SaaS discovery is a process that often involves using a single platform to increase the visibility of SaaS spending and usage throughout the organization through different integration approaches. The SaaS discovery process is critical to the overall success of your journey since it is the first step and establishes the foundation for a practical SaaS Management approach. After all, if you can’t see your surroundings, you won’t know how to continue in terms of cost and risk reduction.
The Most Effective SaaS Discovery Methods
Because SaaS is no longer solely an IT/security issue, several technologies on the market are seeking to assist businesses in discovering and managing SaaS usage. Each solution has a different strategy but employs one of seven common discovery approaches.
1. Mobile Device Management
Many SaaS apps are often accessed using mobile devices. Organizations that issue mobile devices and manage them centrally using a mobile device management platform may get visibility into SaaS application usage on such devices.
2. Expenses/Accounts Payable
Integration with expenditure or accounting systems can aid in identifying SaaS apps where a subscription has been acquired. This is especially helpful for controlling and lowering subscription costs by grouping customers to qualify for a volume discount or combining overlapping SaaS suppliers. Some suppliers supplying this product may negotiate subscription costs with SaaS companies as a value-added service.
Using spending or accounting data to detect SaaS, on the other hand, is only helpful for SaaS when the employee is paying for a subscription. Most SaaS apps feature a free tier or a freemium model, which our technique would be ignorant of. Almost every SaaS program does not demand payment at first and thus would be entirely opaque for this detection approach.
3. Financial Systems
Financial systems may give a wealth of information about the SaaS apps you’ve paid for, such as a reasonable inventory of these applications and contact information, which is extremely useful when preparing for renewals, consolidating contracts, and so on. However, financial data might be difficult to automatically standardize, necessitating human intervention. This discovery strategy may also have drawbacks such as a lack of use statistics and the inability to identify the use of free or improperly priced programs.
4. API
API discovery discovers users and uses using API connections supplied by SaaS vendors. Many SaaS security firms utilize this strategy to detect user misconfigurations, vulnerabilities, or abuse of SaaS apps. Depending on the application, APIs can also be used to finish the clean-up.
The disadvantage of API SaaS discovery is that it necessitates IT setup and integration and may necessitate a more expensive business license. This strategy does not perform well for fresh SaaS discoveries and is only effective for previously discovered SaaS. API SaaS integration is increasingly being utilized to aid in understanding application setups or other concerns. APIs are ineffective for tracking the SaaS apps that employees use.
5. Network Traffic
Using network monitoring tools, you may be able to collect application traffic within your network. With most workers working from home and many not connecting to VPN on a daily basis, this approach of gaining insight into all SaaS application usage is not the greatest option for today’s working-from-home scenario.
6. Web Proxy
Web proxy solutions are used to analyze website destinations to safeguard employee Internet traffic. The proxy can restrict access based on a risk assessment of the site being visited, for example, by blocking known phishing or malware sites. The data from a web proxy can be used to find SaaS, although this is not their fundamental capability and takes substantial research and human labor.
Web proxies are useless because they rely on network traffic when the SaaS application is utilized on a personal device or when it is not linked to the business network. Many web proxies also need endpoint agents, and some vendors’ endpoint agents and SaaS apps are incompatible.
7. Single Sign-On (SSO)
SSO is suitable for tracking and monitoring SaaS consumption and managing access to various apps. The firm has a centralized access and control mechanism for sanctioned SaaS apps.
When it comes to SaaS governance, SSO may be costly. Most business SaaS products require an SSO license, which may cost up to three times as much as non-SSO ownership. It is only helpful for well-known SaaS apps that are coupled with SSO. It cannot assist in detecting applications that employees access outside of SSO.
8. Agent or Browser plugin
These can be deployed to monitor or follow new SaaS apps. Data may be collected from an agent or plugin already installed on each business device. This information may then be analyzed to determine SaaS application use.
Like other agent-based systems, this approach’s data can be overwhelming, resulting in numerous false positives. This solution only applies to managed devices and would fail if employees used SaaS on personal devices.
9. CASB
Initially, cloud access security broker (CASB) devices were intended to “broker” connections between an endpoint device and a SaaS service. They are often used to identify and control access to SaaS services and gather data by analyzing network traffic, endpoint agent data, or both. Because the CASB has access to the network connection, it may instantly identify SaaS.
The issue with CASBs is the massive volume of data generated. They are comparable to web proxies, but the data is simpler to analyze because they were created to identify SaaS. However, since it is not feasible to always discern between a standard website and a SaaS site, security analysts must evaluate many signals, and false positives are widespread. CASBs, like proxies, are only helpful for controlled devices or when the device is on the corporate network since they rely on network and endpoint data.
The Advantages of SaaS Discovery
The top 6 advantages of SaaS Discovery are as follows:
1. Maximizing Availability, Scalability, and Elasticity
When shifting from on-premise to cloud data centers, data availability should be carefully managed; SaaS provides the best way for storage and traffic managers to notice failures in obtaining data across data centers. Dividing the program into various pieces increases its scalability in terms of data processing, instances, and without increasing cache space or message queues. The amount of web and worker role instances may be managed using SaaS, allowing for more elasticity in application execution.
2. Integration and Scalability
SaaS solutions are typically hosted in cloud settings that are scalable and have integrations with other SaaS providers. In comparison to the old paradigm, you do not need to purchase a new server or software. You merely need to activate a new SaaS product, and the SaaS provider will handle server capacity planning. Furthermore, you will have the ability to scale your SaaS consumption up and down based on your individual needs.
3. Supervision on IT
By shifting the workloads of application execution, testing, maintenance, and monitoring to the cloud with SaaS deployment, the CSP now owns complete responsibility for all your on-premise application and system management, and the Chief information officer (CIO) and IT staff of the on-premise infrastructure are now capable of effectively executing their business models throughout the organization and more accurately aligning the process infrastructure with the employees.
4. Handling the Risks of Software Acquisition
SaaS allows on-premise application designs to be transferred to cloud data centers, eliminating the risk of upfront software and physical asset purchase and lowering on-premise infrastructure costs.
5. New Releases (upgrades)
When using SaaS, the supplier improves the system and makes it available to its clients. The costs and effort involved with upgrades and new releases are cheaper than the traditional paradigm, which often requires you to purchase and install an update package (or pay for specialized services to get the environment upgraded).
6. Saving Costs
SaaS may give significant cost savings since it often sits in a shared or multi-tenant environment with lower hardware and software license costs than the traditional approach.
Another benefit is that you can fast increase your client base since SaaS allows small and medium-sized organizations to utilize software that they would not use otherwise owing to the high cost of the license. Maintenance expenses are also lowered because the SaaS provider controls the environment, which is shared by all clients that utilize that product.
SaaS Discovery Obstacles
Each discovery approach has advantages and disadvantages, and there is presently no single methodology that can govern them all. Among the obstacles to discovery completion are:
- SaaS Provider resistance
- Core vs peripheral functionality
- AP/Expenses system compatibility
- Browser-native vs Dedicated application
- Privacy
- API availability/complexity
- Agent/Browser Plugin deployment
- Proxy bypass
- BYOD
Summing Up
While each company has its niche, procedures, and activities, the SaaS discovery phase should be vital in developing any new product as a risk management approach.
The most common error teams make when approaching software SaaS discovery is viewing it as a linear and limited phase. Instead, we should recognize that SaaS discovery and product delivery are inextricably linked and that discovery phases may be jumbled up and repeated.
Also, properly working through the problem plane before moving on to the solution plane is critical, and the entire product team must be involved. There are strategies for controlling each phase and improving the visibility of the job completed and insights gained. Once you’ve correctly set up the SaaS discovery process, you’ll be able to confidently browse through ideas and insights, ensuring you’re producing a market-valued product.
