Five Important Questions To Ask About Your Business’s SaaS Tools

July 9, 2019 in SaaS Management, SaaS Spend, SaaS Trends, Security

SaaS Today: More Popular Than Ever.

SaaS usage is accelerating at a rapid pace across businesses of all sizes and types. In fact, the average company pays for 20 times more SaaS subscriptions today than they did five years ago, and uses three times more free SaaS products than paid apps. SaaS has taken root across all functions and departments.

Impressively, non-engineering SaaS spend rose from about 10% in 2010 to over 80% today. Currently, 38% of companies work almost entirely on SaaS. Experts predict that in the next two years that number will go up to 73%, and the SaaS market will reach $76 billion.
Chart of SaaS Spend by Department

More Software = More Chaos.

There is a downside, however: Often, as SaaS tools begin to take hold within an organization, added complexity, lack of visibility across apps and teams, redundant tools and subscriptions, and concerns about data security become more common.

What Now? SaaS Management.

While the challenges described above may feel like a reason to tighten the reins, the reality is that you probably can’t. A new plethora of restrictions will likely chafe employees, and may even prevent key tasks from getting done.

Organizations need a new and better approach to SaaS management. Your goal should be to understand what apps your organization is using, who is using them, how much they are spending in each department, and then use that information to make good decisions that benefit all of your users. IT should serve your business goals, rather than having your business serve IT’s needs.

Here’s a checklist that you can use to cover your SaaS management bases:

If you aren’t already, you should be aware of:

1. Who owns IT functions? (renewals, licenses, budget, etc.) for each department and each SaaS tool at your organization.

Establishing responsibility for SaaS tools is the first step towards accounting for their numbers and usage. Once departments are overseeing their own SaaS usage, you can start diving into the silos and getting real data.

2. What tools are being used, by whom, how, and why?

Effective SaaS management includes a high-level overview of your organization. A business needs a single source of truth regarding what tools they are using, how they are used, and what use cases are common.

3. How much is being spent on tools?

A key piece of data is how much your business is spending on its SaaS tools both in total, and broken down. Understanding where your SaaS spend is going, along with what tools are being used and how, lets you develop an understanding of the ROI on your SaaS and start to make actionable changes.

4. Are there any tool overlaps?

One of the first discoveries most businesses make is that they are using multiple tools that can accomplish the same thing. Pare down your subscriptions and start saving.

5. How are security concerns being managed across SaaS apps?

Each SaaS app introduces a new potential security issue. It’s important for your business to stay aware of how each app handles data, what data is handled, and what security concerns exist across the entire app ecosystem.

Start with these 5 key questions and you’ll see where you’re managing your SaaS well, and what needs work.

Blissfully: Worry-free SaaS Management.

While the above checklist is a good start, it just scratches the surface of SaaS management. Luckily, when it comes to SaaS management, you don’t need another huge stack of software. Blissfully was created to solve the SaaS management challenge, by building a thorough inventory of free and paid SaaS applications and their usage across all teams in your organization. By connecting app data with critical metadata on people and spend, Blissfully provides all the tools you need to take control of SaaS chaos across your organization. We can help you surface the apps your teams love to use (and typically find a few apps you’re paying for without using).

When it comes to managing SaaS chaos, Blissfully can help you go from ad-hoc, wasteful sprawl to a streamlined and cost-effective strategy that enables your organization to get the most out of its investment in SaaS. And isn’t that the goal?

Try Blissfully free today.

Or, for more information, download our full SaaS Management Guide.

The Right Way to Set Up G Suite

July 3, 2019 in G Suite, SaaS Management, Security

Getting Started

Software-as-a-service (SaaS) is growing everywhere, and Google’s G Suite is quickly becoming the service of choice for SMB’s and enterprises.

Our G Suite Quick Setup Guide is designed to get your G Suite console set up and running fast to ensure that your data and users are secure and productive.

1. Set Admin Roles

The first step to setting up G Suite is deciding who should be an administrator (admin) as well as what type of administrative privileges to assign to each person.

2. Set up G Suite Directory

G Suite Directory View
The G Suite Directory includes each user’s name and email address (you can also add additional information.) For a quick setup, you only need your users, since it will be essential to manage on and offboarding employees when they start and leave the organization. Later, you can build out the rest of your directory.

As much as possible, we recommend automating and streamlining on and offboarding processes when it comes to IT, to ensure security and compliance at your organization. This can be a tedious process, so we built an easy and automated way to onboard new employees through Blissfully, giving them access to all the SaaS tools and apps they need (including G Suite).

3. Select Your G Suite Apps

G Suite features a range of built-in apps that are included in the platform that offer useful core services for an organizations IT. You can pick and choose which you need.

Core Apps

Most people are familiar with the core, “killer apps” of G Suite, including:
Gmail: If you personally use Gmail, there’s a lot of continuity with the G Suite version. Admins can keep and search logs of emails as an added benefit for security and compliance.
Calendar: While setting up G Suite admins can specify how users can share their primary calendar inside and outside the company’s domain. For example, you can specify whether to show event details or keep them private, whether people outside your domain can change calendars, and more.
Google Drive / Team Drives (for G Suite Business and Enterprise): As mentioned above, Team Drives provide a simple way to store and organize files. The benefit is granting ownership of files to teams, rather than individuals. It’s easy to add and remove team members, or decide how you want to grant and restrict access.
Docs, Sheets and Slides: These core productivity apps in G Suite allow you to create documents, spreadsheets, and slide presentations, and easily share or revoke access for collaboration purposes.

Less Critical Apps

Certain Google apps can be useful for many applications, but aren’t necessarily best-in-class solutions for every use case. Here are a few examples:
Google Forms: This application can be good for organizations that need to manage a lot of events or conduct polls.
Google Meet: This recently updated video conferencing app (formerly known as Hangouts) can also be used as a conference calling line. A wealth of other free conferencing apps challenge Google Meet in terms of reliability and audio quality.
Google Hangouts Chat: A quick and easy default chat app is ok for one-to-one interactions, but other applications like Slack may be better for group chat or collaboration.

G Suite Marketplace and Third Party Apps

In addition to built-in apps, admins can extend the functionality of G Suite with deep integrations to other third-party SaaS applications via the G Suite Marketplace. This marketplace includes both free and paid business applications, ranging from simple Gmail extensions to robust business productivity applications.

Many SaaS apps outside of the G Suite Marketplace also offer Single Sign On (SSO) with Google functionality. This feature is useful for admins who want to know which permissions people are giving to which apps. Admins can pull custom reports (which is relatively complicated), or automatically get this data from Blissfully.

4. Set Up Security

With G Suite, there are quite a few security tools and configuration options at your disposal. Here are the areas you should be looking at securing when you set up your G Suite applications:

1. Multi-Factor Authentication

The single best thing you can do to improve your organization’s cloud security is to turn on and enforce multi-factor authentication (MFA) for G Suite. This greatly reduces the harm that an attacker can do with stolen credentials.

2. Team Drives

As we’ve discussed, G Suite Team Drives are shared spaces for teams to store and access their files. Make sure to set your permissions properly (generally, give employees the minimum permissions necessary).

3. App & File Sharing Activity Reports

Another important function of the G Suite Admin Console is reporting. Two especially useful reports are “Apps Usage Activity” and “File Sharing Activity,” which can help you identify any suspicious usage or file movement.

4. Device Management

G Suite has two ways for admins to manage devices, with its mobile device management and endpoint verification tools.

Mobile Device Management: Admins can distribute apps to employees and keep data secure on employee’s iOS and Android devices using mobile management. Using these tools, you can check usage, manage security settings, and lock or wipe devices remotely.
Endpoint Verification: Google recently rolled out Endpoint Verification, a way for G Suite admins to get an inventory of which desktop and laptop computers are being used to access their corporate data and apps.

5. SaaS App Auditing

As we mentioned above, If your team use Google SSO, you can pull reports in your admin console to find out if your users have authorized any unknown or unapproved apps through their Google accounts. A SaaS management app like Blissfully can also provide a much simpler way to review app permissions with a click of a button.

Next Steps

We hope this quick guide to G Suite Admin basics was useful to you, as you look to set up G Suite for your organization. Setting the right administrative privileges and following these best-practices can help keep your organization secure, compliant, and productive. It’s all a matter of having the right visibility into user activity, while setting and automating as many processes as possible to avoid unnecessary human error. As you work with more and more distributed software and apps, you may want to consider a SaaS management app like Blissfully to streamline the process. Try Blissfully free today.

Or, for more information about G Suite, download our full G Suite Admins guide.

What is Shadow IT? Answers to Common Questions.

July 2, 2019 in SaaS Management, Security, Shadow IT

A visualization of shadow IT

Shadow IT Explained

Shadow IT is the use of IT hardware or software by an individual without the knowledge of IT within the organization.

With the rapid proliferation of mobile devices and cloud-based services, IT has moved from being a tightly controlled environment to being an open environment with a great deal of stakeholders and movement. Users have become comfortable downloading and using apps and services from the cloud to assist them in their work, and will do so with or without company approval.

According to Cisco in 2016, 80% of end users use software not cleared by IT, 83% of IT staff admit to using unsanctioned software or services, and only 8% of all enterprises actually know the scope of shadow IT within their organization. And shadow IT has only grown since then.
SaaS management software can help by providing both visibility and control of apps throughout the organization.

What are the problems with Shadow IT?

Every new device and application added without IT’s knowledge runs the risk of creating a security gap. Additionally, redundant apps, lapsed subscriptions, siloed data, and collaboration inefficiencies are other common problems.

In a world where malware can take down systems in the blink of an eye, one wrong move can leave reams of data unsecured, and that can be a scary thought. A well intentioned-user can end up doing more harm than good and at the end of the day IT, and more specifically the CIO, will be on the hook.

But are there any benefits?

People use Shadow IT for a reason: Flexibility. One of the more common motivators for a user of shadow IT to choose an “unapproved” app is because it is more efficient and effective than what the IT department has chosen, and chances are pretty good that the employee hired to play a specific role may know a bit more about the tools of their trade than IT.

Despite the security dangers, shadow IT gives users a way to quickly and easily get the tools they need to be more productive and interact smoothly with co-workers, customers, and partners.

Common Types of Shadow IT

Common shadow IT examples include:

  • Productivity apps (Trello, Slack, Asana)
  • Messaging apps on corporate-owned devices (Snapchat, WhatsApp)
  • Physical devices (flash drives, external drives)
  • Cloud storage (Dropbox, Google Drive)
  • Communication apps (Skype, VOIP)

What Is The Risk of Shadow IT?

With the spread of information technology into consumer hands, hundreds of these applications are in use at the typical enterprise. The opacity surrounding each one represents a security gap. Although some applications are harmless, others include functionality such as file sharing and storage, or collaboration, which can present big risks to an organization and its sensitive data. IT and security departments need to see what applications are being used and what risks they pose.

How to Detect Shadow IT

There are some technical steps you can take to sniff out shadow cloud and IT services, including:

  • Firewall logs
  • Web proxy logs
  • Data loss prevention tools
  • Network-aware monitoring tools

You can set up an automated process with any combination of these tools to alert admins about new cloud usage as soon as it is discovered. However, there might be areas where visibility is limited, and the setup process itself is a heavy lift.
Mobile creates an extra wrinkle, as SaaS applications do not necessarily travel through your business’s network.

How to Prevent Shadow IT

It’s not entirely preventable, but there are preventative steps you can take. A culture change to a collaborative environment lets IT and business teams share goals and stay aligned. Clear processes for requesting new apps and a quick turnaround time for new app requests keeps employees feeling listened to and productive. Training about internal processes and the risk involved with shadow IT, and transparency around what is in use by other teams will help employees feel empowered to go through the right channels rather than install their own apps.

SaaS Management

SaaS management software such as Blissfully can help by providing both visibility and control of software-as-a-service (SaaS) apps. Blissfully allows users to see all SaaS apps in use and who is using them, optimize spending, manage vendors, and provides a central place for data security and compliance. Try Blissfully free today.

Or for more information about IT management and Shadow IT, read our Collaborative IT Guide.

The New IT: From Helpdesk to Business Operations

May 24, 2018 in SaaS Management, Security, Shadow IT

By: Matt Tharp

A recent study from Cisco showed that the average organization has 15 to 22 times more cloud applications running than have been authorized by the IT department. The question is, if everyone’s installing their own SaaS apps, who’s responsible for the role of IT at an organization? This question challenges every business, from startups to enterprises, and can serve as a major point of frustration for those assigned the role of IT management. Let’s take a look at why the problem of IT ownership exists, and how smart organizations should be handling it today.

Continue reading »

SOC 2 and Data Access Controls: What You Need to Know

March 29, 2018 in Compliance, SaaS Stack, Security

Guest post by Schuyler Brown, co-founder strongDM

As a part of our Blissfully SOC 2 compliance series, we invited strongDM to write a guest blog post about the challenges of data access controls, and why database management is important in the scheme of completing a SOC 2 audit. Blissfully used strongDM in our SOC 2 technology stack, mapped to the audit requirement of logical and physical access controls. Read more in our recently published SOC 2 Compliance Playbook.

Continue reading »