“Who's in charge of managing our SaaS applications?" As a CFO, this question might keep you up at night, and for good reason.
Ignoring SaaS governance is like letting your teenagers loose with your credit card – it might seem harmless at first, but before you know it, you're drowning in unexpected expenses and wondering where all your money went.
According to our recent study, companies think they have an average of 66 SaaS subscriptions, but 59% of respondents believe their company uses an average of 93 additional subscriptions that senior management is unaware of.
Talk about a surprise party for your budget!
But it's not just about the money. Unmanaged SaaS can also expose your company to compliance risks, security threats, and data silos.
In this guide, we'll cover everything you need to know about SaaS governance so you can avoid costly surprises, mitigate risks, and optimize your SaaS spend.
Let's dive in.
The True Cost of Unmanaged SaaS
Hint: it's more than just your monthly subscriptions. Now, you might be thinking, "Sure, SaaS governance sounds important, but do I really need to worry about it? Can't I just let each department manage their own SaaS apps?"
The short answer is no. Without proper governance, your company can fall victim to a host of issues, including:
1. Budget Overruns
When SaaS subscriptions are left unmonitored, costs can quickly spiral out of control. Before you know it, you're paying for duplicate subscriptions, unused licenses, and premium features you don't really need.
2. Security Risks
SaaS applications often contain sensitive data, from customer information to financial records. Without proper access controls and security measures, this data can be vulnerable to breaches, leaks, and cyberattacks. And let's face it – nothing ruins your day like a call from the FTC about a data breach.
3. Productivity Pitfalls
When your employees are using a mishmash of SaaS applications that don't play nicely together, productivity can take a nosedive. Data silos, manual workarounds, and constant context-switching can eat up valuable time and energy that could be better spent on more strategic tasks.
The bottom line? Unmanaged SaaS is a recipe for disaster – and it's up to you to make sure your company doesn't become another statistic.
Understanding SaaS Governance
In simple terms, SaaS governance is the set of policies, processes, and tools that organizations use to keep their SaaS applications in check throughout their entire lifecycle, from procurement to retirement.
This life cycle typically consists of four key stages:
- Procurement: Identify, evaluate, and select SaaS applications that align with business needs, security requirements, and compliance obligations.
- Deployment: Implement selected SaaS solutions by configuring applications, integrating with existing systems, and rolling out to end-users with proper training and access controls.
- Usage: Monitor usage, performance, and metrics like user adoption, software license utilization, and cost optimization. Conduct regular security assessments and compliance audits.
- Retirement: Decommission obsolete applications, ensure data backup and archiving and terminate remaining licenses or subscriptions.
Effective SaaS governance provides a framework for managing each of these stages in a consistent, repeatable, and auditable way, ensuring that SaaS investments deliver maximum value while keeping risks in check.
Why CFOs Need SaaS Governance
Think about it – when was the last time you had a clear picture of all the SaaS applications being used across your company? Do you know how much you're spending on licenses, who has access to what data, and whether you comply with the latest privacy regulations?
If the answer is "no," you're not alone.
Here are just a few of the ways a strong SaaS governance strategy can help you as a CFO:
Better Data Management:
When Finance and IT work together to establish clear policies and procedures around SaaS data management, you can finally get a handle on where your data lives, who has access to it, and how it's being used. No more silos – just clean, consistent, and secure data across all your SaaS applications.
Regulatory Compliance:
With new privacy regulations popping up faster than you can say "GDPR," staying compliant is more important than ever. But when you have a SaaS governance framework in place, with regular audits and controls, you can rest easy knowing that your company is staying on the right side of the law – and avoiding costly fines and reputational damage.
Efficient Vendor Management:
Managing SaaS vendors can be like herding cats – each one has its own contract, its own pricing model, and its own renewal date. But with SaaS governance, you can control the entire vendor management process, from procurement to payment. That means better prices, better terms, and better performance – all while reducing risk and complexity.
The bottom line? SaaS governance isn't just an IT problem – it's a Finance problem too. In fact, when Finance and IT find alignment on SaaS governance, the benefits trickle throughout the entire organization.
The 4 SaaS Governance Models
What are the different approaches organizations can take to govern their SaaS applications?
Here are the most common models for implementing SaaS governance:
Centralized Model
Best for: Smaller organizations with a limited number of SaaS applications and a high sensitivity to risk.
In a centralized governance model, a central IT team has full ownership and control over the entire lifecycle of SaaS applications, from procurement through retirement.
The centralized IT team is responsible for:
- Evaluating and selecting SaaS solutions
- Negotiating contracts and pricing
- Ensuring security and compliance
- Managing user provisioning and access control
- Monitoring usage and spending
- Handling renewals or terminations
The benefit of this model is that it ensures tight control, standardization, and vet applications for security and compliance, secures favorable terms and pricing, and prevents redundancy.
The downside is that it can limit the agility and responsiveness of business units and may feel constrained by the pace and policies of central IT.
Decentralized Model
Best for: Larger organizations with diverse business units and a "cloud-first" mindset.
In this model, the role of central IT shifts from gatekeeper to enabler. Rather than blocking or dictating SaaS use, IT provides guidelines, guardrails, and light oversight to help business units make informed decisions.
For example, IT might publish a list of pre-vetted, approved SaaS applications that business units can choose from. Or they may define a set of security and compliance requirements that any new SaaS application needs to meet.
The benefit of a decentralized model is that it helps business units to move fast, finding and deploying SaaS applications that meet their specific needs.
The risk is that it can lead to a fragmented and redundant SaaS portfolio with inconsistent controls and hidden costs.
Hybrid Model
Best for: Medium to large organizations that want to balance control and agility.
In a hybrid model, central IT maintains overall authority while delegating certain responsibilities to the business units. IT defines the overall policies, processes, and standards for SaaS governance. But they give business units the freedom to operate within those guidelines.
For example, IT might require all SaaS contracts over a certain dollar amount or duration to flow through central procurement. But below that threshold, business units could purchase SaaS applications directly.
Governance as a Service (GaaS)
Best for: Smaller organizations (10-250 employees) that lack the skills or capacity to govern SaaS internally.
This newer approach to SaaS governance is to outsource the function to a third-party provider.
With Governance as a Service (GaaS), organizations can tap into the expertise, best practices, and tools of a company that specializes in SaaS management. The GaaS provider acts as an extension of the IT team, handling key governance activities like:
- Application discovery and inventory
- Security and compliance assessments
- License optimization
- Cost management
- Renewal and termination workflows
By offloading the day-to-day management to an external provider, IT teams can focus on more strategic priorities.
And like any outsourcing arrangement, the success of GaaS depends heavily on choosing the right provider and maintaining a strong partnership.
Pro Tip: When evaluating GaaS providers, look for two essential features: a comprehensive dashboard that provides a complete view of your SaaS landscape, including usage, costs, and renewal dates, and automated contract tracking that manages your renewals effortlessly. Cledara fits the bill on both counts. It's definitely worth checking out if you want to streamline your SaaS governance.
“Our teams collaborate better now because they know what software they can use and approvals are 100% streamlined”. It also brought Finance and IT together "My IT colleague, who is responsible for user access, really likes the fact that he has one place to go to see all company software”
Jenny Liu, Head of Finance, Marshmallow
Best Practices for Effective SaaS Governance
Here are some best practices to ensure that your organization is getting the most value from SaaS while keeping risks in check.
1. Start with a Clear Strategy
Before you get lost in the weeds of policies and processes, take a step back and define your high-level goals for SaaS governance.
What are you trying to achieve, and how does that align with your overall business objectives?
Consider questions like:
- What business outcomes are we driving towards with SaaS? Are we looking to improve agility, reduce costs, enhance security, or all of the above?
- What's our risk tolerance, and how will that shape our approach? Are we okay with a little shadow IT, or do we need to lock things down tight?
- What resources do we need to govern SaaS effectively? Do we have the right people, processes, and tools in place, or do we need to invest in more?
Answering these questions upfront will give you a clear direction for your SaaS governance efforts and ensure you're focusing on what matters most.
2. Bring All the Stakeholders to the Table
SaaS governance touches every part of the organization, from finance and procurement to security and compliance to the end-users in various departments.
To get it right, you need to involve all the key players.
Identify the stakeholders who need to be part of the conversation, like:
- IT leaders who will be in the trenches managing SaaS day-to-day.
- Security and compliance folks who will make sure you're staying on the right side of regulations like GDPR, HIPAA, and SOC 2.
- Finance and procurement teams who will want to keep tabs on SaaS spend and licenses.
- HR, who will care about how SaaS impacts employee onboarding and offboarding.
- Business unit leaders who need to ensure their teams have the right tools to get the job done.
Getting everyone engaged early will help you craft policies that are comprehensive, balanced, and actually workable.
3. Put Pen to Paper on Policies
With your strategy set and your stakeholders on board, it's time to get down to brass tacks and write out your SaaS governance policies. These should cover the entire lifecycle of a SaaS app, from selection and deployment to management and retirement.
Some key things to address:
- What controls need to be in place to protect sensitive data? Think encryption, access controls, data residency requirements, and more.
- What industry and geographic regulations do you need to comply with, and what does that mean for your SaaS use? This could include things like GDPR, HIPAA, SOC 2, and CCPA.
- How will new SaaS applications be evaluated, selected, and purchased?
- How will you handle SaaS contract renewals, license expansions, and application retirements?
Make sure these policies are documented somewhere everyone can access them, like a company wiki or knowledge base. And don't just set it and forget it - these policies should be living, breathing documents that you revisit and update regularly as your business and the SaaS landscape evolves.
4. Get the Right Tools in Your Arsenal
Policies and processes are great, but to really make SaaS governance scale, you need the right tools in your arsenal.
Enter SaaS management platforms (SMPs). SMPs are designed specifically to help you discover, manage, and optimize your SaaS apps. They give you a central hub to track all your SaaS, automate day-to-day governance tasks, and provide the visibility you need to make smart decisions.
Psst... This is where Cledara (our product) comes in.
With Cledara, you can:
- Discover and inventory all the SaaS being used across the company (even the apps flying under IT's radar). This helps you get a handle on your total SaaS footprint.
- Track spending, utilization, and renewal dates. This information is key for optimizing your SaaS spend and avoiding Shadow IT and surprise renewals.
- Keep an eye on vendor security and compliance. Cledara offers features to assess and monitor the security posture of your SaaS vendors.
Cledara can be a game-changer for your SaaS governance program, giving you the automation and intelligence you need to manage SaaS at scale.
Pro Tip: When you're shopping for an SMP, look for one like Cledara that plays nice with your existing IT systems, has strong discovery and automation features, and can grow with you as your SaaS governance needs evolve. And don't forget about user experience - Cledara is designed to be an SMP that your team will actually want to use.
5. Always Monitor and Improve
SaaS governance isn't a one-and-done deal. It's an ongoing journey that requires continuous monitoring and optimization.
Keep your program fresh and effective by:
- Evolving your policies as your business changes and new SaaS apps come into play.
- Tracking key metrics and KPIs like SaaS spend, utilization, compliance, and user satisfaction.
- Conducting periodic audits of your SaaS portfolio to weed out redundancies and inefficiencies.
The SaaS landscape is constantly shifting, and your governance program needs to be agile enough to shift with it.
Implementing a SaaS governance framework
It is the best thing you can do for your organization. Your SaaS landscape can really humble your IT assumptions. New apps and user requirements magically appear out of nowhere, just when you think you've got everything under control.
And when they do turn up, your IT team shouldn't be stuck with outdated processes that stall your organization's adoption of new tools and let shadow IT run rampant.
Poor SaaS governance can set off a chain reaction that eats into your IT team's strategic initiatives like digital transformation; and a user experience that involves more waiting around and responding to long approval threads.
If you're looking to establish a strong SaaS governance framework that streamlines your entire SaaS lifecycle with a SaaS management platform... we should really talk!
.webp)
.webp)
%2520(1).webp)
