Phil Carson - Block 64

How to Take Control of Enterprise SaaS Sprawl

Phil Carson — Wed, 05 Jun 2024 14:38:46 +0000

SaaS tools have revolutionized how businesses and individuals access software applications, with their ease of use, scalability, flexibility, and cost-effectiveness. Simply put: They’re powerful productivity drivers. But the reality of having a distributed workforce with access to thousands of apps at their fingertips is also causing a staggering growth of “SaaS sprawl” and Shadow IT.

As SaaS proliferates across enterprises with the rise of hybrid work, it’s important to be aware of the risks and manage accordingly. Here we provide our best advice on modern SaaS management.

Are You Suffering from SaaS Sprawl?

“SaaS sprawl” refers to the uncontrolled and unchecked use of SaaS applications spreading through many organizations. The problem is growing.

According to Gartner, worldwide spending on SaaS tools is expected to reach $243 billion in 2023. This trend highlights the increasing reliance on SaaS applications across various industries. Large enterprises are reported to use around 254 different SaaS applications on average, while smaller businesses also have substantial usage. Moreover, it’s noted that more than half of SaaS licenses are not used regularly, leading to issues such as budget waste and security threats.

Other studies indicate organizations failing to manage their SaaS portfolios effectively are likely to overspend by at least 25% due to incorrect entitlements and overlapping tools. This unmanaged growth poses financial, security, and operational risks.

How SaaS Addresses Your Business Needs

SaaS has taken the headache out of some of the issues with conventional software. Traditionally, software was sold at an upfront cost with ongoing support fees. Usually, it was a perpetual license – where the owner had the right to use the software indefinitely.

SaaS providers use a subscription model, generally a monthly or annual fee. Prices are competitive with on-premises software. Many apps offer a freemium version, which gives free service with limited functionalities. Subscription plans can easily be scaled up or down to accommodate changing business needs.

These apps can be installed and deployed almost instantaneously, without the need for traditional partners or intermediaries, making them much easier to use. SaaS apps are delivered over the internet, eliminating the need for complex installations and updates. They are also generally updated more frequently than non-SaaS software, meaning users have access to the latest features and security improvements.

The Risks that Come with SaaS Sprawl

Despite the many advantages of using SaaS over traditional software, there are plenty of risks.

In addition to excessive amounts of SaaS tools being downloaded at the enterprise level, many business units are purchasing their own subscriptions or downloading freemium tools without IT’s oversight. These unregulated SaaS budgets can quickly grow out of control.

SaaS subscriptions and log-ins also expand the security risk surface. The more SaaS providers used, the more subdomains and APIs are generated to maintain integrations. Your business is as protected from threats as the weakest SaaS provider you are using.

SaaS providers are prone to data breaches, including with the use of single sign-on (SSO). SSO lets users log into multiple applications with one set of credentials, like a Microsoft account. Okta, a SSO provider, saw a series of security breaches last October after what they believe was one of their employees signing into their personal Google account on a company-owned device.

With more SaaS tools being used there is also a greater opportunity for users to work in silos. For example, using a variety of project management tools can create fragmentation and hinder productivity.

How to Take Control of Enterprise SaaS Use

It’s clear that SaaS sprawl is an issue that you should be aware of. Here’s what we recommend as the steps you should take to wrangle SaaS use in your organization.

1. Create a Single Source of Truth and Simplify Subscriptions

It all starts with knowing what you have and what you’re using. Create a centralized database to get a clear picture of SaaS products being used or subscribed to. If you can’t measure it, you can’t manage it.

Look for ways to cut waste and simplify apps to manage. Create an inventory of SaaS products and look for application redundancies and instances of low use. For example, you shouldn’t pay for Webex if you have Microsoft Teams. Recognize which teams or departments have the highest costs for SaaS products and investigate. While you should use a data and metric-driven strategy to cut SaaS spending, remember that reducing software shouldn’t negatively impact company growth or innovation.

2. Establish Policies and Communications

Now that you have a clear sense of your SaaS usage, it’s important to establish clear policies and communicate those to employees. Develop guidelines and policies on using SaaS products. Identify vendors of choice for specific job functions and build a roster of approved apps and a blacklist. Provide internal communications on app policies and why they exist. Let people know – you can’t defeat shadow IT without some sunlight. It’s important to also encourage users to have strong passwords and use two-factor authentication.

3. Monitor SaaS Subscriptions and Usage

Continue to monitor how SaaS products are being used monthly on a centralized database such as ours at Block 64. Track SSO logins, last login dates, and last run dates for on-prem software. Identify tenders that overlap and downsize or cancel unnecessary subscriptions. Continue to monitor for unauthorized apps and remediate any overlap.

How Block 64 Can Help

Block 64’s Discovery & Insights platform recently added an innovative feature to help fight SaaS sprawl. Our SaaS Management solution provides detailed visibility into user activities on SaaS apps integrating with popular SSO and OAuth providers. It automatically captures all activity on SaaS apps being logged into using enterprise SSOs, such as EntralD, Google, and Okta.

Authentication logs are aggregated, so organizations can identify which SaaS solutions are being used, by whom, and when. SaaS Management can be used to simplify the inventory, monitoring, and reporting of apps for you to take action sooner.

Want to learn more? Request a free trial and demo, or contact our sales team to learn more about how Block 64 can transform your SaaS management, today.

The post How to Take Control of Enterprise SaaS Sprawl first appeared on Block 64.

New Assessment: Copilot for Microsoft 365 Adoption

Phil Carson — Wed, 06 Mar 2024 22:10:42 +0000

Block 64 has released a powerful new assessment to help navigate the path to Copilot for Microsoft 365.

Businesses worldwide are keen to find out more about Microsoft’s most-hyped product on the market – Copilot for Microsoft 365. And now that Microsoft has made significant changes to its Copilot licensing (read more), the door is wide open for organizations of all sizes to explore this exciting new product suite.

But on an individual customer basis, there are plenty of questions that need answering before taking the leap forward. Do you have the right licensing position? How will you keep your data and users secure? Will people actually use it?!

For IT solutions providers, if you can answer these questions, you can win your customer’s trust and ensure Copilot adoption is a success.

Introducing the Block 64 Copilot for Microsoft 365 Readiness Assessment

That’s why we created Block 64’s Copilot for Microsoft 365 Readiness Assessment. It delivers the insights and guidance needed to navigate this transformative journey with confidence.

By combining our effortless IT inventory and usage metrics with insights and automated analysis, the Assessment provides clear answers across three core considerations: security, licensing and standardization.

With those insights, partners are able to elevate conversations with customers, and provide relevant, actionable advice and catered solutions to move the needle.

The 3 Pillars of Copilot for Microsoft 365 Readiness:

Our assessment analyzes Copilot readiness across three key pillars of security, licensing and optimization. Here’s why those are important to Copilot success.

Zero Trust Security Compliance: Microsoft 365 Copilot operates within a Zero Trust security model, emphasizing the need for rigorous security policies and standards. Our assessment delves deep into your IT environment to evaluate your alignment with this model, ensuring that your data, networks, and applications are fully secure and compliant. By identifying potential vulnerabilities and offering specific recommendations, we empower you to establish a fortified foundation essential for a successful Copilot implementation.
Clear Licensing Position and Cost Analysis: Understanding your current licensing position is critical to ensuring that your investment in Microsoft 365 Copilot aligns with your organizational goals. Our assessment provides a detailed analysis of your licensing status, identifying any gaps or opportunities for optimization. This analysis includes a breakdown of Copilot-compatible licenses, enabling you to make informed decisions that maximize your return on investment.
Maximizing Microsoft 365 Adoption: Full adoption of Microsoft 365 is crucial not just for creating a comprehensive dataset for Copilot to utilize but also for ensuring that you are investing in tools that your users actively use. Our assessment evaluates the extent of Microsoft 365 usage within your organization, identifying areas where adoption can be improved. For example, we analyze OneDrive and Teams usage to ensure that if you invest in Copilot licenses, they will be utilized to their fullest potential, thereby avoiding the pitfall of paying for unused services.

The Block 64 Assessment Process: Insights and Value Delivered

Our assessment process is designed to offer actionable insights an organization’s readiness for Copilot for Microsoft 365. Here’s a closer look at the steps and tools involved to make that happen:

Agentless Discovery Application: Our agentless discovery tool serves as the cornerstone of our assessment, providing a real-time inventory of your IT environment. This includes detailed insights into software installations, application-level vulnerabilities, and compliance with security standards.
Debrief Meeting and Recommendations: Following the discovery phase, our analysts conduct a debrief meeting to walk you through our findings. This session is instrumental in understanding the implications of our analysis and the steps needed to enhance your readiness for Copilot.
Customized Deliverables: The assessment culminates in a set of customized deliverables that include visualizations and recommendations tailored to your specific needs. For instance, we provide visualizations focusing on productivity applications’ security, highlighting any legacy installs that might compromise Copilot compatibility. We also offer guidance on active directory security, helping to identify and rectify potentially unsafe accounts in alignment with the Zero Trust framework.
Trial Offer and Engagement Process: To demonstrate our commitment to your success, we offer a free trial of our assessment when delivered with your strategic solutions provider, VAR or MSP. This trial includes a comprehensive engagement with our team, who will conduct the assessment and provide consulting services on your behalf, acting as an extension of your team.

By integrating these insights and leveraging Block 64’s expertise, organizations can navigate the complexities of adopting Microsoft 365 Copilot with confidence. Want to get started or learn more? Please visit our Copilot assessment page to explore.

The post New Assessment: Copilot for Microsoft 365 Adoption first appeared on Block 64.

Why good SAM is your first step to Zero Trust security

Phil Carson — Sun, 01 Oct 2023 18:29:08 +0000

Zero Trust has established itself as the gold standard for an organization to implement robust security. Often listed as a CISO’s number one priority, the “never trust, always verify” mantra places organizations well ahead of peers and bad actors.

But there’s a piece of the zero trust puzzle that often gets overlooked – an unspoken, “secret ingredient.” Without it, no ZT strategy has any real chance of success.

We are talking about modern software asset management (SAM) practices – and all the work that goes into making it happen.

The good news is that when done right, good SAM doesn’t just lead to stronger security. It unlocks numerous other benefits, such as cutting out wasted spending, and speeding the path to the cloud and beyond.

So, let’s take a closer look at zero trust, powered by solid SAM practices.

A Quick Recap: What is Zero Trust?

Zero Trust challenges the traditional perimeter-based security approach by assuming all users, devices, and applications are untrusted until proven otherwise. It operates on the principle of “never trust, always verify” and focuses on protecting critical assets through continuous monitoring and strict access controls. Key elements of Zero Trust include:

Identity and Access Management (IAM): IAM is at the core of ZT, ensuring that user identities are properly verified and authenticated before granting access to resources. It emphasizes the principle of least privilege, granting users only the necessary access privileges based on their roles and responsibilities.
Network Segmentation: Network segmentation divides the network into distinct zones, limiting lateral movement and minimizing the potential impact of a security breach. By separating critical assets into isolated segments, organizations can contain and mitigate security incidents effectively.
Microsegmentation: Microsegmentation takes network segmentation to a granular level, enabling organizations to establish fine-grained security controls at the application or workload level. It provides enhanced visibility and control over traffic flows within the network, reducing the attack surface and minimizing the risk of lateral movement.
Continuous Monitoring: Continuous monitoring involves real-time assessment and analysis of network activities, user behaviors, and system vulnerabilities. It enables swift detection and response to potential security threats, ensuring proactive mitigation measures are implemented.

The Intersection of SAM and Zero Trust:

With Zero Trust defined, let’s see how good Software Asset Management practices play a crucial role at every step.

Identity and Access Management: SAM provides organizations with a comprehensive view of software assets and their associated licenses. This information enables accurate user provisioning and access management, ensuring that only authorized individuals have access to the necessary software resources.
Network Segmentation and Microsegmentation: By maintaining an accurate inventory of software assets and their dependencies, SAM facilitates effective network segmentation and microsegmentation. It ensures that critical applications and workloads are identified, properly categorized, and isolated within their respective segments, reducing the attack surface and enhancing security.
Vulnerability Management: SAM supports continuous monitoring by providing insights into the software versions deployed across the organization. It enables proactive identification of outdated or unpatched software, allowing IT teams to prioritize vulnerability remediation efforts and reduce the risk of exploitation by malicious actors.
Compliance and Audit Readiness: SAM aids in compliance with licensing agreements and regulatory requirements, ensuring that software usage aligns with established policies. By maintaining a clear audit trail of software assets and licenses, organizations can demonstrate compliance during security audits, minimizing the risk of non-compliance penalties.

The power of SAM-supported Zero Trust:

Implementing effective Software Asset Management practices sets the stage for a robust Zero Trust security strategy. In fact, you can’t have one without the other. SAM provides the foundation your organization will need to properly implement ZT.

By implementing effective SAM practices, organizations can align their software assets with the principles of ZT, enhancing identity-centric security, micro-segmentation, continuous monitoring, least privilege access, and encryption.

The benefits don’t stop at security. With more insights, comes better decision making – and budgeting. A solid SAM foundation with also help identify and eliminate under-utilized or unnecessary software licenses.

Conclusion:

It’s time to stop talking about security without first talking about software asset management.

It’s time to stop talking about security without first talking about software asset management.

Not only is SAM essential to delivering on Zero Trust principles – without it, businesses are putting their operations at risk.

How can you direct a SAM-driven security strategy?

For IT solutions providers, and their customers, it starts with gaining a clear view of the entire infrastructure – and matching those insights with actionable advice and guidance. That’s where a company like Block 64 comes in.

We offer IT service providers and businesses the tools they need to modernize security, with our comprehensive discovery, reporting and analytics tools.

Want to learn more? Get in touch today to see how our solutions can help your business speed up decision making, modernize ITAM and strengthen security.

The post Why good SAM is your first step to Zero Trust security first appeared on Block 64.