But what about free SaaS applications? Employees routinely download free SaaS applications and incorporate them into their daily work. However, given the millions of dollars that organizations are spending to purchase SaaS, it can be tempting to overlook the free apps that aren’t directly impacting the bottom line – not yet, at least.

Unfortunately, free SaaS applications can ultimately lead to a heavy price tag. Security breaches, regulatory fines, data loss and unexpected license costs are all potential outcomes of unmonitored, free SaaS use. 

The challenges surrounding free SaaS apps

Getting a handle on free SaaS use in an organization’s IT environment is easier said than done. Almost by definition, free apps are accessed outside of IT. In fact, they’re often accessed outside of the business unit and are simply the result of individual users or groups of users deciding to download software.   

Even if an organization is leveraging a SaaS management platform (SMP), there’s no guarantee they’ll uncover free SaaS applications. Most SMP discovery methods have a blind spot when it comes to free SaaS.

Financial records, for example, are a source of discovery for many SMPs. The platform connects to an organization’s procurement or accounts payable systems and looks for keywords associated with known SaaS vendors. But if you’re not paying for the app, it’s not going to show up on an expense report.

Single-sign-on (SSO) connectors are another popular discovery method. Data from this source shows logins for known applications that are accessed via an SSO platform, such as Okta or Microsoft Azure AD. However, free applications used without the knowledge of IT aren’t going through an SSO platform.

Finally, like SSO discovery, API connectors to vendor portals are useful for getting information on apps IT already knows about. They’re not going to provide any information on free apps downloaded without IT’s awareness. Despite best efforts to manage their SaaS, organizations are still left in the dark, and that leaves them vulnerable to a host of risks.

Security vulnerabilities

Security is a concern with any cloud software, but when IT is aware of the application, it can take steps to mitigate the risks. Adding the application to an SSO platform is a great place to start. As mentioned above, however, free SaaS apps aren’t going through an organization’s SSO for access. That means users are selecting their own passwords, which are often weak and present attack vectors for would-be hackers.

Another potential security vulnerability comes in the form of misconfigurations. SaaS apps have multiple settings options to control admin privileges, data protection, encryption and more. A single misconfiguration can dramatically increase the risk of a security incident. 

Data concerns

Protecting the data and privacy of employees and customers is the thrust of numerous laws that vary by geography and government entity. To ensure compliance, it’s imperative to know what data is being shared with your software vendors and what policies those vendors have in place to handle and protect data. Steering clear of regulatory missteps is a shared responsibility between customer and vendor, and if you’re not aware of all the vendors with access to your data, you can’t possibly ensure those responsibilities are being met.

Then there’s the issue of data ownership and what happens to your data when you decide to no longer use the app. Is there a process for retrieving it? Does the vendor have the right to retain the data? Answers to these questions are found in the service-level agreement (SLA), but you’re not able to review the agreements for vendors you’re not aware of.

Unexpected costs of free SaaS apps

Most SaaS applications that are free are only free up to a point. Once some predefined threshold is met, the vendor expects to be paid for the software.

For example, some apps are free for personal use, but there’s a requirement to pay for commercial use. Consequently, if an employee uses a free app at home and later begins using it at work, perhaps even converting some colleagues, you could be exposed to unexpected license costs.

Many SaaS vendors offer a freemium pricing model where certain minimal functionality is offered for free, but additional functionality comes at a price. After using the free features for weeks or months, employees often realize that additional functionality is required to meet business objectives. After investing so much time and energy in the app to that point, transitioning to an alternative can be more costly than paying the original vendor.

What are organizations supposed to do?

Fortunately, there’s a solution to these challenges, and it starts with visibility. Simply being aware of the free SaaS applications in your environment allows you to get ahead of these issues, address any data and security concerns before they pose a problem, and prevent unexpected licensing costs from busting the budget.

At Snow, our combination of SaaS discovery methods ensures that you have visibility into not only known and paid apps but also the unknown and free apps that are often hiding in the shadows. Learn more, or request a demo to see firsthand how we help customers eliminate the dangers of free SaaS.

_{GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.} 

The post The Heavy Price of “Free” SaaS Applications appeared first on Snow Software.

1. Reducing risk. Unless you’ve locked down access to the internet, your employees are very likely not going through your formal procurement or SSO to use SaaS applications. Applications not vetted by IT security might not be secure and your employees may not be using strong passwords.

2. Removing complexity. The complexity caused by redundant applications and multiple contracts with the same vendor is a challenge, especially for organizations with distributed IT and procurement and frequent M&A. This “SaaS sprawl” is the biggest challenge in managing SaaS applications, according to a Snow survey of IT leaders.

3. Optimizing cost. Around 30% of SaaS cost is wasted due to unallocated or unused licenses. With SaaS, vendors bundle functionality in tiers. You may be paying for a more expensive tier than you need.

Read more about the importance of understanding how many sanctioned, unsanctioned and free SaaS applications are used in your organization here.

Comparing SaaS discovery methods

Now that you’ve considered your goals for managing your SaaS environment, your next move is to learn how to collect this information so your organization can actually reduce costs, remove complexity and identify risk. There are multiple methods of capturing SaaS details and some may be more appealing than others, depending on your goals and technologies in use. Your specific goals for SaaS app discovery will impact your discovery methods.

Check out the tables below to learn more about each of the methods and their benefits and identify which method is right for you.

Combining discovery methods

In order to fulfill all use cases outlined above (reduce risk, remove complexity, optimize cost), you may need to employ multiple discovery methods. It is important to note that combining methods increases the accuracy and value of the data collected. Here are some examples you can put into practice:

• Identify applications that are not going through SSO. Capturing usage via browser extensions will inform you of all applications in use. You can then compare this data with applications in use via your SSO platform and determine if there are applications that should be going through SSO.
• Identify users with individual licenses that should be leveraging the corporate agreement. You may have a corporate agreement in one business unit and can detect usage by connecting to the SaaS API, but other business units may be using individual accounts of the same software.
• Assess the value of unused/under-allocated licenses/redundant applications for renewal and rationalization conversations. By marrying application usage data with contract financial details, you’ll have a better understanding of how much these unused premium licenses, unallocated licenses and redundant applications are costing your organization.

Learn more about the benefits of tracking SaaS usage for both paid and free applications and see how Snow can help with SaaS discovery. 

The post How to Find the Right SaaS Discovery Method for Your Organization appeared first on Snow Software.