3 common SaaS Management challenges and how to avoid them

The return on your SaaS management platform investment is very dependent on the quality of your rollout.

‍ You’ve seen the demo that shows how a SaaS management platform like 1Password SaaS Manager can give your team data on the  budget you’re wasting on unused SaaS licenses for Salesforce, Zoom, GitHub etc. Perhaps you played around with a workflow builder in a demo environment and defined automations for reviewing shadow IT or reclaiming unused licenses.

In short, you’re seeing a solid business case for SaaS management that brings together immediate, direct cost savings with the promise of ongoing efficiency gains from the automation of IT ops. Does that mean it’s time to sign-up, turn on the new SaaS management platform, sit back and reap the SaaS optimization rewards? 

Unfortunately, without the right foundations, early rollout mistakes can weaken your SaaS management program, making it harder to govern access and control risk over time. 

Here are the 3 most common challenges we’ve seen companies face in rolling out SaaS Management Platforms, and our tips on how to avoid them.

Challenge  #1: automation expectation vs. reality

SaaS Management requires API access to your key business apps. This is one of the most common SaaS integration challenges teams face during implementation. 

For instance, imagine you’re using Zoom within your business. Great news – Zoom has a fantastic API which shares a user list along with the roles, license plan (enterprise, pro, basic) and date of last login for every user. Their API also shares activity metrics such as the number of ‘pro’ meetings each user is holding. Zoom’s API also supports user management, allowing you to downgrade or de-provision those unused licenses via an automation setup in your new SaaS management platform. In short, this provides all the information you need to identify unused licenses and the corresponding wasted SaaS spend. 

If every SaaS app had an API like Zoom’s, life in the IT team would be great. In reality, we find that around 30-40% of apps have an API with user-related endpoints. Of these apps, around half of the APIs will have broad functionality for user activity metrics and user management. To make things more complicated, some apps only offer API availability – or access to specific endpoints – if you’re on a premium plan. Additionally, availability of APIs is skewed towards the more popular apps. It’s nuanced, to say the least, but you’re likely never going to get full coverage for your SaaS inventory.

This doesn’t mean you can’t get value from your SaaS management initiative, but it does mean you need to level your expectations and formulate a plan to get useful information for key apps that lack an API.  Being aware of any SaaS integration challenges early helps teams set realistic expectations and avoid stalled automations.

Perhaps most importantly, you need clarity from your SaaS management vendor on the API availability and quality for your core SaaS inventory. For instance, 1Password SaaS Manager has over 350 direct API integrations with different SaaS tools, with clear guidance on the core capabilities of each integration.

Challenge  #2: getting buy-in beyond the IT team

Tracking usage carefully lets you identify opportunities for SaaS license optimization, cutting waste while making sure teams have the tools they need. To achieve this, IT and security teams will need input from the wider business to gather all the license details for your SaaS inventory, such as: start and renewal dates, what plans you’re on, and the rates you’ve negotiated. Even if the SaaS management vendor is going to enter the license details for you, someone in your business may still need to be tracked down to provide missing details. 

Overall, this process is likely to involve pulling together dozens of SaaS contracts and order forms that have been squirreled away in PDFs all across your business. You shouldn’t assume that your Head of Sales is in a rush to rummage through the virtual filing cabinet to find the most recent Salesforce contract.

Unfortunately, APIs won’t magically solve this problem. At best, you might get overall license entitlements from an app’s API, but it’s surprisingly uncommon. Certain critical details around the license structure – such as your negotiated rates or the renewal date – may not be available via an API.

Magic AI, ML, or OCR extraction tools aren’t going to come to the rescue either. Order forms, contracts, and MSAs come in wildly different and often byzantine formulations. Extracting that unstructured data from a PDF and translating it into something useful is not going to produce reliable results at scale.

If you’re one of the lucky few with a nicely organized spreadsheet of SaaS license data, or you’re cutting over from an existing SAM or SaaS management tool, the initial setup is significantly streamlined. Overall, however, getting hold of this license information is a very common, early challenge  in the rollout of a SaaS management platform. 

It’s not all doom and gloom, though. The solution comes down to collaborating with other teams in the business, and having an understanding of the existing systems and processes that you can tap into. Preparing for this challenge  is all about having a realistic take on your current situation and an understanding of what’s possible.

Challenge  #3: establishing process, not patches

Now that you’ve invested in putting a SaaS management platform in place, you’re probably going to uncover some ‘shadow IT’ surprises, such as spending on SaaS apps you weren’t aware were even in use, non-SSO applications, or users granting risky access permissions to personal-use browser extensions. These discoveries often signal deeper SaaS sprawl challenges across the organization. 

Strong SaaS security posture management depends on having repeatable processes to manage discovery, access, and ongoing change. If you’ve not engaged in this kind of SaaS discovery before, you’re going to be playing catch-up. It takes time to work through this information and to make decisions on how to respond. This is also where SaaS security challenges start to emerge, especially as access and usage expand faster than governance.

1Password SaaS Manager offers automated discovery and management for unapproved SaaS and AI apps, which can help greatly. Nonetheless, it's worth remembering that this process is ongoing, and you’ll need to support the evolution and growth of your SaaS ecosystem; as you go through the pain of reviewing this first big wave of discovered apps, more apps will still be arriving in your inbox for review. It’s an opportunity to formulate policies and standardized responses, but at the same time you might feel overwhelmed by the short-term workload.

This also applies to your SaaS license details, which are subject to regular change. Without clearly defined processes and responsibilities, your license information is going to become outdated as agreements get modified or renewed.

The temptation is to make a concerted, tactical push to work through the initial system implementation while failing to consider the long-term plan for the maintenance and expansion of your SaaS management platform. 

In summary

Addressing SaaS security challenges alongside cost and operational concerns is important, but getting SaaS management right isn’t as simple as finding a SaaS management vendor and switching their platform on.  It’s critical to ensure that your rollout addresses your key SaaS security challenges, as well as cost and operational concerns. Aligning your expectations, understanding what’s possible given your SaaS application stack, and getting buy-in outside of the IT team are all critical to getting long-term business value from your SaaS management platform and, more importantly, your SaaS applications. Failing to plan for SaaS sprawl challenges makes long-term governance much harder.

Want to learn more about rolling out 1Password SaaS Manager? Schedule a demo.