Back to the blog

A deep dive on SaaS spend management

How to use spend data and insights to prioritize your SaaS rationalization efforts, maximize impact, and earn quick wins.

As organizations continue to transition from the pandemic-era strategy of "growth at all costs" to a more balanced approach focused on "efficient growth," many are looking for opportunities to streamline and consolidate their SaaS estates in the effort to reduce spend, minimize risk, and drive greater operational efficiency. This is SaaS spend management, and it is a cornerstone of modern IT governance.

‍

What is SaaS spend management?

SaaS spend management refers to the processes and tools used to track, analyze, and optimize spending on software as a service (SaaS) subscriptions. The process helps organizations manage their subscription costs, ensure compliance, and enhance visibility into usage patterns, ultimately driving more informed financial decisions and operational efficiency.

‍

Nudge Security product data shows that during their tenure at an organization, the average employee creates 18 different SaaS accounts. From a risk standpoint, that’s potentially 18 user identities, 18 places where corporate data may reside, and 18 points of integration with other sensitive or business-critical applications. Meanwhile, Gartner estimates that a quarter of all SaaS subscriptions are either underutilized or unnecessarily deployed, resulting in squandered SaaS spending that could be better invested in strategic technology initiatives.

‍

Reining in this SaaS sprawl is no small feat—usage, risk, and spend data often spans multiple departments, admins, and platforms, which makes it challenging to consolidate. Many teams turn to manual tracking within a spreadsheet, which is time-intensive, incomplete, and unscalable. Nudge Security’s SaaS spend management features accelerate and automate this process, helping security and IT teams drive smarter, more efficient SaaS investment decisions. You’ll find these insights organized within a helpful “Spend” dashboard in Nudge Security that allows you to easily spot inactive accounts, discover redundant apps, track renewal dates, identify paid apps with single users, and more.

‍

Still, with hundreds of apps and thousands of accounts floating around, it can be hard to figure out where to start. Here’s how to use our insights to prioritize your SaaS spend management efforts, maximize impact, and earn quick wins.

‍

Focus on your biggest SaaS risk centers first.

While it may seem logical to initially focus on the largest SaaS cost centers, there are compelling reasons to prioritize efforts based on the areas of greatest risk. SaaS applications that handle sensitive or restricted data, or present significant risks to the organization, often impose additional governance burdens on IT, security, and compliance teams, even if they are low-cost or free tools.

‍

It is also important to consider that these teams may have stringent policies for third-party risk and acceptable usage that can provide a well-defined threshold for SaaS rationalization. For instance, your organization might have a policy that forbids the use of cloud services hosted in specific geopolitical regions, or requires SaaS providers to demonstrate compliance with SOC 2 Type 2. Any SaaS use that does not meet these criteria can be swiftly rationalized out of the portfolio.

‍

Learn how Nudge Security accelerates vendor security assessments with risk and compliance insights. →

‍

Audit former employees for lingering SaaS access.

Are there ghosts lurking in your SaaS portfolio? It’s more than likely. In Nudge Security's survey of 375 IT professionals, 70% of the respondents shared that they have experienced the consequences of incomplete offboarding: security incidents, business disruption, and wasted SaaS spending, to name a few.

‍

Before you tackle revoking SaaS accounts of active employees, your first step should be to audit the SaaS accounts of former employees who may have retained access to SaaS apps after leaving the organization.

‍

This can be done manually by reviewing your list of suspended users in your identity provider (and cross-reference it with your HR records if you are uncertain) and then work to identify accounts to remove or licenses to revoke. Or, you can save up to 90 percent of the time and effort involved in SaaS offboarding by using Nudge Security’s purpose-built IT offboarding playbook. The playbook streamlines and automates the time-consuming, easy-to-miss tasks like revoking OAuth grants and resetting passwords for accounts outside of single sign-on (SSO).

‍

Learn how Nudge Security helps to ensure complete employee offboarding and SaaS license revocation. →

‍

Remove abandoned and forgotten SaaS accounts.

Can you recall every online service you've ever registered for? (Editor's note: Just keeping track of my active streaming subscriptions is a struggle.)

‍

As referenced above, a staggering 25% of all SaaS subscriptions are either underutilized or excessively deployed, resulting in significant opportunities for cost optimization through SaaS rationalizaton. Moreover, most regulatory compliance frameworks mandate the removal of inactive accounts within stipulated time frames.

‍

To assess the utilization rates of SaaS accounts, you can use SaaS login or user activity data. However, the most reliable source of information is direct communication with the account holders. A straightforward inquiry, such as "Are you still using that application?" can quickly help identify abandoned SaaS accounts that should be removed from your portfolio.

‍

Learn how Nudge Security automates user access reviews to surface inactive and abandoned SaaS accounts. →

‍

Eliminate redundant SaaS applications.

A major contributor to SaaS sprawl is the presence of multiple SaaS tools that serve the same or similar purposes within an organization. Such redundancy is not only inefficient but can also be costly.

‍

Often, different teams or departments within an organization may be using different tools for the same purpose, such as project management or file sharing. Sometimes this is justified due to specialized or highly differentiated needs and features. Yet, in some cases, it’s due to a lack visibility of the SaaS tools already in use elsewhere in the organization. This can lead to operational inefficiencies, data silos, and productivity silos that limit your organization.

‍

To identify these redundancies, start by categorizing your SaaS applications based on their primary functions. (Nudge Security’s Spend dashboard does this for you, and provides a list of possibly redundant apps to review.) Once you have a clearer picture of where redundancies exist, you can evaluate which tools are most effective and universally preferred. Engage all relevant stakeholders in this decision-making process. This includes not just the IT operations team or the business unit leaders but also the end users of these tools. Remember, the aim of SaaS rationalization is not just cost reduction but also improving productivity and user satisfaction.

‍

Visualizing where you have overlap can go a long way towards simplifying this process. That's why Nudge Security includes this handy Venn diagram, making it easy to see the user overlap between similar apps.

‍

‍

Once you've decided on the preferred tool(s), create a transition plan to migrate users from the redundant applications to the chosen one(s).

‍

Learn how Nudge Security auto-categorizes and groups similar SaaS applications for comparison. →

‍

Consolidate isolated SaaS tenants.

It’s not uncommon to find isolated instances or “tenants” of the same SaaS application or cloud infrastructure being used by different departments or teams. This segregation also often leads to higher costs due to the inability to leverage volume-based pricing. And, it can introduce risk when "shadow tenants" are not included in standard IT security measures.

‍

‍

The first step in addressing this issue is to identify all instances where multiple tenants of the same SaaS application exist. Unfortunately, many SaaS providers won’t give you this information directly—instead, their enterprise sales team will tell you how many licenses you should buy for your organization.

‍

Engage with the various teams or departments to understand where segregation exists and why. It could be due to specific requirements, historical decisions, or simply a lack of awareness of the existing instances. Next, evaluate the feasibility of consolidating these tenants into a single, organization-wide instance. This process will likely involve discussions with the SaaS provider, as well as detailed planning to ensure a smooth transition with minimal disruption to users.

‍

Remember to consider the potential impact on data privacy and security when consolidating SaaS tenants. Always ensure that appropriate permissions and access controls are in place to protect sensitive information.

‍

Learn how Nudge Security helps you bring rogue AWS accounts into centralized governance. →

‍

Ready to move beyond quick wins into programmatic success?

Our SaaS Rationalization Toolkit provides a step-by-step guide for achieving both cost optimization and risk management, with multiple frameworks, tools, and templates to help you manage your SaaS spend management efforts.

‍

Ready to accelerate your SaaS rationalization efforts with a complete SaaS inventory, SaaS spend data and cost optimization insights, and more? Start your free, 14-day trial of Nudge Security.

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors