is no. Without proper governance, your company can fall victim to a host of issues, including:

1. Budget Overruns

When SaaS subscriptions are left unmonitored, costs can quickly spiral out of control. Before you know it, you're paying for duplicate subscriptions, unused licenses, and premium features you don't really need.

2. Security Risks

SaaS applications often contain sensitive data, from customer information to financial records. Without proper access controls and security measures, this data can be vulnerable to breaches, leaks, and cyberattacks. And let's face it – nothing ruins your day like a call from the FTC about a data breach.

3. Productivity Pitfalls

When your employees are using a mishmash of SaaS applications that don't play nicely together, productivity can take a nosedive. Data silos, manual workarounds, and constant context-switching can eat up valuable time and energy that could be better spent on more strategic tasks.

The bottom line? Unmanaged SaaS is a recipe for disaster – and it's up to you to make sure your company doesn't become another statistic.

Understanding SaaS Governance

In simple terms, SaaS governance is the set of policies, processes, and tools that organizations use to keep their SaaS applications in check throughout their entire lifecycle, from procurement to retirement.

This life cycle typically consists of four key stages:

  1. Procurement: Identify, evaluate, and select SaaS applications that align with business needs, security requirements, and compliance obligations.
  2. Deployment: Implement selected SaaS solutions by configuring applications, integrating with existing systems, and rolling out to end-users with proper training and access controls.
  3. Usage: Monitor usage, performance, and metrics like user adoption, software license utilization, and cost optimization. Conduct regular security assessments and compliance audits.
  4. Retirement: Decommission obsolete applications, ensure data backup and archiving and terminate remaining licenses or subscriptions.

Effective SaaS governance provides a framework for managing each of these stages in a consistent, repeatable, and auditable way, ensuring that SaaS investments deliver maximum value while keeping risks in check.

Why CFOs Need SaaS Governance

Think about it – when was the last time you had a clear picture of all the SaaS applications being used across your company? Do you know how much you're spending on licenses, who has access to what data, and whether you comply with the latest privacy regulations?

If the answer is "no," you're not alone. 

Here are just a few of the ways a strong SaaS governance strategy can help you as a CFO:

Better Data Management:

When Finance and IT work together to establish clear policies and procedures around SaaS data management, you can finally get a handle on where your data lives, who has access to it, and how it's being used. No more silos – just clean, consistent, and secure data across all your SaaS applications.

Regulatory Compliance:

With new privacy regulations popping up faster than you can say "GDPR," staying compliant is more important than ever. But when you have a SaaS governance framework in place, with regular audits and controls, you can rest easy knowing that your company is staying on the right side of the law – and avoiding costly fines and reputational damage.

Efficient Vendor Management:

Managing SaaS vendors can be like herding cats – each one has its own contract, its own pricing model, and its own renewal date. But with SaaS governance, you can control the entire vendor management process, from procurement to payment. That means better prices, better terms, and better performance – all while reducing risk and complexity.

The bottom line? SaaS governance isn't just an IT problem – it's a Finance problem too. In fact, when Finance and IT find alignment on SaaS governance, the benefits trickle throughout the entire organization.

The 4 SaaS Governance Models

What are the different approaches organizations can take to govern their SaaS applications?

Here are the most common models for implementing SaaS governance:

Centralized Model 

Best for: Smaller organizations with a limited number of SaaS applications and a high sensitivity to risk.

In a centralized governance model, a central IT team has full ownership and control over the entire lifecycle of SaaS applications, from procurement through retirement.

The centralized IT team is responsible for:

  • Evaluating and selecting SaaS solutions
  • Negotiating contracts and pricing
  • Ensuring security and compliance
  • Managing user provisioning and access control
  • Monitoring usage and spending
  • Handling renewals or terminations

The benefit of this model is that it ensures tight control, standardization, and vet applications for security and compliance, secures favorable terms and pricing, and prevents redundancy.

The downside is that it can limit the agility and responsiveness of business units and may feel constrained by the pace and policies of central IT.

Decentralized Model 

Best for: Larger organizations with diverse business units and a "cloud-first" mindset.

In this model, the role of central IT shifts from gatekeeper to enabler. Rather than blocking or dictating SaaS use, IT provides guidelines, guardrails, and light oversight to help business units make informed decisions.

For example, IT might publish a list of pre-vetted, approved SaaS applications that business units can choose from. Or they may define a set of security and compliance requirements that any new SaaS application needs to meet.

The benefit of a decentralized model is that it helps business units to move fast, finding and deploying SaaS applications that meet their specific needs. 

The risk is that it can lead to a fragmented and redundant SaaS portfolio with inconsistent controls and hidden costs. 

Hybrid Model 

Best for: Medium to large organizations that want to balance control and agility.

In a hybrid model, central IT maintains overall authority while delegating certain responsibilities to the business units. IT defines the overall policies, processes, and standards for SaaS governance. But they give business units the freedom to operate within those guidelines.

For example, IT might require all SaaS contracts over a certain dollar amount or duration to flow through central procurement. But below that threshold, business units could purchase SaaS applications directly.

Governance as a Service (GaaS)

Best for: Smaller organizations (10-250 employees) that lack the skills or capacity to govern SaaS internally.

This newer approach to SaaS governance is to outsource the function to a third-party provider.

With Governance as a Service (GaaS), organizations can tap into the expertise, best practices, and tools of a company that specializes in SaaS management. The GaaS provider acts as an extension of the IT team, handling key governance activities like:

  • Application discovery and inventory
  • Security and compliance assessments
  • License optimization
  • Cost management
  • Renewal and termination workflows

By offloading the day-to-day management to an external provider, IT teams can focus on more strategic priorities.

And like any outsourcing arrangement, the success of GaaS depends heavily on choosing the right provider and maintaining a strong partnership.

Pro Tip: When evaluating GaaS providers, look for two essential features: a comprehensive dashboard that provides a complete view of your SaaS landscape, including usage, costs, and renewal dates, and automated contract tracking that manages your renewals effortlessly. Cledara fits the bill on both counts. It's definitely worth checking out if you want to streamline your SaaS governance.

“Our teams collaborate better now because they know what software they can use and approvals are 100% streamlined”. It also brought Finance and IT together "My IT colleague, who is responsible for user access, really likes the fact that he has one place to go to see all company software”

Jenny Liu, Head of Finance, Marshmallow

Take control of your SaaS with Cledara

You need many tools to work, but only one to manage them all.

Get started free

Best Practices for Effective SaaS Governance

Here are some best practices to ensure that your organization is getting the most value from SaaS while keeping risks in check. 

1. Start with a Clear Strategy

Before you get lost in the weeds of policies and processes, take a step back and define your high-level goals for SaaS governance. 

What are you trying to achieve, and how does that align with your overall business objectives?  

Consider questions like:

  • What business outcomes are we driving towards with SaaS? Are we looking to improve agility, reduce costs, enhance security, or all of the above?
  • What's our risk tolerance, and how will that shape our approach? Are we okay with a little shadow IT, or do we need to lock things down tight?
  • What resources do we need to govern SaaS effectively? Do we have the right people, processes, and tools in place, or do we need to invest in more?

Answering these questions upfront will give you a clear direction for your SaaS governance efforts and ensure you're focusing on what matters most.

2. Bring All the Stakeholders to the Table

SaaS governance touches every part of the organization, from finance and procurement to security and compliance to the end-users in various departments. 

To get it right, you need to involve all the key players.

Identify the stakeholders who need to be part of the conversation, like:

  • IT leaders who will be in the trenches managing SaaS day-to-day. 
  • Security and compliance folks who will make sure you're staying on the right side of regulations like GDPR, HIPAA, and SOC 2. 
  • Finance and procurement teams who will want to keep tabs on SaaS spend and licenses. 
  • HR, who will care about how SaaS impacts employee onboarding and offboarding.
  • Business unit leaders who need to ensure their teams have the right tools to get the job done.

Getting everyone engaged early will help you craft policies that are comprehensive, balanced, and actually workable. 

3. Put Pen to Paper on Policies

With your strategy set and your stakeholders on board, it's time to get down to brass tacks and write out your SaaS governance policies. These should cover the entire lifecycle of a SaaS app, from selection and deployment to management and retirement.

Some key things to address:

  • What controls need to be in place to protect sensitive data? Think encryption, access controls, data residency requirements, and more.
  • What industry and geographic regulations do you need to comply with, and what does that mean for your SaaS use? This could include things like GDPR, HIPAA, SOC 2, and CCPA.
  • How will new SaaS applications be evaluated, selected, and purchased? 
  • How will you handle SaaS contract renewals, license expansions, and application retirements? 

Make sure these policies are documented somewhere everyone can access them, like a company wiki or knowledge base. And don't just set it and forget it - these policies should be living, breathing documents that you revisit and update regularly as your business and the SaaS landscape evolves.

4. Get the Right Tools in Your Arsenal 

Policies and processes are great, but to really make SaaS governance scale, you need the right tools in your arsenal.

Enter SaaS management platforms (SMPs). SMPs are designed specifically to help you discover, manage, and optimize your SaaS apps. They give you a central hub to track all your SaaS, automate day-to-day governance tasks, and provide the visibility you need to make smart decisions.

Psst... This is where Cledara (our product) comes in.

With Cledara, you can:

  • Discover and inventory all the SaaS being used across the company (even the apps flying under IT's radar). This helps you get a handle on your total SaaS footprint.

  • Track spending, utilization, and renewal dates. This information is key for optimizing your SaaS spend and avoiding Shadow IT and surprise renewals.
A screenshot of Cledara's complete SaaS view with the real-time application directory.
  • Keep an eye on vendor security and compliance. Cledara offers features to assess and monitor the security posture of your SaaS vendors.
A screenshot of Cledara checking compliance for a SaaS tool.

Cledara can be a game-changer for your SaaS governance program, giving you the automation and intelligence you need to manage SaaS at scale.

Pro Tip: When you're shopping for an SMP, look for one like Cledara that plays nice with your existing IT systems, has strong discovery and automation features, and can grow with you as your SaaS governance needs evolve. And don't forget about user experience - Cledara is designed to be an SMP that your team will actually want to use.

5. Always Monitor and Improve

SaaS governance isn't a one-and-done deal. It's an ongoing journey that requires continuous monitoring and optimization. 

Keep your program fresh and effective by:

  • Evolving your policies as your business changes and new SaaS apps come into play.
  • Tracking key metrics and KPIs like SaaS spend, utilization, compliance, and user satisfaction.
  • Conducting periodic audits of your SaaS portfolio to weed out redundancies and inefficiencies. 

The SaaS landscape is constantly shifting, and your governance program needs to be agile enough to shift with it.

Implementing a SaaS governance framework

It is the best thing you can do for your organization. Your SaaS landscape can really humble your IT assumptions. New apps and user requirements magically appear out of nowhere, just when you think you've got everything under control.

And when they do turn up, your IT team shouldn't be stuck with outdated processes that stall your organization's adoption of new tools and let shadow IT run rampant.

Poor SaaS governance can set off a chain reaction that eats into your IT team's strategic initiatives like digital transformation; and a user experience that involves more waiting around and responding to long approval threads.

If you're looking to establish a strong SaaS governance framework that streamlines your entire SaaS lifecycle with a SaaS management platform... we should really talk!

Contents

Contents

The software management solution for finance teams.

Learn more

Subscribe to our newsletter

Receive the latest insights in your inbox

Brad van Leeuwen

Brad is the co-founder and COO of Cledara. Prior to Cledara, Brad scaled partnerships, infrastructure and Go-to-Market at several fintech companies. He also led multiple early-stage investments into fintech and financial services for the EBRD and is one of highest-ranked Techstars startup mentors globally.

Share this post

Subscribe to our newsletter and stay informed on the latest SaaS insights

Explore more

Explore more

RFIs vs RFPs vs RFQs: What They Are and When to Use Them in Your Procurement

Navigating the procurement process starts with understanding RFIs, RFPs, and RFQs—essential tools to select the right vendor for your business needs.
Read more

A Complete Guide to the Procurement Process

Procurement is the backbone of every business, guiding how organizations acquire goods and services efficiently to save money, streamline operations, and build strong supplier relationships.
Read more

SaaS License: What They Entail and How to Negotiate

Navigating the diverse landscape of SaaS licensing models can be daunting for a CFO, but understanding their nuances is crucial for making informed decisions that optimize costs and functionality for your organization.
Read more

SaaS Vendor Management 101: How To Manage Subscriptions

Learn best practices, tackle key challenges, and see how Cledara can transform, step by step, your approach to SaaS vendor management.
Read more

A CFO’s Guide to SaaS Contracts

Here’s what to look for when you sign a SaaS contract—which clauses to read carefully, which to insist upon, and how to come away with a great deal.
Read more

9 Best Spend Management Software Solutions for 2024

Discover the best spend management software for your needs, with this detailed rundown of the tools on the market.
Read more

What Is SaaS Procurement?

SaaS procurement encompasses the entire lifecycle of a SaaS tool within a company. From identifying a need, purchasing the solution, assessing its security and compliance, and implementing it.
Read more

How to Negotiate Your SaaS Agreement

Learn how to negotiate your software agreements and secure a good deal with this comprehensive guide.
Read more

Software Tail Spend: Why It Matters and How to Manage It

Uncover the hidden impact of tail spend on your company's software purchases and learn how to effectively manage it with our free, downloadable cheat sheet.
Read more

What is an SBOM?

Software providers must now meet SBOM requirements in order to qualify as US public sector vendors. Learn everything you need to know about SBOMs in this post.
Read more

13 Key Procurement KPIs You Should Track in 2023

Setting procurement KPIs is essential to track your procurement team's performance, ensuring smooth operations, and minimizing costs.
Read more

How to Write a Good Software Business Case [+ Template]

Do you think your company needs to invest in new software? In this post, you'll learn how to write a good software business case. Free template included.
Read more

Maverick Buying and SaaS

Life, as Jeff Goldblum once said, finds a way. People want to get things done. They want to deliver and so they become mavericks. Maverick buyers have a bad name, and certainly they can cause a lot of problems (more on that later), but in many ways they represent the best of companies.
Read more