If an employee leaves the company, it is necessary to manage the SaaS account, such as taking back the software account they were using and reallocating the existing account to another employee or employee. You can prevent confidential information from being leaked by immediately revoking the access rights of employees who have left the company, and reduce costs without wasting licenses by deactivating accounts for employees who have left the company. Additionally, SaaS accounts used by employees who have left the company can be reassigned to other employees to improve efficiency.

The above information applies to corporate IT managers, security personnel, and human resources personnel. They prevent security issues by immediately deactivating accounts for employees who have left the company, manage licenses to optimize costs, assign necessary accounts to new employees, and more.

In this article, we include real-life examples where people working in IT management jobs must check to see if this is something that is happening in our company as well. Let's take a look at 3 facts that can easily be misunderstood as being good at deletion/management of SaaS accounts when leaving the company.

‍

31% of all employees still access corporate SaaS

New York-based software company DoControl analyzed the SaaS environment of companies in various industries with more than 1,000 employees”The State of SaaS Data Security 2024According to”, 31% of all companies said that an employee who left the company had access to assets stored in SaaS applications.

Since the pandemic, cloud and SaaS usage rates have increased rapidly, and employees can access multiple accounts and sensitive data at any time. If accounts and user rights aren't properly managed, this can lead to data breaches. In the case of retirees, in principle, it is correct to dispose of accounts and related information, but there are many cases where they are left for convenience due to various factors such as business continuity. In order to protect the business from security threats, SaaS account management must be carried out properly, such as removing access rights and deleting accounts.

If an employee leaves the company after creating and assigning an account, it is important to ensure that permission is taken back, such as deleting all accounts used by the employee. It's easy to think you're doing a good job in SaaS management if there is a set process for granting SaaS accounts, but if handled manually by an IT administrator, there may be accounts or licenses that cannot be deleted.

In fact, in the “SaaS Management Status Survey” conducted for approximately 300 existing customers on Megazone Cloud, more than half of the responses were “We are managing it well according to the process set when granting an account,” but about 50% responded that “the status of SaaS usage cannot be easily grasped.” This shows that licenses, number of accounts, and costs per SaaS are not well managed after account allocation. In the end, it can be inferred that the problem is that they want account management to be a 'process' rather than a 'tool'.

‍

3 misconceptions about being good at managing SaaS according to established processes

When managing with a spreadsheet

Published by Zylo, an American SaaS management platform company”2024 SaaS Management IndexAccording to”, 70% of companies use spreadsheets to manage SaaS. It's common for IT professionals to use spreadsheets to manage SaaS applications. This is because using spreadsheets can feel more economical in the short term than using IT management software, and they are familiar with it.

[alt text= Survey results on SaaS management tools used by companies]

‍

However, spreadsheets inherently have limitations. The moment a spreadsheet is created, it becomes an outdated version of the data, so real-time data cannot be viewed and processed at a glance. As the amount of data grows, it becomes difficult to manage. Maintenance is labor-intensive and inefficient. Additionally, data silos are likely to occur, hindering collaboration and effective decision-making between relevant departments.

If your company first started adopting SaaS, managing SaaS with spreadsheets might have been enough. Of course, it's better to track SaaS accounts and usage in spreadsheets rather than not managing SaaS at all. However, spreadsheets don't provide an overview of SaaS usage.

When permissions are assigned and deleted on a daily basis for each SaaS

When an employee is hired, we investigate the SaaS they are using according to the relevant department. Request permission for SaaS A, confirm the license, and then grant the permission. Authorization is also requested for SaaS B, and authorization is granted after the license is confirmed. SaaS C, D, E... Repeat the assignment of permissions for each SaaS required per employee.

What about the process of leaving the company? Similarly, permission revocation must be repeated one by one for each SaaS. For each SaaS, access an administrator account to assign and delete permissions one by one. At this time, is it possible to confirm that all rights have been properly recovered and that no data has been leaked? In the first place, recommendations are manually assigned and deleted for each SaaS, so there is a high possibility that human errors will occur, and there is a limit to applying security policies one by one.

If the number of SaaS to be managed is small, IT personnel may be able to manage according to a set process, but as the number of SaaS increases, manual management methods are bound to be inefficient.

When SaaS management is limited to account creation, assignment, and deletion

Problems also occur because the linked accounts are not deleted even if all SaaS accounts used by the retiree are deleted. An example is AWS IAM (Identity and Access Management). IAM is a web service that allows you to securely control access to AWS resources, and creates IAM when you create an AWS account. The AWS account of the employee who left the company is deleted, but IAM is sometimes unable to delete it. In this case, there are also cases where server costs 10 million won per day, such as when retirees connect through IAM to mine bitcoins.

Unorganized accounts and Access Keys that never expire can lead to major incidents such as cost bombs or information leaks. POPs (POPs) are role-based access (RBAC) that frees IT personnel from AWS IAM management. Register required roles such as developers, engineers, designers, and operators, and assign roles to those responsible for each job. Administrators will no longer need to manage accounts issued to individuals, and practitioners will be able to access AWS with a single click in the POPs Launcher role.

<PoPs Launcher에서 RBAC 기반으로 AWS Console에 로그인하는 화면>

[alt text=Image explaining that POPS (POPS) can manage SaaS access with role-based access (RBAC)]

‍

What does the case where the employee's account was deleted but connected to the server via IAM suggest? SaaS management must ensure visibility of SaaS usage by managing the entire lifecycle of each employee's SaaS usage, not limited to simple account creation, assignment, and deletion.

‍

The need for a SaaS management platform

I feel the need for SaaS management within the organization, and I need to check whether the processes I've created are working well. Manually updating account status in a spreadsheet has clear limitations in gaining multi-faceted SaaS visibility. The more accounts are managed manually for each SaaS, the greater the burden, inefficiency, and security threats on IT tasks.

As the use of SaaS increases and IT environments become more complex, there is a growing need for a SaaS management platform (SMP) that can simplify processes, increase accuracy, and enhance security. It's time to optimize the SaaS resources you're using using an SMP that's right for your organization.

‍

'POPs' help secure retirement process by automating account management

POPs (POPs) is a SaaS management platform based on single sign-on (SSO) and two-factor authentication. User provisioning automatically adds the SaaS accounts required for hires and automatically deletes those leaving the company. The SaaS used by the organization is managed in one place, and the assignment and retrieval of permissions is simplified, saving IT staff time and allowing them to focus on more important tasks. The overall SaaS cost and usage can be viewed at a glance, making effective SaaS operation management possible.

If you have any questions about POPs, feel free to contact us. 👉 Contact POPs