Audit Success Center Now Available! Check It Out

What Is SaaS Sprawl and What Can You Do About It?

by | Apr 5, 2024

SaaS sprawl has quickly become a serious problem for most businesses. It eats away at the bottom line, creates confusion for software users, and increases cybersecurity risks. As companies adopt more software to solve complex problems, they need to take a proactive approach to preventing it.

Here’s a breakdown of what SaaS sprawl is, how it happens, and what you can do to get it in check.

What is SaaS sprawl?

SaaS sprawl is the unchecked growth of SaaS applications within an organization. When SaaS sprawl occurs, the amount of applications an organization is dealing with often becomes unmanageable, which leads to cost overruns, security issues, and increased complexity for IT.

How does SaaS sprawl happen?

SaaS sprawl is a byproduct of the fast rise of cloud-based software. The pursuit of better collaboration and efficiency has led to an app explosion. Here are some of the reasons software subscriptions spiral out of control.

SaaS apps are easy to get

Cloud-based applications are easy to access and implement. When software was sold through the perpetual licensing mode, users had to purchase the application — usually with a hard copy — and load it on their device.

With cloud-based apps, the barriers to access are gone. Users can pay for applications with a credit card or sign up for a free trial. Most applications don’t require anything to be downloaded. Even if the app is no longer in use after the trial period or a credit card lapse, the application may still have access to company data.

Because SaaS apps are easy to get, it leads to a phenomenon known as shadow IT. Shadow IT is the use of a company’s hardware or software without the oversight of IT. It’s a major risk, since these applications can access private networks and data.

Lack of policies for software procurement

In some cases, the IT department is involved with software procurement, but they don’t have policies to guide decision-making. New software purchases are approved and implemented without considering whether they perform the same function as another application, if they meet security standards, or whether they make sense budget-wise.

This can sometimes be attributed to following a quick-fix culture, where companies rush to innovate and fix problems with software. Employees are encouraged to seek out new applications without guardrails, which quickly leads to app explosion. To make matters worse, software is abandoned just as quickly as it was acquired in these environments. Cleaning up all those subscriptions can overwhelm IT departments.

Decentralized approval processes

Many companies may have approval processes for new applications, but those processes don’t funnel through the IT and legal departments. Instead, individual department heads are responsible for approvals. They may each have their own policies that don’t necessarily line up with one another. Plus, there’s no precedent or requirement for leaders to communicate with each other to know what’s already in use around the company.

This gives users flexibility, but it creates an every-man-for-himself situation. As a result, the company ends up with multiple instances of the same application and misses out on savings, like discounts for a certain number of users.

Consequences of SaaS sprawl

You can find a tool for almost any task and set it up in minutes. That’s great for users who are under pressure to integrate data into their processes and work more efficiently. However, it’s possible to have too much of a good thing.

Overspending

Having too many apps can cause your SaaS spend to spiral, also known as subscription creep. Here are some of the ways you may incur unnecessary costs:

  • If individual departments sign their own contracts, you may be missing out on enterprise-level discounts.
  • When someone leaves the company or goes to another team, you may end up paying for users that no longer use the platform.
  • It’s possible that you’re paying for modules or features that aren’t being used.
  • If you don’t know when renewals are coming, you may miss out on negotiation.

Potential duplicate contracts

Users from different departments may have their own version of the same software, or they may use two different applications for the same function. For example, the marketing department may use Asana for project management, while the product development team uses ClickUp. Both platforms perform similar functions, and it may be beneficial to have an enterprise-wide solution for project management.

Security vulnerabilities

If applications don’t undergo a security consultation, they could put the company’s data and networks at risk.

  • Users may not follow company guidelines for application security, such as using single sign-on (SSO) and multi-factor authentication (MFA).
  • Software may not meet the company’s standards for protecting sensitive data.
  • Unmanaged accounts can be breached or taken over without the IT department finding out.
  • Applications may not meet data privacy and security regulations, particularly for businesses in highly regulated industries like healthcare and finance.
  •  Apps may integrate with other platforms that put your data at risk.

Data silos and inefficiencies

When teams use disparate tools that don’t integrate well with one another, they implement inefficient workarounds or work outside the systems altogether. A majority of users say these data silos actually create more manual work for them, instead of reducing it.

SaaS sprawl also leads to inefficient use of IT’s time. If the IT department must play a constant game of catch-up to hunt down and address SaaS sprawl, it takes valuable resources away from other activities.

These inefficiencies can also expand to the legal and finance departments. Having to negotiate and process multiple contracts for the same platforms clogs up the legal department’s pipeline. The finance department has to manually track down the company’s applications and associated spending.

User confusion and fatigue

Without centralized processes to manage your applications, users end up overwhelmed and confused by the sheer number of applications available to them. For example, let’s say a department head wants to offer their employees access to a design mockup tool. They’ve seen their colleagues use a few tools, but each team has their own. The tools were purchased without the involvement of IT, so it’s unclear who owns them, how to add users, and whose budget it will come from.

These kinds of situations create a frustrating technology experience. The department head may respond by going rogue and simply acquiring the applications they prefer, which leads to further SaaS sprawl.

How to know if you have SaaS sprawl

Your processes can provide the first indication that you’re dealing with SaaS sprawl. If you don’t have formal policies in place, or the IT team has to rush the approval process due to other priorities, then you likely are dealing with an app explosion.

You can also evaluate your tech stack to see if you’re suffering from the effects of SaaS sprawl:

  • Evaluate applications by category to identify duplicates.
  • Analyze usage data to determine which applications are underused.
  • Determine whether apps have business value. Don’t forget to look for dependencies and integrations.
  • See if you’re missing out on discounts and better pricing tiers.

How to get SaaS sprawl in check and prevent it from happening

You can get SaaS sprawl in check and keep it from occurring with a few preventative measures:

Centralize policies

Clear policies help you avoid chaos. Create rules to ensure all subscriptions align with company requirements.

  • Managers should approve new subscriptions to ensure alignment with departmental needs.
  • IT and accounting should be notified of all purchases, regardless of payment method, for budgeting and tracking purposes.
  • All contracts should meet data privacy and security standards, such as HIPAA compliance or SOC certification.

Remember to communicate these rules and make them easily accessible to everyone at the company. Train employees on the policies and the risks of not following them.

Create a single source of truth for all subscriptions

Keeping a centralized repository for all of your SaaS applications can help prevent subscription creep. You can create a spreadsheet of your subscriptions using a template like this one.

Taking this approach can be time-consuming, since you’ll have to gather information on each application one-by-one. You’ll have to reach out to your colleagues around the company to find out which applications they’re using. To make sure they don’t miss anything, you’ll also have to sift through expense reports.

As an alternative, you can purchase a SaaS management platform. SaaS management platforms scan applications like email and expense software to identify potential subscriptions. Instead of having to manually gather the apps yourself, SaaS management tools work in the background to provide a real-time analysis of your licenses.

Get SaaS sprawl in check

According to Okta, the average company uses 93 software applications. How many of those subscriptions are necessary? How many are risky from a security perspective? How many have dormant users?

You don’t have to feel your way through the dark on these issues. With proactive policies, user education, and a SaaS management platform like FinQuery Software Management, you can manage your applications proactively. By streamlining your software platforms, you can minimize security risks and keep costs in check while providing users with access to the applications they need to work smarter.

Related articles

SaaS Spend Management Guide