The 300-Application Reality
IT asset managers who have conducted SaaS audits know the reality: the average enterprise runs over 300 SaaS applications. Zylo’s SaaS Management Index reveals the sprawl: three hundred separate subscriptions, many unknown to IT, each with its own data, security posture, and renewal cycle. SaaS spending grew 18% year-over-year in 2023.
The MSP manages your infrastructure. Who manages your SaaS? Often, nobody has complete visibility. Organizations waste 25% of SaaS spend on unused licenses according to Gartner.
The Discovery Gap
Organizations typically discover 2-3x more SaaS applications than IT tracks. BetterCloud research documents the discovery shock: what IT knows about exists alongside vast unknown usage.
| Category | IT Knowledge | Reality |
|---|---|---|
| Enterprise apps | Full | Full |
| Department apps | Partial | Extensive |
| Team apps | Minimal | Significant |
| Individual apps | Rare | Widespread |
Each unknown application is a potential security gap, compliance risk, or redundant cost.
The Redundancy Problem
SaaS sprawl creates functional redundancy:
| Function | Common Duplicates | Typical Cost Waste |
|---|---|---|
| File storage | Dropbox, Box, OneDrive, Google Drive | 3-4x necessary spend |
| Project management | Asana, Monday, Trello, Jira | 2-3x necessary spend |
| Communication | Slack, Teams, Discord, email | 2-3x necessary spend |
| Video conferencing | Zoom, Teams, Meet, Webex | 2-4x necessary spend |
| CRM | Multiple solutions per department | Significant |
The redundancy isn’t malicious. Different teams solved the same problem independently. The result is waste and fragmentation.
The License Optimization Opportunity
SaaS license optimization savings average 20-30% of current spend. Flexera research documents the opportunity: organizations pay for licenses they don’t use.
Waste categories:
Unused licenses. Accounts that never log in.
Underutilized licenses. Premium tiers for basic users.
Orphaned accounts. Former employees with active subscriptions.
Duplicate functionality. Paying multiple vendors for same capability.
Tier mismatch. Enterprise pricing for SMB needs.
Identifying waste requires visibility. Visibility requires inventory. Most organizations lack complete inventory.
The Shadow IT Drivers
Shadow IT exists because official channels fail:
Speed. Procurement takes weeks. Credit card takes minutes.
Flexibility. IT solutions are standardized. Shadow IT fits specific needs.
Control. Departments want control over their tools.
Innovation. New tools emerge faster than IT evaluates.
Frustration. Past IT experiences were bureaucratic or unhelpful.
Eliminating shadow IT without addressing root causes just drives it deeper underground.
The Security Risk Taxonomy
Different shadow IT carries different risk:
| SaaS Category | Data Exposure Risk | Integration Risk | Compliance Risk |
|---|---|---|---|
| AI/ML tools | High (data input) | Medium | High |
| File sharing | High (data storage) | High | High |
| Communication | Medium | Low | Medium |
| Productivity | Low | Low | Low |
| Development tools | Medium | High | Medium |
Risk-based prioritization focuses security attention where it matters most.
The AI Tool Explosion
Generative AI tools create new shadow IT challenges:
ChatGPT and competitors. Employees paste work data into public AI tools.
AI writing assistants. Document content flows to third parties.
Code assistants. Proprietary code enters AI training sets.
Image generators. Potentially confidential images processed externally.
The tools are useful. The data exposure is often unconsidered by users and invisible to IT.
The MSP Role in SaaS Management
MSP involvement in SaaS management varies:
| Capability | Traditional MSP | Modern MSP |
|---|---|---|
| Infrastructure-linked SaaS | Managed | Managed |
| Enterprise SaaS (M365, Google) | Often managed | Managed |
| Department SaaS | Rarely | Sometimes |
| Shadow SaaS | Never | Discovery tools emerging |
If SaaS management isn’t in MSP scope, it’s in your scope. If it’s in nobody’s scope, risk accumulates.
The Discovery Tools
SaaS discovery approaches:
Expense analysis. Review credit card and procurement data for subscriptions.
SSO gaps. Applications not using SSO are shadow IT candidates.
Network analysis. Traffic patterns reveal SaaS usage.
CASB deployment. Cloud Access Security Brokers provide visibility.
User surveys. Ask employees what they use. Amnesty periods help honesty.
Each approach has blind spots. Comprehensive discovery requires multiple methods.
The Governance Framework
SaaS governance requires structure:
Intake process. How new SaaS requests are evaluated and approved.
Security assessment. Standard evaluation before any SaaS adoption.
Contract review. Terms, data handling, exit provisions reviewed.
Integration standards. How SaaS connects to other systems.
Lifecycle management. Regular review of continued need and usage.
Offboarding procedures. How departing applications are decommissioned.
Framework balances speed (why shadow IT exists) with control (why governance matters).
The Data Location Problem
SaaS distributes data across vendor systems:
Customer data. In CRM SaaS.
Financial data. In accounting SaaS.
HR data. In HR SaaS.
Product data. In various SaaS tools.
Communication data. Across multiple platforms.
Each location has different security posture, different jurisdiction, different terms. Data classification becomes complex when data is everywhere.
The Exit Planning Gap
SaaS adoption rarely includes exit planning:
Data export. Can you export your data? In what format?
Transition timeline. How long before service terminates after cancellation?
Data retention. How long does vendor keep your data after exit?
Notification requirements. What notice must you provide to cancel?
Migration support. Does vendor assist with transition?
Exit planning matters when vendors change terms, get acquired, or lose your confidence.
The Cost Visibility Challenge
SaaS costs hide in multiple places:
IT budget. Enterprise applications.
Department budgets. Department-specific tools.
Expense reports. Individual subscriptions.
Personal credit cards. Reimbursed or not.
Corporate cards. Scattered across cardholders.
Comprehensive cost visibility requires expense aggregation across all sources.
Building SaaS Management
Effective SaaS management requires:
Complete inventory. Every SaaS application documented.
Owner assignment. Every application has accountable owner.
Usage tracking. Who uses what, how much, when.
Security classification. Risk level for each application.
Contract repository. All agreements in one place.
Renewal calendar. Upcoming renewals tracked proactively.
Regular review. Periodic assessment of continued need.
The investment in management creates savings through optimization and reduced risk through visibility.
The MSP Partnership Evolution
SaaS management may require evolving MSP relationship:
Traditional scope. Infrastructure and enterprise applications.
Expanded scope. SaaS discovery, security assessment, lifecycle management.
Tools required. SaaS management platforms, CASB, expense integration.
Skills required. Contract review, vendor management, security assessment.
The conversation: does SaaS management belong in MSP scope? If yes, what additional services and costs? If no, who provides it?
Sources
- SaaS application counts: Zylo SaaS Management Index
- Shadow IT discovery multiples: BetterCloud
- License optimization savings: Flexera SaaS Management research