Your Customers’ SaaS-Based Shadow IT: The Hidden Costs and Threats
August 26, 2020
With more clients working remotely than ever before, MSPs need to find new ways to combat a new set of challenges.
By Dale Walls, Founding Partner, Corsica Technologies
As the pandemic lingers, and remote work becomes the new norm for many of your customers’ employees, there’s a whole new set of challenges MSPs must overcome. One significant problem falls under the umbrella of shadow IT, which is when employees use computer hardware or software that’s not supported by their organization’s IT department (or their MSP).
SaaS-based shadow IT has become a particularly troublesome issue, and many MSPs aren’t adequately addressing it. Before we can discuss the solution, it’s critical to understand what’s driving SaaS adoption and why it’s a blind spot for so many solution providers.
Cloud Services Spending Is Reaching Record Heights
Companies worldwide spent a record $34.6 billion on cloud services in the second quarter of 2020, up roughly 11% from the previous quarter and 30% from the same period last year, according to research firm Canalys. Part of this uptick in cloud spending is related to COVID-19, but this trend started years ago with the transition to a subscription-based economy.
With cloud services, there’s a very different attitude toward IT than with on-prem hardware and software. Because cloud services are so easy to procure, and the cloud service provider (CSP) manages the “blinking lights,” there doesn’t seem to be a need to involve one’s MSP with such matters. This leads to three problems:
Productivity drops. For example, a customer may purchase a Microsoft 365 subscription, which includes several terabytes of OneDrive cloud storage along with a stand-alone Dropbox subscription. Plus, the customer could subscribe to the “Pro edition” tier of a cloud-based CRM system, which also includes several terabytes of storage. You can imagine how quickly problems arise when you have some of the customer’s employees storing data and files in OneDrive, some using Dropbox, and others using the CRM for cloud storage. When you add the problem of shadow IT to the mix, you now have more than a dozen cloud storage silos (e.g., Google Drive, Box, iCloud, Amazon Cloud Drive, etc.). Not only is the business owner unaware of these cloud services, but many MSPs are as well.
Another productivity drain related to SaaS subscriptions and shadow IT is the use of competing software apps to perform similar tasks. For instance, a customer may purchase a Microsoft 365 subscription that includes the Microsoft Teams collaboration app. The customer’s CRM subscription may also include a collaboration app that some employees prefer. Add in shadow IT and you can expect to see additional collaboration tools like Zoom, Skype, Google Hangouts, Slack, Trello, GoToMeeting and Webex.
IT spending increases. One of the strengths of buying cloud services — a low monthly cost — is also a weakness. Because it’s so easy to sign up and start a subscription, it’s easy to lose track of how these monthly charges can add up. Industry experts estimate that the average company spends 30% to 40% more on SaaS applications than it needs to, and many applications are never used at all. Frequently, more licenses are bought than are required, which results in orphaned SaaS apps. Market research firm Blissfully found that nearly 75% of companies with 100-plus employees have orphaned SaaS subscriptions with no billing owner — typically because that owner left the company.
Security is compromised. Here’s where the rubber meets the road. The previous two problems — productivity declines and IT spending increases — are primarily the customer’s issue, at least in the short term. When it comes to security compromises, however, it always falls on you, the “trusted IT advisor.” Even though your SLA explains the IT equipment and apps you’re responsible for protecting and managing, and Zoom doesn’t appear anywhere on the list, it might as well be. When the remote worker who installed Zoom on their company-issued laptop gets breached because they didn’t activate two-factor authentication, you’re going to get the call. And you’ll be expected to clean up the mess at no additional cost.
Rethinking SaaS-based Management
Solving the challenges associated with SaaS-based apps and shadow IT isn’t easy, but there are a few practical steps you can take to get a handle on things. The first thing is to communicate with your customer about the problem and explain how something that seems innocuous to them can be very harmful. In addition to learning about all the SaaS-based apps they may have already purchased or plan to purchase, you need to make them aware of the reality of shadow IT, which is a separate challenge that must be solved.
Once the customer understands how SaaS solutions impact their business, and how you can help improve productivity, reduce their IT costs, and make them more secure, you have just one more obstacle to overcome. What tool are you going to use to manage your customers’ cloud-based apps and keep shadow IT in check? Your RMM tool probably isn’t equipped for this task; it sees only the traffic over the Internet, not the app that’s generating the traffic.
You may need to invest in new tools that operate at the DNS level to give you deeper insights into where the data is coming from, and where it’s going. Once you find a useful tool, you’ll also need to integrate it with your RMM tool, so you can manage each customer from a single pane of glass instead of requiring multiple log-ins and screens to see everything. It won’t be easy to have these conversations, find these tools, and make it all work. But if it were easy, your customers wouldn’t need you; they’d do it all themselves. Where there are IT challenges, there’s a need for a good MSP.
Dale Walls is founding partner of Corsica Technologies, a mature managed IT service provider serving small, midsize, and large organizations across the United States. Walls founded Corsica Technologies in Maryland in 2002 and together with his team has expanded the company to multiple regional locations, including New York; Augusta, Ga.; and Fort Wayne, Ind. Today, Corsica manages over 30,000 systems for businesses across the U.S., providing IT and cybersecurity services.
SaaS-based shadow IT has become a particularly troublesome issue, and many MSPs aren’t adequately addressing it. Before we can discuss the solution, it’s critical to understand what’s driving SaaS adoption and why it’s a blind spot for so many solution providers.
Cloud Services Spending Is Reaching Record Heights
Companies worldwide spent a record $34.6 billion on cloud services in the second quarter of 2020, up roughly 11% from the previous quarter and 30% from the same period last year, according to research firm Canalys. Part of this uptick in cloud spending is related to COVID-19, but this trend started years ago with the transition to a subscription-based economy.
With cloud services, there’s a very different attitude toward IT than with on-prem hardware and software. Because cloud services are so easy to procure, and the cloud service provider (CSP) manages the “blinking lights,” there doesn’t seem to be a need to involve one’s MSP with such matters. This leads to three problems:
Productivity drops. For example, a customer may purchase a Microsoft 365 subscription, which includes several terabytes of OneDrive cloud storage along with a stand-alone Dropbox subscription. Plus, the customer could subscribe to the “Pro edition” tier of a cloud-based CRM system, which also includes several terabytes of storage. You can imagine how quickly problems arise when you have some of the customer’s employees storing data and files in OneDrive, some using Dropbox, and others using the CRM for cloud storage. When you add the problem of shadow IT to the mix, you now have more than a dozen cloud storage silos (e.g., Google Drive, Box, iCloud, Amazon Cloud Drive, etc.). Not only is the business owner unaware of these cloud services, but many MSPs are as well.
Another productivity drain related to SaaS subscriptions and shadow IT is the use of competing software apps to perform similar tasks. For instance, a customer may purchase a Microsoft 365 subscription that includes the Microsoft Teams collaboration app. The customer’s CRM subscription may also include a collaboration app that some employees prefer. Add in shadow IT and you can expect to see additional collaboration tools like Zoom, Skype, Google Hangouts, Slack, Trello, GoToMeeting and Webex.
IT spending increases. One of the strengths of buying cloud services — a low monthly cost — is also a weakness. Because it’s so easy to sign up and start a subscription, it’s easy to lose track of how these monthly charges can add up. Industry experts estimate that the average company spends 30% to 40% more on SaaS applications than it needs to, and many applications are never used at all. Frequently, more licenses are bought than are required, which results in orphaned SaaS apps. Market research firm Blissfully found that nearly 75% of companies with 100-plus employees have orphaned SaaS subscriptions with no billing owner — typically because that owner left the company.
Security is compromised. Here’s where the rubber meets the road. The previous two problems — productivity declines and IT spending increases — are primarily the customer’s issue, at least in the short term. When it comes to security compromises, however, it always falls on you, the “trusted IT advisor.” Even though your SLA explains the IT equipment and apps you’re responsible for protecting and managing, and Zoom doesn’t appear anywhere on the list, it might as well be. When the remote worker who installed Zoom on their company-issued laptop gets breached because they didn’t activate two-factor authentication, you’re going to get the call. And you’ll be expected to clean up the mess at no additional cost.
Rethinking SaaS-based Management
Solving the challenges associated with SaaS-based apps and shadow IT isn’t easy, but there are a few practical steps you can take to get a handle on things. The first thing is to communicate with your customer about the problem and explain how something that seems innocuous to them can be very harmful. In addition to learning about all the SaaS-based apps they may have already purchased or plan to purchase, you need to make them aware of the reality of shadow IT, which is a separate challenge that must be solved.
Once the customer understands how SaaS solutions impact their business, and how you can help improve productivity, reduce their IT costs, and make them more secure, you have just one more obstacle to overcome. What tool are you going to use to manage your customers’ cloud-based apps and keep shadow IT in check? Your RMM tool probably isn’t equipped for this task; it sees only the traffic over the Internet, not the app that’s generating the traffic.
You may need to invest in new tools that operate at the DNS level to give you deeper insights into where the data is coming from, and where it’s going. Once you find a useful tool, you’ll also need to integrate it with your RMM tool, so you can manage each customer from a single pane of glass instead of requiring multiple log-ins and screens to see everything. It won’t be easy to have these conversations, find these tools, and make it all work. But if it were easy, your customers wouldn’t need you; they’d do it all themselves. Where there are IT challenges, there’s a need for a good MSP.
Dale Walls is founding partner of Corsica Technologies, a mature managed IT service provider serving small, midsize, and large organizations across the United States. Walls founded Corsica Technologies in Maryland in 2002 and together with his team has expanded the company to multiple regional locations, including New York; Augusta, Ga.; and Fort Wayne, Ind. Today, Corsica manages over 30,000 systems for businesses across the U.S., providing IT and cybersecurity services.