How strong governance can reduce your SaaS spend

Identity governance has traditionally been considered a compliance-first toolset. For businesses looking to adopt an IGA solution, this has meant audit trails, thorough reporting, and access controls. But more recently, IGA’s security-driven role has grown. Savvy CISOs recognise how the right solution can help safeguard an organisation via least privilege access

Okta Identity Governance can give organisations the fine-grained lifecycle management capabilities and automations they need to achieve least privilege without hindering end-user productivity or IT efficiency. But OIG can add another dimension to governance’s value: clear cost savings through powerful SaaS license management.

Bolstered by the pandemic, the SaaS industry has exploded in the last three years. Gartner Research expects the market to reach nearly $200 billion in 2023, up from $105.6 billion in 2020. But how much of an organisation’s SaaS portfolio is actually being used? Gartner has estimated that 25% of SaaS spending is underutilised. And, as the fiscal year starts and license renewals come up, business and technology leaders want to account for any and all wasted resources.

To properly size SaaS licenses, understanding access patterns is crucial. Automated access tracking, informed user deprovisioning, and simplified access request capabilities are necessary to avoid time-consuming, manual processes that outweigh cost-savings. Thanks to Okta’s ability to tie real-time access data into governance actions and decisions, organisations get a clear understanding of their app adoption and how to take action.

With estimates of as much as $5 billion in savings, the impact of using Okta to automate inactive user discovery can be massive. 

Using automation to discover savings opportunities

Step one is understanding the breadth of adoption across a business’s tech stack. The Okta Workforce Identity Cloud captures every user’s access patterns. When coupled with Okta Workflows, you can run no-code automations to identify inactive users for each app. Workflows enable you to specify the duration of searching inactive users and, once discovered, how to group them, such as in a table or an Okta Group.

Revoking access using certifications 

Restricting inactive users may seem straightforward, but simply deprovisioning access to apps is only half the story. Depending on an organisation’s resources and structure, cutting access may actually undermine productivity and/or interrupt business. 

Access Certifications allows you to add a layer of context. Through an access review certification, the decision to revoke or maintain an inactive user’s access can be shifted to someone more informed in your organisation, like that user’s manager or an Okta Group owner. The added context that comes from an informed reviewer avoids unintended consequences and empowers stakeholders outside of IT to enforce least privilege and more efficient business processes. While a user or group of users may still require licensing to do their jobs, recurring, automated access certification campaigns can expose any over-permissioning of costlier licenses.

See Access Certifications in action:

 

Using automation to discover savings opportunities

Step one is understanding the breadth of adoption across a business’s tech stack. The Okta Workforce Identity Cloud captures every user’s access patterns. When coupled with Okta Workflows, you can run no-code automations to identify inactive users for each app. Workflows enable you to specify the duration of searching inactive users and, once discovered, how to group them, such as in a table or an Okta Group.

Revoking access using certifications 

Restricting inactive users may seem straightforward, but simply deprovisioning access to apps is only half the story. Depending on an organization’s resources and structure, cutting access may actually undermine productivity and/or interrupt business. 

Access Certifications allows you to add a layer of context. Through an access review certification, the decision to revoke or maintain an inactive user’s access can be shifted to someone more informed in your organization, like that user’s manager or an Okta Group owner. The added context that comes from an informed reviewer avoids unintended consequences and empowers stakeholders outside of IT to enforce least privilege and more efficient business processes. While a user or group of users may still require licensing to do their jobs, recurring, automated access certification campaigns can expose any over-permissioning of costlier licenses.

Establishing an easy access request process

Revoking unneeded access can help maintain least privilege and deliver hard cost savings, but it can’t come at the cost of productivity. As license management efforts ramp up, it’s critical to enable workforces to quickly request, justify, and receive ad hoc access to the apps and resources they need. 

Access Requests provides end users and reviewers with a simple, easy way to request and approve access to applications and resources within Okta. It also helps eliminate the productivity downtime that can come with least-privilege approaches.

See a step-by-step guide to implementing software rationalization in this video.

 

 

Ongoing efficiencies

Since the introduction of Okta Identity Governance, Okta customers have found that the right approach to Identity governance can make their businesses more secure — without sacrificing productivity. By taking advantage of OIG’s license management capabilities, you can benefit from better security and cost savings across your SaaS technology portfolio.

To learn more about how Okta Identity Governance can impact your SaaS spending, take a look at our solution brief, "Three ways to optimize software costs & enhance security."