Desperately Seeking SaaS Visibility: The Reality of Our SaaS Stack

Media Thumbnail
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, Desperately Seeking SaaS Visibility: The Reality of Our SaaS Stack. The summary for this episode is: <p>You can’t manage what you don’t know exists - yet the average organization underestimates the size of their SaaS portfolio by 2-3X. If you’re not sure how much SaaS exists in your estate, you’re not alone. Hear from a panel of professionals who, not too long ago, were in your shoes. Hear how they unlocked full visibility into their SaaS footprint and how they are leveraging that visibility to drive organization-wide impact.</p><p><br></p>
Introduction to Desperately Seeking SaaS Visibility
00:42 MIN
Jason Owens and his background at Zylo
00:55 MIN
Jason Carney and his role as Chief of Staff and Chief Risk/Security Officer
01:15 MIN
The catalyst to needing visibility into the SaaS stack
01:40 MIN
A mergers and acquisitions use case, and how it benefitted from Zylo
01:29 MIN
Duct tape and chicken wire, managing on-prem software through spreadsheets
02:16 MIN
Differences between on-prem and cloud: usage and utilization data and more
02:11 MIN
A clunky solution prior to Zylo
00:51 MIN
The role of security and risk in examining your SaaS stack
01:04 MIN
Cost savings realizations
00:59 MIN
A healthy tension between security, data protection, and cost
01:21 MIN
Innovative ways to monitor and prevent shadow IT costs
02:11 MIN
Visibility and change management without breaking the business
01:48 MIN
Opportunities to save money and starting with the highest spend first
00:58 MIN
Best practices to build platform standardization
03:22 MIN
Surface wins for leadership to pay attention to SaaS management
02:20 MIN
How the FIS team has used SaaS visibility to date
03:06 MIN
Next steps for managing your SaaS portfolio: POC
01:19 MIN
Show how a solution will pay for itself
01:14 MIN
Do you look at frameworks like NIST or ISO to help move the needle?
03:05 MIN
Advice on how to frame conversations about how SAM will help their team manage SaaS
01:03 MIN
Organizational change management
01:28 MIN
Rationalization addressing software redundancies
03:42 MIN
Where to start rationalizing redundant applications: the app owners
00:49 MIN

Danielle: Thanks so much, Meredith. Hi everyone. Super excited to be here today with Jason Carney and Jason Owens to talk about the importance of visibility into your SaaS stack. So you've heard a little bit about this already in a couple of the other sessions, but really truly understanding in a continuous way what you have in your SaaS stack is really the first and most critical piece to be able to put together a full strategy around your SaaS management program. Jason and Jason both have really awesome stories and I'm super excited for them to share them with you. They know firsthand some of the things that you can run into if you don't have that visibility. Everything from wasted spending, not understanding what your security risks are, license mismanagement. So super excited to be here with both of them today. Thank you both again for taking the time to chat with us. Before we dig in, I do want to make sure everyone does know. We'll have a few minutes at the end of the session to answer questions, so please make sure that you get those thrown in the chat as you have them and we'll make sure that we have a few minutes at the end. Awesome. So to kick things off, maybe I'll start with you, Jason Owens. Tell us. Just give us a little bit of background about you, your role and your organization.

Jason Owens: Sure. My name's Jason Owens. I'm sure everybody can read the placard there, but I lead our global IAITAM programs here at Salesforce. I'm a software asset manager by trade. I've grown our program from three individuals to the 11, 12 plus we have today in our SAM practice and about six months ago I was asked to lead all of our global IT asset management programs including corporate liable mobile, infrastructure, hardware asset management, provisioning, to go along with software provisioning and software asset management. So it's been quite a journey. Zylo's been here with me from, well close to the start in our software asset management program expansion and just really thrilled to be here on stage today.

Danielle: Awesome. Over to you, Jason Carney.

Jason Carney: Thanks Danielle. Yeah, Jason Carney. I am the chief of staff for our chief risk officer and chief security officer, sorry, that's a mouthful, here at FIS. I'm also accountable for our IT asset management function as well as assurance and testing and our risk awareness programs. I've been accountable for IT asset management, I want to say, since 2016. The team has really matured pretty significantly over that time. We were managing in spreadsheets really the entire software estate and hardware estate at that time. My team has really done a ton of work and we've brought in tools to help us mature, like I said. We got to a really good place from an on- prem perspective. We've been working hard on SaaS for... really, my team has been pushing me for years to try and get us in a position. We finally... and we'll touch on it, but we finally started working with Zylo towards the end of last year and we are in the early stages, but already successful stages, of rolling that out today.

Danielle: Great. Well I'll stay with you, Jason Carney. So maybe just talk a little bit about what was your catalyst to finally getting to the point where you said, " We really do need a regular visibility into our SaaS stack"? Was there any sort of crap moment that you had or what did that look like for you in the organization?

Jason Carney: I think our oh crap moment came later, but I would say mean maybe for me a little bit of dumb luck, but like I said, my team has been... the leaders under me have been really pushing for years to get us a tool that can have visibility into what we're doing from a SaaS perspective. We messed around with other tools. Really, the dumb luck point came when as a company we kicked off a major cost takeout initiative, $ 1. 25 billion, in cost reduction and bottoms up. What are your ideas to find save? We really took advantage of that to try and, well, to get funding to actually do something about it. Oh crap was once we actually did a POC and we saw how much we're actually spending on SaaS and how unmanaged it was, it really informed our business case and really got us cooking with gas.

Danielle: Yeah, I think you said something interesting when we were prepping for this session as well. I think you mentioned that you actually found out you were spending double than what you originally had thought that you were. Is that right?

Jason Carney: Yeah, yeah.

Danielle: Yeah. So pretty sig pretty significant jump there. So Jason Owens, your story is a little bit different. You started with us focused on M& A. Would love to hear a little bit more about that.

Jason Owens: Yeah, so I think for us, or me personally, it's been multiple, oh crap moments as we've gone along the journey.

Danielle: Are you the Jason?

Jason Owens: Sorry, can you hear me? Can everybody hear me?

Danielle: inaudible it's not just me and Jason Carney that can't hear?

Jason Owens: It looks like everybody in the chat can hear me, so that's good. I'll keep going and then maybe we can figure out where our audio issue lies. For myself personally, there's been multiple oh crap moments. It was initially with our M& A use case early on in our journey with Zylo where we had... historically Salesforce has been a very active company when it comes to M&A and companies of all sizes that would come in and would have anywhere from very little to none reporting and information around their SaaS portfolio to some companies that we acquired were also Zylo customers. And so we came in and we had that day one visibility into the SaaS stack at the acquired company. Probably the secondary oh crap moment is when we looked to go from the M&A use case to full suite with Zylo was that credit card spend as well as the significant numbers of shelf ware licenses that we had sitting unused, once we made the SSO connection with Zylo and got that true deep visibility into where we have usage and utilization. It's not just one. It's been multiple along the journey and I'm very fortunate that Zylo has not only been part of our software asset management journey here at Salesforce, but it's been candidly part of my personal success as a software asset manager and as an asset manager in my career to be partnered with Zylo from very early on. Can you hear me, Jason?

Jason Carney: I hear you, brother. inaudible-

Jason Owens: How about I tee you up for question three while we wait for Danielle to come back?

Jason Carney: Sure. Let's do it.

Jason Owens: So before using Zylo, how were you managing your SaaS portfolio, tracking SaaS apps and inaudible?

Jason Carney: It was duct tape and chicken wire, like I said, on the on- prem, right? It was a lot of spreadsheets. We had, not dedicated, but we had a few key folks on our team that were logging into the actual vendor portals directly and then using that reconciling with spreadsheets and other tools to get active users and that kind of thing. So it was very manual. We chose what we believed to be our top spend vendors and then did it all very manually, but we were three or four vendors tops that we were able to cover. How about you?

Jason Owens: Yeah. For us, we didn't have any tool at all when I took over our asset management program and we did an RFP and a project and we brought in an on- prem discovery tool because we had some really compliance and risk gaps that we needed to close around on- prem discovery. And then it was very clear that... I don't think in the marketplace today that many of the on- prem tool companies... they're really good at what they do. But they don't give you the SaaS management and SaaS visibility that you need to run with just one tool in the software asset management space. So it's been a great journey to be able to tell that story and go from nothing to on- prem discovery to ELPs to now being able to have a full picture across our entire software portfolio, including our SaaS stack.

Jason Carney: Yeah, I would just echo that. We tried for about a year with our on- prem provider with their SaaS solution and we really just never got it to work. We tried. We gave it the old college tribe but it just wasn't ready for us or didn't work for us and we decided, I want to say September of last year, we POC'd a couple products including Zylo and it was a big difference.

Danielle: Hey guys. Sorry about that. What did I miss? Do you want to just go back and repeat everything that you had to say already?

Jason Carney: I think we quickly got through all the questions inaudible.

Danielle: inaudible I'm having difficulty hearing Jason Owens, but got someone else in here now so should be okay. But I apologize for that.

Jason Owens: It's all good. We rolled with it.

Danielle: That's what you get with a live view. I hopefully am not making you repeat yourself. One of the things that we talked about a little bit too is that you both have experience with on- prem tools. Can you talk a little bit about what those didn't provide for you in terms of managing SaaS? I'll start with you Jason Owens.

Jason Owens: Yeah, so for us it was really the usage and utilization overlay on what our entitlements are. Right? Because we have order forms, we have entitlements, we know what that looks like, that kind of metadata around the contract. It's taking that information and marrying it up with what is actually being used so that we can either target renewals six months out to bring down the total cost of the renewal, whether it's we can find complimentary platforms or tools that maybe one has a ton of utilization and it's close, but we could pivot some of that use case into another tool that doesn't have a lot of utilization or that we can address targets for full deprecation out of the environment, which really in these days of pivoting from full foot on the pedal grow at all costs, which particularly in... I mean, I work in the SaaS industry so I kind of get to see it from both sides to now these days of really responsible growth and making sure that we are being good stewards and trying to herd the cats, so to speak, into standardized tools rather than... for so long Salesforce, a lot of the internal belief has been, hey, we're the world's largest startup that doesn't work at scale when you have to really deliver cost controls and cost containment and really risk mitigation because if you're looking at thousands of SaaS apps versus hundreds of SaaS apps, that's a massive threat surface that your security and information technology teams have to secure. Well, it's much more appropriate to reduce that threat surface, provide standardized tooling, and then keep the crown jewels safe.

Danielle: Yep. Awesome. And same question for you, Jason Carney.

Jason Carney: Yeah, I would say the overall solution was... this is the technical term. Clunky. We just had some difficulty from the start, whether it was configuration or just getting the integrations to work correctly. I think overall, it didn't do as well a job of bringing it all together for us as well. And between our integration with the financial system as well as how easy as it's been to integrate with the various vendors and then providing us not just who hasn't used it in 30 days, but opportunities to leverage lower cost licensing and that kind of thing. Really, across the board, it was a different experience.

Danielle: Great. And then kind of switching gears a little bit here, so I'll stick with you, Jason Carney. So you've already touched on a little bit that cost is really the primary driver to finally start looking at your SaaS portfolio overall. But also curious to understand how are you thinking about things like security and risk? Are those things that are up next on your list as you start to look at this or are you still highly focused on cost for now?

Jason Carney: Yeah, I mean certainly this answer is in conflict with my job title and the org we sit in. We care about security and risk obviously, and we do have other checks and balances in terms of where we spend money and what sites we access and what data we're uploading and that kind of thing. So it's not like we're leaving a door unattended or unlocked. But our focus has been to date purely financial just because of the major initiative I mentioned from a cost perspective and we'll focus on what data we've got available and what we could provide to our partners within the security team as a phase two or three.

Danielle: Got it. And then, obviously, don't need to provide specific numbers or anything, but would love to hear a little bit more on some of the realization that you've been able to drive from a cost savings perspective with the program so far.

Jason Carney: Yeah. I mean, certainly without providing numbers, I mean we took the data that Zylo provided to us. I may or may not have sandbagged the numbers a little bit in our business case and that got approved. Hopefully nobody from our performance office is attending today, but we put it in as a two- year program to achieve the total cash saves. We're already at over 80% of our target. So we're in discussions now to increase our target for saves already. And like I said, we really didn't start till November 1st, so we're six months in of a two- year program and over 80%.

Danielle: That's awesome. We're excited to continue to make sure that we make progress on that. Bring on the increased goal, there. Same question for you Jason Owens. What was the primary driver for you and the team to as you're looking at this? Today, as you're looking at the program, are you mostly focused on cost savings, is it security? Some combination.

Jason Owens: I think it's really important that there's always a healthy tension between security, data protection and pure cost. I think one of the things that we don't often talk about is that there is significant enterprise risk in the spend itself, right? It's not just the risk of the dollars. It's the risk that comes along with the dollars, but it's definitely a yes. And for me and my program, it is we need the cost takeout, we need the margin increases, and I'm kind of in the same boat as Jason. Zylo paid for itself very early on. And since then we've gone back and it's no surprise there's a lot of news about what we're going through right now at Salesforce. You just got ahead to Google and read up on it. And we're through multiple rounds and we continue to increase our takeout targets over the next three fiscal years. Zylo is not only part of where we've gotten to today, but they're going to be a significant part of how we realize those improvements going forward.

Danielle: Awesome. Kind of touching on the same thing a little bit, one of the things that we hear from our customers a lot is they're surprised to see and they need a way to monitor how much they're spending on shadow IT, corporate credit cards, P cards, is that a problem that you've been able to put a solution around having the visibility that you have today?

Jason Owens: I think put a solution around is probably not the best way to put it. We've been able to get the visibility, which it's not an insignificant amount. In fact, I would probably retire to Europe if I had that amount of money per year and you'd never hear from me again. But from a T& E and credit card spend on software, there's all that itinerant risk that comes with it with click, click through terms, lack of security around no SSO, individually controlled accounts. We've been able to find the information in the T& E, the expense data, onboard multiple applications behind SSO, so there's a risk reduction factor there. Then we're in the middle to late stages of blocking all software expense purchases and that's going to be a not insignificant multi figure annual improvement in spend. Now again, there'll be some offsets to that as people move into corporate platforms, but those are the places you have economies of scale and standardization enterprise agreements. And so they don't come with the 2, 3, 4, sometimes six X spend that people put for a single license of something when they swipe a card for it. And it's been a multi- year journey. It's not an easy thing to do because it is cultural and if you have a culture of everybody does what they want in order to facilitate their productivity and getting their job done, it's a difficult thing to do. I'm not going to exaggerate that and be like, " Hey, we went and did this and in six months we had it turned off," and the spigot was closed. It hasn't been that. It's been a multi- year journey, but it's been really important and we wouldn't be where we are now without Zylo.

Danielle: Yeah, I think you kind of touched on it. The change management piece of making, starting to actually put a program around that typically is the thing that we see across our customer base, whether large organization like Salesforce or even smaller organizations, is the biggest piece of being able to actually start changing some of that because it is typically very cultural when we do see spend against those corporate cards in shadow it. Same question for you Jason Carney. Is that something that you and the FIS team have started to look at yet?

Jason Carney: Yeah, I mean, in pieces. Right? We're a little further behind there. The visibility is key. We've been focused frankly on the biggest spend areas first to help gain that credibility. Also, the change management as you raise is a big piece we're still working on. That's the hardest part... is how do we insert all of these processes and controls without breaking the business? And we're inserting a lot of these across the company outside our team that we're a part of, but it's really helping us get eyes on this stuff. Also, it's really enabled us to provide value that we never have before. Right? So we've got stop gaps in place that we didn't put in, but we're now pulled into and all of a sudden we're armed with data in order to help allow the business to make a better decision, allow our various control towers to make a better ruling if you will. We haven't even really got to the corporate card software purchases, which by the way are against policy. So this will help us there tremendously. We just haven't gotten there yet.

Danielle: Got it. You touched on starting with the highest spend first. As you were getting up to speed, were there any specific software types that you saw more proliferation in the business than you were expecting or higher spend?

Jason Carney: Is it in inappropriate with present company to say Salesforce? No, just playing around. But it's everything, right? I mean, we have 41 project management tools. We have God knows how many training platforms that we use. Right? It's everywhere. I mean, I think the surprising part is just how many of everything we have. Although, I mean, we've seen it in the on- prem space, so it's actually not that surprising. But I mean, we're viewing it as an opportunity. right? These are all opportunities for us to save money and make things more efficient. It's just a lot of work to get there.

Danielle: Absolutely. So one thing that I wanted to touch on as well is as you are rolling out the program, how have you been able to share some of that visibility across the business? Has it enabled other teams to be able to put some of their own business process in place that maybe they weren't able to before? Jason Owens, I'll start with you on that one.

Jason Owens: Yeah, so there's been kind of like two tracks, right? There was an early track kind of 18 to 24 months ago where I had been pushing to expand our SAM program to a true enterprise SAM function responsible for all software and enterprise. And it was clear that I wasn't kind of getting the traction I needed at the time. We switched gears in the program and at the time, I call it deputized SAM, where we would go out and find business units that had the problem of SaaS software proliferation, show them the data directly from Zylo and say, " Hey, if you stand up a small team to manage these things, we can give you best practice. We can help you out. We can lead some multimillion direct cost savings within your org." We've done that with our sales ops team. It's been a huge win and they've consolidated sales operations tools in their space significantly. Again, program paid for itself. Didn't even ask them to kick in for Zylo because at that point it was just was like spare change in the couch. It was huge. Much more recently, we had a new CIO come in early last year. He's Juan Perez. Came from UPS. He's been in about man 15 months now. How time flies. But he has a very strong asset management focus. If you think about it, assets at UPS were things like 747s, semis, the workstations to run a 400, 500, 000 person workforce. So it's just another level of scale larger than what we are today. And he had that perspective like, hey, we need to secure this stuff, both from a spin perspective and a security perspective. That's been really helpful as we've gone on this software journey. And we're at the point now where we're having conversations of, all right, we need to move to an enterprise SAM function. How do we do that? What does that look like? And how do we do it in the next six to 12 months? So it's really exciting times to go from, well, it's asset management, nobody really cares, as long as you don't have a data breach or you're not losing a whole bunch of money. I hope you got that audit squared away to, hey, software asset management is a transformational component of how we're going to run our business going forward. And that's super exciting. I think my one big lesson or takeaway is if you're, today, in the early stages of a startup, you need to have somebody, preferably Zylo, but you need to have software asset management visibility when you're in the 50 to 200 employee range. You need to build those best practices and you need to build that muscle around platform standardization, title standardization, and don't get to the point where we got where were at 85, 000 people and had SaaS sprawl. Do it early and you'll save yourself so much pain down the road.

Danielle: Yeah, that's great advice. And I think, too, one of the things that you had mentioned previously as well that I thought was super impactful and would love to touch a little bit on this, is the importance of starting with small wins to be able to get the buy- in within the business. So can you talk a little bit about how you approach that and some of the things that you use as the catalyst to really get people to say, " Hey, this is something I need to pay attention to"?

Jason Owens: Yeah, that's a great call out because I know Jason started with a POC. Please start with a ROC. Right? You'll find the information and the data you need to go make your business case on how it will pay for itself, not just in terms of asset reclamation or re- harvest or not having to purchase additional licenses, but you'll get the visibility you need to save actual budget dollars year over year. It's the kind of thing that you need to have and if you can go and say, " Hey, we found this one title we don't need to renew, that's going to save us$80, 000 or $200,000 or$ 50, 000," and then make sure you keep a log of what those are and have the conversations with finance so that you can go quarterly with your leadership and say, " Here's what we saved this quarter. Here's the discreet savings, here's the cost avoidance, here's reclamation and harvesting." Have them bucket it out and just keep track of that. We, Salesforce is... we like to drink our own champagne. Air quotes. Right? And so we don't present directly out of Zylo to our senior leadership. We take the data through our data and analytics team. We present it in Tableau on custom IT asset management dashboards that are visible to our entire VLT. And it's having that visibility of the savings and the wins in whatever way works for you. Right? For us, it needs to be on a Salesforce product because that's in our blood, that's who we are. But for you, whatever that way is, find a way to surface those wins to your leadership so that you can continue to reinvest in this muscle. It will take your career, it will take your team, it will take your company to places that you don't expect. I know I didn't expect to be here even four or five years ago, and it's been a while journey, but it's been a fun one.

Danielle: Yeah, that's great. Jason Carney, so kind of jumping back a little bit, we touched a little bit on how Jason Owens and team are using some of that visibility across the larger organization. Is that something that you and the FIS team have been thinking about as well? And if so, how have you been able to use that visibility to date?

Jason Carney: Yeah, right now, this will probably echo what Jason said, but right now the data sharing is really limited to our performance office, again, tied to the project, which by the way is all the most senior leaders of the company. So they're seeing the results. And then at a more detailed level, it's our supply chain team. So this is who we're partnered with on a hourly basis on negotiating, Hey, we're only using 500 of 1, 000. Can we negotiate early? Et cetera. Then, we're also more recently using the data with enterprise architecture platform owners. So if it's the 10 different training platforms we have, we're talking to the training team that owns the ultimate decision of what's going to be the standard. If we have 41 different project management platforms, we're talking to the team that owns and manages our enterprise tool. So we're sharing that level of data. Where we're going, and this is really not specific to SaaS, is a holistic portfolio view, cost of ownership, et cetera, from an asset management perspective of this is what you have, this is you're spending money on. That would include SaaS. So we're going there. We're not there yet, but that's one of our key goals. Again, just to echo what Jason said, and I would say one of the areas that we've learned from our mistakes in the past is we're sharing the successes. We're tracking and sharing the successes, so the harvesting saves, the optimization, et cetera. We're tracking that on a weekly basis. We're sharing it out. It goes out on a monthly basis. On the on- prem side, we're having similar success and doing the same work, but we didn't do as good a job sharing that to this day. I mean, we bought our on- prem tool and six or seven years ago, and the COO, if he sees me, talks about how much that tool cost him, never about the save. And it's all because we did a, and I'll take accountability for that, never did a good job of this is how much we actually saved you every year. Instead, it's these are all the things that we found that we should have been buying that we didn't. We need to go buy these. So he views it as it cost him more money than it saved, which is, I mean, part of it is just likes to give me a hard time. But part of it is we didn't share successes consistently enough.

Danielle: Yeah, that's a great point. And you both have given a lot of good nuggets and advice already, but I'll stick with you Jason Carney. What advice would you give someone who is looking to wrap their arms around their SaaS portfolio today? What should their next steps be for that? Anything that maybe we haven't touched on to date that would be a good advice for them.

Jason Carney: I mean, we touched on it a couple times, but I can't recommend a POC enough. I mean, it is, there is nothing to lose it. I mean, it was really easy for me. I didn't have to do anything. My team did all the work. But as far as POCs go, it was very light touch. And within a month, not only did we have data that was shocking in terms of spend, and obviously people know, think they know what they're spending on, but the intelligence that we were able to get out of Zylo that showed us, hey, this is actually sass, or we think this might be SaaS, whereas we didn't have it that way, really shined a light on it. And it was not only did it shine the light and give us that oh crap moment, but it also essentially handed us a business case with a pretty significant ROI that, like I said, we've already met. So a POC all day. That's all I need to say.

Danielle: Same question for you, Jason Owens. Like I said, you've both given a lot of great advice here, but anything we didn't touch on that you would recommend for anyone who's starting down this journey?

Jason Owens: Yeah, echoing the POC, I know we've touched on that again. And not to continue to belabor the point, it's super important, but I think my biggest recommendation is like what are your pain points as a business when it relates to SaaS? And then find out where Zylo can help be the answer to those problems. And that's I think, the biggest case of where you can customize both your POC, your business justification, your business case, and then really hone in on what that cost saving target or risk reduction target looks like to you and your business so that you can put that in front of your senior leaders and say, " Hey, look. Here's the business problem. Here's the solution to it. It'll pay for itself and give us these additional benefits on down the line over a one three and five year time horizon." You know? And at that point it becomes a decision event where well do we want to make the investment in cost reduction and risk reduction or not? And it becomes pretty brass tax.

Danielle: Great. Well, we do have some questions that came in. I hope I didn't miss anything. Sorry again for the hiccup at the beginning with the sound. Just going to read through some of these questions here. First question here is, I'll start with you, Jason Owens, do you look at frameworks like NIST or ISO to help move the needle?

Jason Owens: Yes, absolutely. We have an annual NIST event. Can't talk much more about it than that, but Zylo has been a core component of helping us improve our NIST score. I think NIST is going to be one of the big buzzwords in the coming years, if it's not already. It definitely is in the cybersecurity information security realms. And if you're an asset manager and you're not up to speed on the NIST framework and how asset management can significantly improve the scoring across the board, get good. The second thing is from an ISO perspective. I was fortunate enough to be part of the panel that helped write some of the recent software asset management updates to the ISO standard. It's super hard to get to full ISO certification. If you want to do it, do it early as a small organization when it's much easier to move the needle. I've challenged Peach Katri who owns the same function in our global IAM team that I'd love to see US ISO certified in the next three to five years. And that's a super tall order with the breadth and scope and number of titles and departments and business units that we have at Salesforce. But I also think it's the right thing to do. Then there's one thing, that I was fortunate enough to be at at the IAITAM ACE conference last week, and I attended a presentation given by Liz Reich, and it just kind of popped into my head as I was thinking through this. I've always called it deputized SAM programs. She gave a name to it that was federated IAITAM, right? That you have a central it, a IAITAM or SAM function that sets the standard, sets the policy, and then you go out and have racy conversations with people and say, " How can you help me enforce these standards and how can I help you back with cost savings and security that meet your goals?" I think that federated IAITAM picture... we're never going to get back to the days where we have large 30, 40, 50 people SAM programs at enterprise IT. It's going to be do more with more process rigor, with more procedure rigor, with more tooling, with more automation. It's never going to be just throw headcount at the problem probably ever again. And so in order to do that, it's how do we get to the point where we have standards and engagement where our business owners, our business process groups, or our service delivery groups understand and see the value of improved software asset management to the point where they're enforcing the standards that we set up?

Danielle: Yep. Excuse me. Yeah, that's awesome. Super helpful. Still just scrolling through the chat here. This one I'll give to you, Jason Carney. So one of the questions that came in are someone who's struggling with people who are set that a traditional SAM tool will help them manage SaaS. So I know you talked about a little bit about your journey there. Any advice you'd give on how to frame some of those conversations if someone is running up against some of those challenges?

Jason Carney: Yeah, that's a good question. I mean, this is a generalization, but it's really a question of do you want one tool that does a lot of things okay or do you want multiple tools that can integrate but are best in class? Right? And maybe, depending on what you want to spend and what your priorities are, one tool that just does okay is the right answer. For us, it wasn't. We have, again, aggressive targets. So we couldn't. Just okay wasn't good enough. So we believed in our ability to integrate and wanted to go with best in class.

Danielle: Great. We touched on this a little bit earlier as well, but as you've embarked on this journey, obviously organization change management is likely a big part of it. Jason Carney, can you talk a little bit about what that has looked like at FIS

Jason Carney: Organization change management? Our org changes. It hasn't changed today, but it changes all the time. The good thing for us is our mission has remained. I mean, we were in the CIO. We've moved to the security. Now we're outside of security, but in risk. Our mission has remained the same time. Even our priorities might have slightly shifted, but at the end of the day, our goals are the same. What we are doing hasn't driven, I don't think, any major organizational change, we're kind of... victims isn't the right word, but participants in the process. But we're not driving the bus there. But again, no matter which org you sit in, the mission is the same. Right? We want to make sure we have insight into all of our assets. Where are they? How much do they cost? What's the risk associated with them and be driving out savings for the company.

Danielle: Yep. Jason Owens. One question that I thought might be good for you here. So one of the things we hear across the board from a lot of customers is they know they have a issue with redundant applications, but they're not sure where to start from a rationalization standpoint. Any advice that you would give on someone who does look and see that they might have 41 different project management apps?

Jason Owens: Yeah. It's 41 different project management apps. It's 17 different UI UX tool sets. You know? It's 37 different collaboration tools. Right? I didn't even know inaudible was a thing. Right? I'm glad I haven't seen that in our Zylo data anytime recently. My recommendation would be, depending on the size of your organization, do you have an architect or an enterprise architecture board? Do you have sourcing? Do you have procurement? Get in a room with those other business functions. Have the business intimacy to have a seat at the table with them. Ask them what their problems are. Look at, look at your renewals roadmap. Right? Do you have significant multi- year enterprise or other agreements in one of these tool spaces that you could either leverage and drive usage to a primary tool? Or do you have multiples that are multi- year that you probably say, " Hey, we don't want to attack that right yet and we want to go somewhere else where there's more savings in the short term." It's really critical to just kind of look at that by a per category basis, either the categories in the Zybrary or the categories that your enterprise architecture team uses, and look at what is the spend per category? What is the tool proliferation per category? And then build a roadmap and not just like, " Hey, we want to do this over the next three or six months." Because the reality is these days it's who moved my cheese. Right? Everybody has that one function that they consider makes their application a killer app, and it's going to be a change management exercise to get them standardized into either a primary or secondary tool. But it's the right thing to do for the business. Just because it's difficult doesn't mean you or we shouldn't do it. It's take the per category lens, look at what quarters the opportunities fall in, and then come back to your architecture team, your sourcing team, and then present up to either your executive leadership, your technology leadership, wherever the funding for those tools sits and say, " Here's our multi- year roadmap for rationalization." We think that this can reduce our threat surface. It can save us money. It can standardize the end user experience. It can reduce the number of platforms on which your employees are opening help desk or support tickets. There's this significantly long tail of potential savings that you don't normally think of because we tend to just capture the hard dollars on the first. Hey, we're paying for this tool. There's that entire knock on effect of how much does it cost to have a renewal event From a sourcing procurement and enterprise security perspective? How much does it take to do an annual audit? If it's an in scope SaaS platform? How much does it cost to support the tool from a care and feeding of publishing knowledge of responding to support cases of lost employee productivity time? And by the time you go and look at all of those things and bring it back in and say, " Here's our roadmap, here's our journey, here's where we're going to deliver savings," you never get to full rationalization. You never will. It's always a journey. But if you can continue to bend the arc in a positive manner for your organization, there's no telling how far candidly your career will go as a software asset management or procurement professional.

Danielle: Yeah, I think that's such a great point that you touched on around just because it's hard doesn't mean it's not the right thing to do for the business. We know these rationalization opportunities and getting a program in place on them is not always an easy thing. But that's such a great point. So we're about at time here. I did want to give Jason Carney that opportunity to answer that same question as well. Then we'll wrap up our inaugural debut of Danielle and the Jason's here.

Jason Carney: I don't even remember what the question was.

Danielle: Sorry. When looking at rationalizing redundant applications, where would you start?

Jason Carney: Oh. Where would we start mean? I mean, so what we've been doing is really focused on, I mentioned earlier, either enterprise architecture or the platform owner. So putting it in the hands of the team that owns training and really allowing the different tool advocates a chance to advocate for why they need it. And can the tool or the platform owner, can they provide that service? Can they justify? And then ultimately it's a financial decision or a business case. Is it worth to have another tool and spend this much money for this piece that you're not provided by this platform? Really, we've been taking it one platform at a time, but we're not really there yet, to be honest.

Danielle: Got it. Well, thank you both again so much. Like I said, I know it's not a small thing to take time out of your day for something like this, but incredibly insightful. I know everyone who's listening has learned a lot. Again, really appreciate your time. Thanks for bearing with us on some of those technical difficulties. Thanks again.

Jason Carney: Appreciate the opportunity. Thanks guys.

Danielle: Thanks everyone.


You can’t manage what you don’t know exists - yet the average organization underestimates the size of their SaaS portfolio by 2-3X. If you’re not sure how much SaaS exists in your estate, you’re not alone. Hear from a panel of professionals who, not too long ago, were in your shoes. Hear how they unlocked full visibility into their SaaS footprint and how they are leveraging that visibility to drive organization-wide impact.