The SaaS Revolution began in 1999 when Marc Benioff founded Salesforce.com. Salesforce went public in 2004 with $ 96 million in annual sales. Sixteen years later, it was added to the Dow Jones Industrial Average after reporting revenue of $ 17.1 billion in fiscal year 2020. SaaS is no longer a revolutionary concept. It has been embraced as a fundamental IT building block in companies of all sizes, industries and geographies.
SaaS sprawl is a natural consequence of the SaaS revolution. An analysis of Octa’s customer database for 2020 revealed that companies employing 2,000 or more people maintained an inventory of 175 SaaS apps on average. A similar survey conducted by Blissfully in 2019 showed that companies employing more than 1,000 people used 288 SaaS apps on average. And finally, two-thirds of the companies in Productive’s 2021 SaaS Management survey employed 100 or more SaaS apps.
In every way, SaaS apps have become an eye-catching and pervasive component of any company’s digital landscape.
The figures quoted above fail to convey the true sprawl created by widespread SaaS adoption. SaaS definitions vary from one company to the next and may include a combination of personal productivity tools, business applications, data services, collaboration tools, security services, AI / ML modeling platforms, etc.
Users with the greatest exposure to IT resources should be subject to the strongest authentication procedures at initial login and, in addition, be required to respond to enhanced or continuous authentication requests during extended work sessions.
Multiple user accounts are created for each SaaS service. User identities are not limited to full-time employees, but will inevitably include a wide range of temporary employees, external contractors and service providers, and even robots or devices. Authorization policies have been put in place to control the actions that users can take on their accounts on specific IT assets. Consequently, the number of SaaS apps used in an enterprise is only the tip of a larger administrative iceberg created by the multiplicative proliferation of user identities, accounts, and asset-specific policies.
This article reports the results of a study conducted earlier this year to illustrate the many dimensions of SaaS sprawl. The data in this study was provided by Authomize, a security firm that uses AI technology to profile relationships between user identities, IT assets, and authorization policies across an enterprise. All the data used in this study were provided and handled on an anonymised basis.
The implications of SaaS sprawl were initially evaluated in over a dozen companies. Four were ultimately selected to illustrate the contagious effects of SaaS adoption. The companies discussed in this article ranged in size from 700 to 3,000 salaried employees (hereinafter referred to as PEs, which include both full-time and part-time employees on a company’s payroll).
These companies are based in the United States and Europe and were founded five to 25 years ago. They have experienced the SaaS revolution on their own. While they may not be purely cloud-native companies, SaaS services play a dominant role in supporting their day-to-day business operations. These companies operate in four significantly different industries: oil and gas, edtech, financial services and enterprise software. Throughout the rest of this article, these four firms will be referred to as the “survey firms.”
The contagious effects of SaaS sprawl
SaaS sprawl is commonly perceived as a reference to the number of cloud-based SaaS services used by a company. In fact, it is a much broader phenomenon.
The number of unique SaaS services accessed by the Identity Providers (IdP) databases within the survey companies ranged from 310 to 994. This is significantly higher than the SaaS figures reported in the above surveys and probably includes cloud-based services that do not would be strictly classified as business applications. This study was based on the broadest possible definition of SaaS services, excluding IaaS providers only.
The ratio of unique SaaS services to employees ranged from 1: 1 in the smallest (700 PE) company to 1: 3 in the largest (3,000 PE) company. However, these factors were not correlated with the size of the company. The 2,500 PE company included in this study had a 1: 8 ratio between services and employees.