Julien Kuijper

What are the primary challenges organizations face when it comes to managing their growing SaaS estate, and what are the expectations associated with SaaS management today?

Julien Kuijper: Challenges can be grouped into two main categories, the ones that are related to compliance (security, regulatory and also regarding usage) and the ones related to efficiency.  These two groups of challenges must be addressed by implementing an overarching and powerful governance model. In order to push the concept, one would actually say that the first challenge for organizations regarding SaaS management is actually understanding the real volume of ungoverned SaaS applications, and their associated risks.

Security, compliance and cost inefficiency issues are all caused by a lack of SaaS footprint visibility. On average, 60% of SaaS products are unknown to central governance (IT) and 10% of SaaS products are not used or even forgotten by the entity who purchased them in the first place (do you remember all smartphone apps you purchased?). Beyond all the obvious problems of managing an incomplete portfolio, this lack of thorough visibility means that CFOs and CIOs don’t know nor control the overall digital cost of an organization, thus can’t report to their Board of Directors meaningful ROI on technology investments or reliable figures around digital transformation…is this acceptable in 2023?

 If the biggest SaaS investments typically went through a security process, GDPR, and legal and technological validation (e.g. Salesforce, Microsoft, Adobe CC), the smaller Tiers 2 or Tail-end SaaS products will have likely never been through a security nor a legal review. This is extremely risky for organizations de-facto processing and storing critical data over the internet to an external cloud provider. Defining a SaaS governance model (that includes tools, processes and resources) ensures security, legal protection, efficient renewal, and non-redundancy of solutions, WHILE allowing business units to quickly adopt the SaaS solutions they need to be competitive, this is the challenge that our customers are facing every day.

Is rapid SaaS adoption mainly a manifestation of shadow IT, or does it genuinely enhance business agility? How can organizations strike the right balance?

Julien Kuijper: As mentioned above, it’s fair to assume that the majority of SaaS product in use within the organization has had a genuine reason to be there. One can push this concept further by being reluctant to speak about “Shadow IT”.  Business Units (BUs) are becoming fluent in digital technologies and are regularly being approached directly by vendors. If solutions exist and are meaningful, BUs are indeed genuinely capable of deciding if an investment is worth proceeding with. What BUs are not necessarily aware of is all the risks and traps around adopting SaaS: Security, legal T&Cs, negotiation best practices, renewal processes or the existence of similar solutions that should be reviewed.

Why is this different compared to “On-premises” software?  Well, SaaS technical usage doesn’t need IT support or involvement, purchasing can happen via alternative solutions than the official purchasing process.  ERP purchase orders can be classified under “service” and pass under the radar of IT check. SaaS can be purchased via corporate credit card and expense report process.  Also, individuals in BUs might think “I don’t need IT technical help and this is my budget, thus I don’t need any approval of anyone in IT” which from a standalone perspective is right, but from a security and overall organization governance perspective is debatable, if not simply wrong.

 The right balance is obtained by a meaningful and categorized governance model. For sure, depending on the cost, size and number of users, the SaaS lifecycle will not be managed the same way. In a nutshell, a gradual method from 100% centrally managed by IT to mainly led by BU is a meaningful strategy. The things to keep in mind are that two aspects are mandatory: a thorough SaaS catalogue with a clear in and out process, and ( to repeat ) a non-debatable mandatory security and T&C approval process must apply for ALL SaaS.

Given the diversity in SaaS models, why is a “one size fits all” governance framework ineffective, and what considerations should be made for tailored SaaS management strategies?

Julien Kuijper: There are 3 main types of SaaS…

1) “Tier-1” used by the entire organization.  Super large cost where cost governance and licensing/usage compliance is the highest challenge (Security/legal is typically covered for those), these represent 2 to 5% of purchasing transactions and 80% of overall SaaS cost (inc. Salesforce, Microsoft and ServiceNow). Tier-ones are typically fully governed by IT.

 2) “Tail-End”, on the opposite side, the majority of publishers represent 80% of transactions, but typically less than 30% of overall SaaS costs. For those security, legal and waste are the main risks, those are managed by the BUs (and it’s okay), but Security & legal checks along with the official purchasing process shall be enforced.

 3) and finally, “Tier-2” sitting between the two previous types, used by more than one BU and start representing a significant cost thanks to their increased adoption, those have to be co-managed between IT and BUs.

In terms of pure Lifecycle Management, Tier-1 and Tier-2 must be managed by experts who know the purchasing tricks, licensing rules and usage analysis to mitigate risk and optimize usage and subscriptions. For Tail-End, proper management happens with governance improvement, catalogue, purchasing process, and security/legal approval, in other words, all SaaS products have to land on an overall Portfolio Management Program, where Tier-1 will be optimised by experts and Tail-End will tackle business owner identification, redundancy elimination, proper renewal management and purchasing/transaction efficiency.    

 What tools and solutions does SoftwareOne offer to support comprehensive SaaS management, particularly in terms of security, performance, and compliance?

Julien Kuijper: At SoftwareOne we have services and solutions (like Digital Supply Chain) supported by our own Client Portal that manages the purchasing transaction side of SaaS Management. For pure SaaS discovery and SaaS Management tooling, we work with the majority of leading ITAM, SaaS Management and FinOps technology partners to support our clients in achieving their business outcomes aimed at managing FinOps and SaaS. These include ServiceNow, Flexera, Apptio, and Snow as well as some of the niche players like Beamy or XenSAM.

We focus on understanding what client has already invested in and what their maturity level is for ITAM/SAM, FinOps and Cloud management. From that starting point, we help the client define the best technological and commercial architecture to achieve the optimal ROI.  As for tooling, there is no such thing as a “one size fits all” for end-to-end SaaS Management!

How does managing a modern portfolio that includes classic software, SaaS, and enterprise solutions differ from traditional software asset management (SAM) and IT asset management (ITAM) practices?

Julien Kuijper: The difference is the same as the one brought by the Cloud and that drove the FinOps concept. FinOps Introduces the concept of “Inform, Operate, Optimize” management phases, it creates a culture of accountability and broader stakeholder (BU) engagement.

Traditional on-premises software always needs IT technical support for admin rights. New functionality comes with new installations, and traditional software is financed by CAPEX plus OPEX.   While SaaS enables fast adoption and easy scalability, it is financed by OPEX with sometimes multi-year pre-engagement or “commitment”. Thus, in order to master SaaS Management one has to apply the FinOps methodology over the known software lifecycle. The key to efficient “overall software” management (SaaS + classic software) is actually to run a 360° Smart Portfolio Management initiative taking care of legacy management, new adoption and application modernization strategies. In other words, it’s applying the “Transformation 7Rs” (Rehost, Relocate, Replatform, Refactor, Repurchase, Retire and Retain) to the overall application portfolio.

In light of the evolving landscape of SaaS management, should organizations rethink and redesign their end-to-end strategy, and if so, what are the key ingredients necessary for successful SaaS estate management in the modern era?

Julien Kuijper: In summary, SaaS Application are key modern enabler of business success, thus BUs needs to be agile and need fast adoption of SaaS improving their efficiency. Blocking or slowing down BUs agility and innovation pace is not a successful strategy.  However…

• Compliance is non-negotiable : There should be no trade-off or negotiation regarding security, legal and compliance policies and processes.  Each and every SaaS product shall pass the proper level of approval. The key is to make this fast enough so that BUs are not slowed down and don’t bypass your processes.
• Financial control: SaaS is part of an organisation’s “Digital” or “technology” or “cloud” investment, therefore CIOs, CFOs and CEOs must have a sharp and predictable visibility on ALL digital costs and their ROI. What has previously been referred to as Shadow IT, needs to be considered as “Business chosen digital adoption”
• Realistic Governance: A smart balance of control and freedom is the secret ingredient for general adherence.
• Budgeting: Overall software and SaaS portfolio governance has a cost and will require thorough change management.  This is genuinely part of the overall digital adoption ROI. CxO can’t expect that digital adoption can happen with efficient governance at no incremental internal cost (and/or shift and lift of existing resources and competencies)

Meet SoftwareONE team at this year’s SAMS Europe – secure 30% with the code MKT30!