The consequences of SaaS sprawl a real-world study

Marc Benioff launched in 1999, kicking off the SaaS revolution. Salesforce went public in 2004 after generating yearly revenues of $96 million. After reporting revenues of $17.1 billion in fiscal 2020, it added to the Dow Jones Industrial Average sixteen years later. SaaS is no longer a groundbreaking notion. It has used as a fundamental IT building element by businesses of all sizes, sectors, and locations.

The SaaS revolution has resulted in a logical result: SaaS sprawl. According to an examination of Okta’s 2020 client database, firms with 2,000 or more employees had an average inventory of 175 SaaS apps. 

According to a similar survey done by blissfully in 2019, companies with more than 1,000 employees utilized an average of 288 SaaS apps. Finally, Productiv’s 2021 SaaS Management study found that two-thirds of the firms surveyed used 100 or more SaaS apps.

SaaS apps have become a visible and pervasive part of every company’s digital landscape by any measure. The figures given above do not accurately reflect the real scope of SaaS usage. SaaS definitions vary by firm and may contain a mix of personal productivity tools, corporate apps, data services, collaboration tools, security services, AI/ML modeling platforms, and other services.

Users who have the most access to IT resources should be subjected to the strictest authentication processes when they first log in, and they should be compelled to react to step-up or continuous authentication requests during long work sessions.

For each SaaS service, many user accounts were created. User identities will undoubtedly encompass a broad range of temporary employees, external contractors and service providers, and even robots or gadgets, in addition to full-time personnel. 

Authorization policies are in place to limit the activities that users may do on specified IT assets under their accounts. As a result, the amount of SaaS apps used in an organization is only at the top of a larger administrative iceberg caused by the multiplicative expansion of user identities, accounts, and asset-specific regulations.

This article summarizes the findings of research conducted earlier this year to demonstrate the many facets of SaaS sprawl. Authomize, a security startup that uses AI technology to characterize links between user identities, IT assets, and authorization policies throughout a business, contributed the data used in this study. All of the information used in this study was submitted managed anonymously. The consequences of SaaS sprawl were first assessed in over a dozen businesses. Four chosen demonstrate the cascading impacts of SaaS adoption. The businesses described in this article between 700 and 3,000 paid employees (also known as PEs, which refers to both full-time and part-time workers on a company’s payroll).

These businesses headquartered in the United States and Europe, and they started between 5 and 25 years ago. They have direct knowledge of the SaaS revolution. Despite the fact that they are not entirely cloud-native businesses, SaaS services play a significant part in their day-to-day operations. These businesses are involved in four diverse industries: oil and gas, education technology, financial services, and corporate software. These four companies will refer to as “the study companies” for the rest of this article.

The term “SaaS sprawl” is often used to describe the number of cloud-based SaaS services used by a company. It is, however, a far larger phenomenon.

Expansion of service

Within the research firms, the number of distinct SaaS services accessible by identity provider (IdP) databases ranged from 310 to 994. This is substantially larger than the SaaS numbers reported in the previous research, and it most certainly includes cloud-based services that are not properly categorized as business applications. This research used the broadest definition of SaaS services feasible, excluding solely IaaS providers. In the smallest (700 PE) firm, the ratio of unique SaaS services to workers was 1:1, while in the largest (3,000 PE) company, it was 1:3. These ratios, however, are not connected to the size of the firm. The study’s 2,500-person private equity business had a service-to-employee ratio of 1:8.