Marc Benioff, the founder of Salesforce.com, started the SaaS revolution in 1999. After achieving $96million in annual sales, Salesforce.com went public in 2004. It was listed on the Dow Jones Industrial Average 16 years later after generating $17.1 billion in fiscal 2020. SaaS is not a new concept. SaaS has been accepted as a fundamental IT building block in companies of all sizes, industries, and geographies.
SaaS sprawl is a natural result of the SaaS revolution. Oktas 2020's customer database showed that companies with more than 2,000 employees had an average inventory of 175 SaaS applications. Blissfully conducted a similar survey in 2019. It found that companies employing over 1,000 people used an average of 288 SaaS applications. Lastly, Productivs 2021 SaaS Management survey found that two-thirds employed at least 100 SaaS apps.
SaaS apps are now a prominent and ubiquitous part of any company's digital landscape.
These numbers do not reflect the extent of SaaS adoption. SaaS definitions can vary from one company and include personal productivity tools, business apps, data services, collaboration tools as well as security services.
Users who have the most exposure to IT resources need to be given the strongest authentication procedures for initial login. They also need to respond to continuous or step-up authentication requests during extended work sessions.
Each SaaS service has multiple user accounts. Not only are full-time employees allowed to use the SaaS service, but so is a variety of contractors, temporary workers, service providers, robots, or other devices. To control what users can do with specific IT assets, authorization policies are in place. The number of SaaS apps used within an enterprise is only a small part of the larger administrative mess created by multiple user identities, accounts, and asset-specific policies.
This article presents the results from a study that was done earlier in the year to show the many dimensions of SaaS sprawl. Authomize provided the data for this study. This security company uses AI technology to identify relationships between users, IT assets, and authorization policies within an enterprise. All data used in this study were anonymized and provided by Authomize.
Methodology
Over a dozen companies were first able to evaluate the implications of SaaS sprawl. To illustrate the impact of SaaS adoption, four companies were chosen. These companies ranged from 700 to 3,000 employees (which is later referred to as "PEs"), which include both part-time and full-time employees.
These companies are located in Europe and the U.S., and were established between five and 25 years ago. They have experienced the SaaS revolution in action. SaaS services are a key part of their day-to-day business operations, even though they might not be cloud native. These four industries are distinct: oil and gas; edtech; financial services; enterprise software. These four companies will be called the study firms throughout the rest of the article.
SaaS sprawl has many knock-on consequences
SaaS sprawl is often referred to as the number of cloud-based SaaS service being used by an enterprise. It is actually a larger phenomenon.
Service sprawl
The study companies had a range of 310 to 994 unique SaaS services that were accessed by the identity providers (IdP). This is significantly more than the SaaS counts reported by the studies cited. It likely includes cloud-based service that are not strictly business applications. This study was done using the most comprehensive definition of SaaS services possible, which excludes IaaS vendors.
From 1:1 for the smallest company (700 PE), to 1:3 for the largest company (3,000 PE), the ratio of unique SaaS services per employee varied from 1:1 to 3. These ratios did not correlate with the company's size. This study included 2,500 PE firms. The ratio of services to employees was 1:8.
