As most companies shift to a greater adoption of cloud services, it may appear that SaaS license compliance is less of a concern. After all, how can you be out of compliance when the provider controls your access to the product?
Great question, but… Just because SaaS products are accessed through the cloud, don’t assume you are in the clear. In fact, the cloud may have tamped down some license compliance concerns, but it has also created new ones. There are just as many regulations around SaaS license compliance as traditional software, and the terms are very different. On top of that, SaaS companies can access a great deal of information about what your employees are using –– perhaps more than you know yourself!
There are several ways you can be out of SaaS license compliance with your cloud application contracts. Here are a few examples:
SaaS License Compliance Problem #1: Freemium Product Exploitation
SaaS Apps have prioritized user adoption and ease of use, often using free versions to lure us in. As users, we become reliant on these free products and the benefits they offer. They generally do not require any significant IT knowledge or resources to deploy. They may fly under the radar for security, provisioning and IT approvals. And since they are free, there’s very little reason to say “no.” But, if you have a paid license for a freemium product, you could very easily be out of compliance.
How does this happen? You buy a license for a certain number of paid seats for a cloud application. You tell your employees to use that paid license. But, some employees don’t read or process that message. And a few weeks later — much less months or years later! — they have all forgotten about it, and don’t even realize your company has a paid account. Or they may know about it, but do not have budget, so they get around that little restriction by using the free version.
How can you fix it? You can try setting up a rigid policy for app provisioning, and and repeatedly set reminders to manually audit devices… But an automated tool that does it all for you is a much better solution.
SaaS License Compliance Problem #2: Vendor Allows Over-Provisioning
SaaS vendors sometimes allow admins or even regular users to add more users than are allowed in your contract, meaning you “over-provision” their app. Why would they do this? Rather than tightly control the number of users, this sales tactic allows app usage to constantly creep (or jump) upward. Your employees can easily add themselves as users, not realizing, or not caring, that they will likely have to pay for it later. Not only does this kill your budget with an unexpected variance, but it also makes contract renewal negotiations even more challenging.
SaaS License Compliance Problem #3: Multiple Users Access One Account
Sharing an application installed on a client or server is often difficult, unless users share machines or share license codes (that aren’t monitored by the vendor). But it’s often easy on SaaS applications. If there is a service account such as marketing@, finance@, or similar, a group of users can sign up with that single account, which is accessible to many people, allowing all of them to access one paid subscription. This account misuse can be easily tracked and is often prohibited by SaaS license compliance terms. Once you are a big enough target, you will likely be called on this behavior.
SaaS License Compliance: What To Do (Manual and Automated)
Identify Who Is Using What SaaS Products
At Alpin, we find that, on average, companies are aware of just 10% of their cloud apps. The first step to controlling SaaS subscriptions is discovering Shadow IT. You can do this by scanning your financial systems, accessing SSO, Office 365, and/or G suite credentials, or by surveying fellow team members. Or use Alpin’s automated SaaS Management tool to help you discover all your Shadow IT in just two clicks.
Check Your Terms of Service
SaaS license compliance parameters are often found in the Terms of Service. It’s common for SaaS products to have “click through” license agreements that are completely disregarded, because users are accustomed to blindly checking the “accept” box. Perhaps it is time to look through your contracts to determine the changes you must make to ensure SaaS license compliance. Or use Alpin and watch it automatically reveal compliance problems, so you don’t have to pore over hundreds of pages of TOS legalese.
Recognize Modern-Day Bounty Hunters
If you are a big target, your workers or contractors could get paid commissions to report any misuse of SaaS software. Bounty hunters, and extremely advanced tracking and monitoring capabilities, are just a few of many more reasons to take control of your SaaS Subscriptions. By using an automated tool like Alpin to gain control over app usage, and secure your contracts, you’re in the clear, avoiding expensive audit penalties!
SaaS License Compliance Solution: Use an Automated Tool
You can spend dozens or more likely hundreds of hours manually scraping together all the required information about all your SaaS applications. Then you can spend even more time reading and analyzing that information. And even then, you’ll almost certainly miss a bunch of SaaS license compliance issues.
Want a better solution? Use an automated tool that continuously discovers your cloud applications, collects information about licenses and usage, and highlights problems so you can fix things quickly and efficiently. Make sure you achieve full SaaS license compliance and become a hero by never getting hit with audits and penalties.
Learn how Alpin can help you uncover your SaaS usage in just two clicks!