webinar imageWebinar
Watch now

Securing employee-adopted SaaS apps with Push
Co-Founder Jacques Louw.  Watch now

21 Apr 2023
user-centric security
Shadow IT

Embrace SaaS to move faster than your competitors

Sally Soulliere
Sally Soulliere
8 min read
Summary

One of the questions we hear all the time is, “Can’t I just block my employees from using SaaS that my team hasn’t already vetted and approved?” And the answer is “Yes, you can. You can certainly block the apps we find your employees using, but the real question is ‘Should you?’”

We’re in the business of finding and monitoring the SaaS apps employees are using and then working with those folks to make sure they’re using it as securely as possible. So, one of the questions we hear all the time is, “Can’t I just block my employees from using SaaS that my team hasn’t already vetted and approved?” And the answer is “Yes, you can. You can certainly block the apps we find your employees using, but the real question is ‘Should you?’”

The way we handle new “problems” in security tends to follow certain patterns. When bring-your-own-device (BYOD) was a new trend in security, vendors were offering solutions to get a handle on employee device security. Those devices were an unknown entity at a time when most businesses were giving our corporate-owned devices. 

Many businesses are still using corporate-owned VPNs these days, but in the era of the cloud, they know employees are often accessing their work tools (SaaS apps) through a browser rather than relying only on the tools, native clients and apps their employer supplies. Since pretty much everyone is now using SaaS apps and the cloud for work, a plethora of new security solutions have appeared to help get a handle on the risks associated with SaaS apps.

We’ve been “doing security” for decades so we understand the hyperfocus on risk. However, only focusing on the risks SaaS introduces means it’s easy to lose sight of all the benefits of SaaS. A report from McKinsey from all the way back in 2015 found that companies that adopted cloud services “experienced a 20.66% average improvement in time to market.” Not only that, but those companies found an “18.8% average increase in process efficiency, and a 15.07% reduction in IT spending. Together, these benefits led to a 19.63% increase in company growth.”

You can get to market faster

SaaS helps you automate many tasks, giving you time back to focus on building new features and be less distracted as you try to solve difficult problems within your product. 

Along with the automation aspect of SaaS saving lots of time from doing tasks manually, SaaS can help teams collaborate and work more quickly. Now that we’re in an environment with many folks working remotely, collaboration within tools is more important than ever. SaaS is lauded for making collaboration easy, which means your employees can hop into a project when they’re available, even if they’re working asynchronously, to keep progress moving along quickly. That kind of flexibility is what employees want and it’s becoming more and more clear that employees require that work environment to remain in their roles.

Employees are more productive

Closely related to bringing your product to market faster, SaaS lets employees be more productive. A recent study found that 97% of employees are more productive when they can use their preferred apps and tech at work. With more productive workers, you can build not just faster, but smarter.

Let’s say you’re competing with a company who’s building a similar product, but they require employees to use only their company-sanctioned technology. Employees have to take the time to learn a new tool and then build with the limitations and parameters that that tech put in place. It may be revolutionary technology, but even if the only hurdle is that they need to learn a new tool before adding value to your business, you’re already behind your competition. 

You can save money

By saving costs that you’d otherwise be paying massive licenses for, you can redistribute savings to the product or to recruit more engineers, product, and devs.

You can keep your team lean. Some SaaS apps allow you to automate tasks that you’d otherwise have to have someone do manually. Without the need to manage the admin tasks, your team can focus their efforts on tasks that require their skills. 

If you’re considering whether to use legacy on-prem offering or a more streamlined cloud platform service, one attribute that tips the scale to cloud is that you won’t need to hire professionals who know the proprietary languages and nuances of those programs anymore. By choosing a more user-friendly, easier to manage cloud platform, your team may be able to take on the load without the need to hire those highly skilled (and usually expensive) people who know Splunk’s proprietary language, for instance. 

By embracing SaaS and allowing employees to use the tools they want, they’ll be happier and you’ll retain the folks who get the work done. 

Most of us have worked for companies who lock down SaaS tools and it can be really frustrating because you feel hamstrung when you can’t use the apps you like to get things done. It can signal to some employees, especially those who have worked for cloud-native companies, that leadership doesn’t understand or empathize with employees. That’s a sweeping overstatement, but what we’re talking about here is employee perception and when you’re frustrated and feel like you don’t have the necessary tools to do your job, you start wondering if the company really understands the pressure you’re up against and if they even care about your needs.

Look beyond the security implications of SaaS to understand the business impact

These are just a few of the business benefits of enabling SaaS in your organization. Employee satisfaction is a hard thing to quantify, but security teams will certainly hear about their dissatisfaction if their favorite tools are taken from them. However, if you look at enabling SaaS from a broader understanding of the business and not just the impact to security, you can see the upsides of letting your teammates use their preferred SaaS apps. 

This also lets you get out of the dreaded enforcer role that security (and sometimes IT) fall into. By empathizing with your colleagues, you can pretty easily see where they’re coming from, however you also have a job to do. Even if you wanted to enable SaaS use, how can you do it securely and how do you make the case internally that it’s a worthy investment?

Enable SaaS securely

How can you let employees use the tools they want without putting your company at risk? The answer is that you can work with them, or better yet, use a security tool that is built to work with employees to understand how they’re using each SaaS app, whether they’re logging in securely, and helping them to use the app securely. Just blindly opening the floodgates so that employees can use whatever they want with no oversight isn’t usually a risk businesses are willing to accept. 

There are loads of tools out there that focus on SaaS security, but they often aim to understand what employees are using simply so they can block it. The issue with those is similar to what we encountered back when endpoint security was a new thing: employees know that security is monitoring what they’re doing so they can police their behavior and prevent them from doing certain activities or using their favorite tools.

Now that you’ve looked at the problem from a different perspective, you need a tool that does that same. Modern SaaS security tools will often try to find a middle ground that keeps employees happy and using what they want, while satisfying the risk tolerance level of their security teams - the end goal is to let employees use what they want, but to help them use it more securely.

But, then, how do you make the case internally with CISOs and other stakeholders and executives who may not buy into the idea of enabling SaaS? That’s where these business objectives above can really add some necessary and convincing context to the discussion. Instead of simply making the case for securely freeing the SaaS reins to just security leaders, chat with other department heads and your people/HR teams to get their input. Allowing SaaS to become a powerful tool in your company isn’t just a security decision anymore, but one that affects everyone in the company, and even your bottom line.

If you’re ready to check out how our user-centric approach to SaaS can help, get started for free to discover employee SaaS use in your organization and start getting visibility. Even if you’ve been blocking all unsanctioned SaaS, you might be surprised at what your employees are using and logging into on their browsers.

Subscribe to get updates from Push
The latest news, articles, and resources, sent to your inbox weekly