Are you good at managing your SaaS account when you leave the company? - 3 misconceptions

Introduction

If an employee leaves the company, it is considering to manage the SaaS account, such as taking back the software account they were using and realising the existing account to another employee or employee. You can prevent confidential information from being leaked by immediately revoking the access rights of employees who have left the company, and reduce costs without wasting licenses by deferred accounts for employees who have left the company. Rejected, SaaS accounts used by employees who have left the company can be reassigned to other employees to improve efficiency.

The above information refers to corporate IT managers, security personnel, and human resources personnel. They prevent security issues by immediately deferred accounts for employees who have left the company, manage licenses to optimize costs, assign deferred accounts to new employees, and more.

In this article, we include real-life examples where people working in IT management jobs must check to see if this is something that is concerned in our company as well. Let's take a look at 3 facts that can be misunderstood as being good at deletion/management of SaaS accounts when leaving the company.

‍

31% of all employees still access corporate SaaS

New York-based software company DoControl analyzed the SaaS environment of companies in various industries with more than 1,000 employees”The State of SaaS Data Security 2024 According to”, 31% of all companies said that an employee who left the company had access to assets stored in SaaS applications.

‍

Since the pandemic, cloud and SaaS usage rates have been widely reported, and employees can access multiple accounts and sensitive data at any time. If accounts and user rights aren't properly managed, this can lead to data breaches. In the case of retirees, in principle, it is correct to dispose of accounts and related information, but there are many cases where they are left for convenience due to various factors such as business continuity. In order to protect the business from security claims, SaaS account management must be carried out properly, such as restricted access rights and secured accounts.

‍

If an employee leaves the company after creating and making an account, it is important to ensure that permission is taken back, such as considering all accounts used by the employee. It's easy to think you're doing a good job in SaaS management if there is a set process for granting SaaS accounts, but if handled manually by an IT administrator, there may be accounts or licenses that cannot be deleted.

In fact, in the “SaaS Management Status Survey” estimates for considering 300 existing customers on Megazone Cloud, more than half of the responses were “We are managing it well according to the process set when granting an account,” but about 50% satisfied that “the status of SaaS usage cannot be grasped.” This shows that licenses, number of accounts, and costs per SaaS are not well managed after account allocation. In the end, it can be inferred that the problem is that they want account management to be a 'process' rather than a 'tool'.

‍

3 misconceptions about being good at managing SaaS according to established processes

When managing with a spreadsheet

Published by Zylo, an American SaaS Management Platform Company”2024 SaaS Management IndexAccording to”, 70% of companies use spreadsheets to manage SaaS. It's common for IT professionals to use spreadsheets to manage SaaS applications. This is because using spreadsheets can feel more useful in the short term than using IT management software, and they are familiar with it.

[alt text= Survey results on SaaS management tools used by companies]

‍

However, spreadsheets inherently have concerns. The moment a spreadsheet is created, it is an outdated version of the data, so real-time data cannot be considered and processed at a glance. As the amount of data collected, it was calculated to manage. Maintenance is labor-intensive and inefficient. Interventions, data silos are likely to occur, hindering collaboration, and effective discussions between relevant departments.

If your company first started managing SaaS, managing SaaS with spreadsheets might have been enough. Of course, it's better to track SaaS accounts and usage in spreadsheets rather than not managing SaaS at all. However, spreadsheets don't provide an overview of SaaS usage.

‍

When permissions are assigned and deleted on a daily basis for each SaaS

When an employee is hired, we hire the SaaS they are using according to the relevant department. Request permission for SaaS A, confirm the license, and then grant the permission. Authorization is also requested for SaaS B, and authorization is granted after the license is confirmed. SaaS C, D, E... Repeat the assignment of permissions for each SaaS required per employee.

What about the process of leaving the company? Permission, permission revocation must be proposed one by one for each SaaS. For each SaaS, access an administrator account to assign and delete permissions one by one. At this time, is it possible to confirm that all rights have been properly considered and that no data has been leaked? In the first place, recommendations are manually assigned and deleted for each SaaS, so there is a high risk that human errors will occur, and there is a limit to risk security policies one by one.

If the number of SaaS to be managed is small, IT personnel may be able to manage according to a set process, but as the number of SaaS practices, manual management methods are bound to be inefficient.

‍

When SaaS management is limited to account creation, assignments, and assignments

Problems also arise because the linked accounts are not deleted even if all SaaS accounts used by the retiree are deleted. An example is AWS IAM (Identity and Access Management). IAM is a web service that allows you to easily control access to AWS resources, and manage IAM when you create an AWS account. The AWS account of the employee who left the company is deleted, but IAM is sometimes not able to delete it. In this case, there are also cases where server costs 10 million won per day, such as when retirees connect through IAM to mine bitcoins.

Undeclared accounts and access keys that never expire can lead to major incidents such as cost bombs or information leaks. POPs (POPs) are role-based access (RBAC) that frees IT personnel from AWS IAM Management. Register required roles such as developers, engineers, designers, and operators, and assign roles to those responsible for each job. Administrators will no longer need to manage accounts issued to be issued, and will be able to access AWS with a single click in the POPs Launcher role.

What does the case where the employee's account was deleted but connected to the server via IAM suggest? SaaS management must ensure visibility of SaaS usage by managing the entire lifecycle of each employee's SaaS usage, not limited to simple account creation, assignment, and allocation.

‍

The need for a SaaS management platform

I feel the need for SaaS management within the organization, and I need to check whether the processes I've created are working well. Manually updating account status in a spreadsheet has clear coverage in difficult multi-faceted SaaS visibility. The more accounts are managed manually for each SaaS, the greater the burden, inefficiency, and security on IT tasks.

As the use of SaaS environments and IT environments become more complex, there is a growing need for a SaaS management platform (SMP) that can simplify processes, increase accuracy, and enhance security. It's time to optimize the SaaS resources you're using an SMP that's right for your organization.

‍

'POPs' help secure retirement process by automating account management

POPs (POPs) is a SaaS management platform based on single sign-on (SSO) and two-factor authentication. User provisioning adds the SaaS accounts required for hires and delays deletes those leaving the company. The SaaS used by the organization is managed in one place, and the assignment and retrieval of permissions is simplified, saving IT staff time and focusing on more important tasks. The overall SaaS cost and usage can be considered at a glance, making effective SaaS operation management possible.

If you have any questions about POPs, feel free to contact us. 👉 Contact PoPs